Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Maljava.trojan gevonden door Norton en laptop wordt erg warm

None
18 antwoorden
  • Hoi,

    De laptop van mijn zoon wordt erg warm en schakelt dan zelf uit, ook is deze de laatste weken erg langzaam geworden. Norton vond het Maljava.trojan bestand en heeft dit in quarantaine gezet.

    De laptop is helemaal uit elkaar gehaald om vuil en stof te verwijderen maar dit hielp niets.
    We hebben inmiddels een aantal programma's verwijderd en de HP hersteltool laten draaien. Ook heb ik nu de laatste java update erop gezet.

    Om helemaal zeker te zijn dat het nu opgeruimd is vraag ik jullie hulp. Wat kan ik nog meer doen om deze 1,5 jaar oude HP laptop te redden?

    Hieronder mijn eerste HijackThis logfile:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:29:04, on 21-1-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    R3 - URLSearchHook: (no name) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10581 bytes
  • Hallo Iggy,

    [b:6ec8dcb792]ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:6ec8dcb792]
    [list:6ec8dcb792][*:6ec8dcb792]Lees alle instrukties goed door.
    [*:6ec8dcb792]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:6ec8dcb792]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:6ec8dcb792]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:6ec8dcb792]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:6ec8dcb792]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:6ec8dcb792][/color:6ec8dcb792]

    [b:6ec8dcb792]Stap •1•[/b:6ec8dcb792][/color:6ec8dcb792]
    Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:6ec8dcb792]Fix checked[/b:6ec8dcb792] klikt!

    Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:6ec8dcb792]Do a Scan only,

    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    R3 - URLSearchHook: (no name) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - (no file)
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    [/b:6ec8dcb792]
    [list:6ec8dcb792][*:6ec8dcb792] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:6ec8dcb792] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:6ec8dcb792]Fix checked[/b:6ec8dcb792]
    [*:6ec8dcb792] Klik hierna HijackThis op uit.[/list:u:6ec8dcb792]
    [b:6ec8dcb792]Stap •2•[/b:6ec8dcb792][/color:6ec8dcb792]
    [b:6ec8dcb792]Welk programma[/b:6ec8dcb792]: Malwarebytes MBAM
    [b:6ec8dcb792]Waarvoor/waarom[/b:6ec8dcb792]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:6ec8dcb792]Moeilijkheidsgraad[/b:6ec8dcb792]: geen.

    [b:6ec8dcb792]Download Malwarebytes MBAM via één van deze locaties[/b:6ec8dcb792]:
    [list:6ec8dcb792][*:6ec8dcb792][b:6ec8dcb792]Softpedia.com[/b:6ec8dcb792][*:6ec8dcb792][b:6ec8dcb792]Majorgeeks.com[/b:6ec8dcb792][/list:u:6ec8dcb792]
    [b:6ec8dcb792]Allereerst[/b:6ec8dcb792]:[list:6ec8dcb792][*:6ec8dcb792] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:6ec8dcb792] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    [/list:u:6ec8dcb792]
    [b:6ec8dcb792]Malwarebytes MBAM opstarten[/b:6ec8dcb792]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:6ec8dcb792][*:6ec8dcb792][b:6ec8dcb792]Let op:[/b:6ec8dcb792]
    [list:6ec8dcb792][*:6ec8dcb792]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:6ec8dcb792]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    [*:6ec8dcb792]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:6ec8dcb792]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:6ec8dcb792][/list:u:6ec8dcb792]
    [img:6ec8dcb792]http://img30.imageshack.us/img30/3928/mbam2.png[/img:6ec8dcb792]

    [list:6ec8dcb792][*:6ec8dcb792][b:6ec8dcb792]Doe ook nog het volgende:[/b:6ec8dcb792]
    [list:6ec8dcb792][*:6ec8dcb792]Zodra het programma gestart is, ga dan naar het tabblad "[b:6ec8dcb792]Instellingen[/b:6ec8dcb792]".
    [*:6ec8dcb792]Vink hier aan: "[b:6ec8dcb792]Sluit Internet Explorer tijdens verwijdering van malware[/b:6ec8dcb792]".[/list:u:6ec8dcb792][/list:u:6ec8dcb792]

    [b:6ec8dcb792]Scannen[/b:6ec8dcb792]:
    [list:6ec8dcb792][*:6ec8dcb792] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:6ec8dcb792]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:6ec8dcb792]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:6ec8dcb792]
    [b:6ec8dcb792]Infecties gevonden[/b:6ec8dcb792]:
    [list:6ec8dcb792][*:6ec8dcb792]Klik nu eerst op OK om de melding weg te klikken
    [*:6ec8dcb792]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:6ec8dcb792]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:6ec8dcb792]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:6ec8dcb792]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:6ec8dcb792]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:6ec8dcb792]
    [b:6ec8dcb792]MBAM-Log[/b:6ec8dcb792]:
    [list:6ec8dcb792][*:6ec8dcb792] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:6ec8dcb792]
    [b:6ec8dcb792]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:6ec8dcb792]

    [b:6ec8dcb792]Stap •3•[/b:6ec8dcb792][/color:6ec8dcb792]
    [b:6ec8dcb792]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:6ec8dcb792]
    [list:6ec8dcb792][*:6ec8dcb792] een Hijackthis-log
    [*:6ec8dcb792] MBAM scanlog[/list:u:6ec8dcb792]
  • Hoi Abraham,
    Dank voor je snelle reactie.
    Ik heb alle stappen uitgevoerd. Hieronder de 2 log files.
    Malwarebytes heeft niets gevonden. Inmiddels wordt de laptop alweer aardig warm

    Ik ben benieuwd wat ik hierna moet doen en hoor graag weer van je.
    gr. Iggy


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:35:33, on 21-1-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10291 bytes


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Databaseversie: v2012.01.21.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Luc :: LUC-PC [administrator]

    21-1-2012 16:20:48
    mbam-log-2012-01-21 (16-20-48).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 188438
    Verstreken tijd: 8 minuut/minuten, 2 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Ziet er al goed uit, toch gaan we dieper kijken!

    [b:340ecfab3b]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:340ecfab3b]
    [list:340ecfab3b][*:340ecfab3b]Lees alle instrukties goed door.
    [*:340ecfab3b]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:340ecfab3b]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:340ecfab3b]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:340ecfab3b]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:340ecfab3b]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:340ecfab3b][/color:340ecfab3b]

    [b:340ecfab3b]Stap •1•[/b:340ecfab3b][/color:340ecfab3b]
    [b:340ecfab3b]Welk programma[/b:340ecfab3b]: [b:340ecfab3b]TDSSKStarter.exe[/b:340ecfab3b]
    [b:340ecfab3b]Waarvoor/waarom[/b:340ecfab3b]: Rootkitscanner
    [b:340ecfab3b]Moeilijkheidsgraad[/b:340ecfab3b]: geen
    Download [b:340ecfab3b]TDSSKStarter[/b:340ecfab3b] naar het bureaublad.

    [b:340ecfab3b]"[i:340ecfab3b]TDSSKStarter.exe[/i:340ecfab3b]" gebruiken[/b:340ecfab3b]:
    [list:340ecfab3b][*:340ecfab3b] [b:340ecfab3b]Sluit nu eerst alle nog openstaande programmavensters![/color:340ecfab3b][/b:340ecfab3b]
    [list:340ecfab3b][*:340ecfab3b][i:340ecfab3b][b:340ecfab3b]Windows 2000[/b:340ecfab3b][/i:340ecfab3b] en [i:340ecfab3b][b:340ecfab3b]Windows XP[/b:340ecfab3b][/i:340ecfab3b]: start het tool middels dubbelklik op "[i:340ecfab3b]TDSSKStarter.exe[/i:340ecfab3b]".
    [*:340ecfab3b][i:340ecfab3b][b:340ecfab3b]Windows Vista[/b:340ecfab3b][/i:340ecfab3b] en [i:340ecfab3b][b:340ecfab3b]Windows 7[/b:340ecfab3b][/i:340ecfab3b]: start het tool middels rechtsklik op "[i:340ecfab3b]TDSSKStarter.exe[/i:340ecfab3b]" en dan kiezen voor [i:340ecfab3b][b:340ecfab3b]Als Administrator uitvoeren[/b:340ecfab3b][/i:340ecfab3b].[/list:u:340ecfab3b]
    [*:340ecfab3b]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:340ecfab3b]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:340ecfab3b]


    [b:340ecfab3b]Stap •2•[/b:340ecfab3b][/color:340ecfab3b]
    [b:340ecfab3b]Welk programma[/b:340ecfab3b]: ComboFix
    [b:340ecfab3b]Waarvoor/waarom[/b:340ecfab3b]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:340ecfab3b]Moeilijkheidsgraad[/b:340ecfab3b]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:340ecfab3b]Downloadlokatie[/b:340ecfab3b]: Dit programma absoluut naar het bureaublad downloaden!
    [b:340ecfab3b]Download ComboFix via één van deze locaties[/b:340ecfab3b]:
    [list:340ecfab3b][*:340ecfab3b][b:340ecfab3b]Bleepingcomputer[/b:340ecfab3b]
    [*:340ecfab3b][b:340ecfab3b]ForoSpyware[/b:340ecfab3b]
    [*:340ecfab3b][b:340ecfab3b]Geekstogo[/b:340ecfab3b][/list:u:340ecfab3b]
    [b:340ecfab3b]Hier[/b:340ecfab3b] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:340ecfab3b]Hier[/b:340ecfab3b] en [b:340ecfab3b]hier[/b:340ecfab3b] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:340ecfab3b]Voor alle duidelijkheid nogmaals[/b:340ecfab3b]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:340ecfab3b]Opmerkingen[/b:340ecfab3b]:
    [list:340ecfab3b][*:340ecfab3b] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:340ecfab3b]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:340ecfab3b]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:340ecfab3b]
    [b:340ecfab3b]ComboFix is opgestart[/b:340ecfab3b]:
    [list:340ecfab3b][*:340ecfab3b]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:340ecfab3b]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
    [*:340ecfab3b]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:340ecfab3b]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:340ecfab3b]Post de inhoud van dit logbestand in je volgende bericht.
    [*:340ecfab3b]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:340ecfab3b]
    [b:340ecfab3b]Belangrijke opmerking[/b:340ecfab3b]:
    [list:340ecfab3b][*:340ecfab3b][b:340ecfab3b]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:340ecfab3b][/b:340ecfab3b]
    [*:340ecfab3b][b:340ecfab3b]Illegal operation attempted on a registery key that has been marked for deletion.[/color:340ecfab3b][/b:340ecfab3b]
    [*:340ecfab3b][b:340ecfab3b]Start dan de computer opnieuw op.[/color:340ecfab3b][/b:340ecfab3b][/list:u:340ecfab3b]

    [b:340ecfab3b]Stap •3•[/b:340ecfab3b][/color:340ecfab3b]
    [b:340ecfab3b]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:340ecfab3b]
    [list:340ecfab3b][*:340ecfab3b] TDSSKStarter-log
    [*:340ecfab3b] ComboFix.txt-log
    [/list:u:340ecfab3b]
  • Hoi Abraham,

    Ik heb stap 1 uitgevoerd en kreeg het volgend logbestand.
    Bij het downloaden van stap 2 verwijderde Norton het bestand wat we hadden gedownload naar het bureaublad. Ook Windows gaf aan dit bestand niet te willen uitvoeren.

    Op dit moment zijn we bij vrienden op visite en kunnen we ons niet genoeg hierop concentreren. We gaan morgen weer verder.

    Hoe moeten we dan stap 2 wel downloaden zonder dat Norton zegt dat dit een virus bevat?

    gr. Iggy


    17:03:22.0980 3828 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    17:03:22.0980 3828 ============================================================
    17:03:22.0980 3828 Current date / time: 2012/01/21 17:03:22.0980
    17:03:22.0980 3828 SystemInfo:
    17:03:22.0980 3828
    17:03:22.0980 3828 OS Version: 6.1.7601 ServicePack: 1.0
    17:03:22.0980 3828 Product type: Workstation
    17:03:22.0980 3828 ComputerName: LUC-PC
    17:03:22.0980 3828 UserName: Luc
    17:03:22.0980 3828 Windows directory: C:\Windows
    17:03:22.0980 3828 System windows directory: C:\Windows
    17:03:22.0980 3828 Running under WOW64
    17:03:22.0980 3828 Processor architecture: Intel x64
    17:03:22.0980 3828 Number of processors: 1
    17:03:22.0980 3828 Page size: 0x1000
    17:03:22.0980 3828 Boot type: Normal boot
    17:03:22.0980 3828 ============================================================
    17:03:26.0506 3828 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:03:26.0802 3828 Initialize success
    17:03:26.0880 4876 ============================================================
    17:03:26.0880 4876 Scan started
    17:03:26.0880 4876 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    17:03:26.0880 4876 ============================================================
    17:03:29.0797 4876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:03:29.0984 4876 1394ohci - ok
    17:03:30.0156 4876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:03:30.0172 4876 ACPI - ok
    17:03:30.0281 4876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:03:30.0437 4876 AcpiPmi - ok
    17:03:30.0608 4876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:03:30.0702 4876 adp94xx - ok
    17:03:30.0842 4876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:03:30.0905 4876 adpahci - ok
    17:03:30.0952 4876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:03:30.0998 4876 adpu320 - ok
    17:03:31.0108 4876 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    17:03:31.0232 4876 AFD - ok
    17:03:31.0544 4876 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    17:03:31.0700 4876 AgereSoftModem - ok
    17:03:31.0810 4876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:03:31.0872 4876 agp440 - ok
    17:03:32.0106 4876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:03:32.0184 4876 aliide - ok
    17:03:32.0293 4876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:03:32.0371 4876 amdide - ok
    17:03:32.0527 4876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:03:32.0683 4876 AmdK8 - ok
    17:03:32.0746 4876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:03:32.0839 4876 AmdPPM - ok
    17:03:33.0089 4876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:03:33.0136 4876 amdsata - ok
    17:03:33.0182 4876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:03:33.0214 4876 amdsbs - ok
    17:03:33.0307 4876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:03:33.0338 4876 amdxata - ok
    17:03:33.0448 4876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:03:34.0150 4876 AppID - ok
    17:03:34.0368 4876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:03:34.0430 4876 arc - ok
    17:03:34.0524 4876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:03:34.0555 4876 arcsas - ok
    17:03:34.0664 4876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:03:35.0008 4876 AsyncMac - ok
    17:03:35.0132 4876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:03:35.0164 4876 atapi - ok
    17:03:35.0460 4876 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
    17:03:46.0692 4876 athr - ok
    17:03:47.0051 4876 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
    17:03:47.0129 4876 AtiHdmiService - ok
    17:03:47.0924 4876 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:03:48.0455 4876 atikmdag - ok
    17:03:48.0736 4876 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    17:03:48.0767 4876 AtiPcie - ok
    17:03:49.0001 4876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:03:49.0266 4876 b06bdrv - ok
    17:03:49.0438 4876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:03:49.0562 4876 b57nd60a - ok
    17:03:49.0750 4876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:03:49.0859 4876 Beep - ok
    17:03:50.0124 4876 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
    17:03:50.0218 4876 BHDrvx64 - ok
    17:03:50.0342 4876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:03:50.0405 4876 blbdrive - ok
    17:03:50.0436 4876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:03:50.0514 4876 bowser - ok
    17:03:50.0623 4876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:03:50.0748 4876 BrFiltLo - ok
    17:03:50.0795 4876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:03:50.0857 4876 BrFiltUp - ok
    17:03:50.0935 4876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:03:51.0029 4876 Brserid - ok
    17:03:51.0107 4876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:03:51.0185 4876 BrSerWdm - ok
    17:03:51.0325 4876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:03:51.0450 4876 BrUsbMdm - ok
    17:03:51.0575 4876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:03:51.0653 4876 BrUsbSer - ok
    17:03:51.0778 4876 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
    17:03:52.0261 4876 BthAvrcp - ok
    17:03:52.0370 4876 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    17:03:52.0542 4876 BthEnum - ok
    17:03:52.0682 4876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:03:52.0745 4876 BTHMODEM - ok
    17:03:52.0823 4876 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:03:53.0010 4876 BthPan - ok
    17:03:53.0119 4876 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    17:03:53.0213 4876 BTHPORT - ok
    17:03:53.0369 4876 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    17:03:53.0447 4876 BTHUSB - ok
    17:03:53.0650 4876 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
    17:03:53.0712 4876 ccHP - ok
    17:03:53.0852 4876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:03:53.0993 4876 cdfs - ok
    17:03:54.0180 4876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    17:03:54.0227 4876 cdrom - ok
    17:03:54.0336 4876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:03:54.0414 4876 circlass - ok
    17:03:54.0586 4876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:03:54.0632 4876 CLFS - ok
    17:03:54.0788 4876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:03:54.0913 4876 CmBatt - ok
    17:03:54.0976 4876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:03:55.0022 4876 cmdide - ok
    17:03:55.0210 4876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:03:55.0272 4876 CNG - ok
    17:03:55.0444 4876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:03:55.0522 4876 Compbatt - ok
    17:03:55.0600 4876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:03:55.0724 4876 CompositeBus - ok
    17:03:55.0880 4876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:03:56.0036 4876 crcdisk - ok
    17:03:56.0208 4876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:03:56.0348 4876 DfsC - ok
    17:03:56.0411 4876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:03:56.0489 4876 discache - ok
    17:03:56.0660 4876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:03:56.0692 4876 Disk - ok
    17:03:56.0801 4876 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    17:03:56.0879 4876 Dot4 - ok
    17:03:57.0035 4876 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    17:03:57.0097 4876 Dot4Print - ok
    17:03:57.0175 4876 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:03:57.0238 4876 dot4usb - ok
    17:03:57.0362 4876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:03:57.0394 4876 drmkaud - ok
    17:03:57.0487 4876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:03:57.0534 4876 DXGKrnl - ok
    17:03:57.0924 4876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:03:58.0127 4876 ebdrv - ok
    17:03:58.0283 4876 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:03:58.0361 4876 eeCtrl - ok
    17:03:58.0486 4876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:03:58.0564 4876 elxstor - ok
    17:03:58.0704 4876 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:03:58.0782 4876 EraserUtilRebootDrv - ok
    17:03:58.0876 4876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:03:58.0969 4876 ErrDev - ok
    17:03:59.0032 4876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:03:59.0203 4876 exfat - ok
    17:03:59.0297 4876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:03:59.0390 4876 fastfat - ok
    17:03:59.0468 4876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:03:59.0546 4876 fdc - ok
    17:03:59.0687 4876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:03:59.0718 4876 FileInfo - ok
    17:03:59.0749 4876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:03:59.0905 4876 Filetrace - ok
    17:03:59.0952 4876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:04:00.0046 4876 flpydisk - ok
    17:04:00.0139 4876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:04:00.0155 4876 FltMgr - ok
    17:04:00.0202 4876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:04:00.0217 4876 FsDepends - ok
    17:04:00.0248 4876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:04:00.0295 4876 Fs_Rec - ok
    17:04:00.0373 4876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:04:00.0420 4876 fvevol - ok
    17:04:00.0482 4876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:04:00.0545 4876 gagp30kx - ok
    17:04:00.0654 4876 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    17:04:00.0716 4876 hamachi - ok
    17:04:00.0810 4876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:04:00.0966 4876 hcw85cir - ok
    17:04:01.0060 4876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:04:01.0122 4876 HdAudAddService - ok
    17:04:01.0231 4876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:04:01.0309 4876 HDAudBus - ok
    17:04:01.0340 4876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:04:01.0403 4876 HidBatt - ok
    17:04:01.0543 4876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:04:01.0652 4876 HidBth - ok
    17:04:01.0652 4876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:04:01.0762 4876 HidIr - ok
    17:04:01.0933 4876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    17:04:01.0980 4876 HidUsb - ok
    17:04:02.0027 4876 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    17:04:02.0120 4876 HpqKbFiltr - ok
    17:04:02.0230 4876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:04:02.0292 4876 HpSAMD - ok
    17:04:02.0432 4876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:04:02.0542 4876 HTTP - ok
    17:04:02.0729 4876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:04:02.0807 4876 hwpolicy - ok
    17:04:02.0994 4876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:04:03.0056 4876 i8042prt - ok
    17:04:03.0134 4876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:04:03.0166 4876 iaStorV - ok
    17:04:03.0415 4876 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120120.002\IDSvia64.sys
    17:04:03.0478 4876 IDSVia64 - ok
    17:04:03.0758 4876 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:04:04.0008 4876 igfx - ok
    17:04:04.0102 4876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:04:04.0164 4876 iirsp - ok
    17:04:04.0211 4876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:04:04.0242 4876 intelide - ok
    17:04:04.0289 4876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:04:04.0367 4876 intelppm - ok
    17:04:04.0632 4876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:04:04.0757 4876 IpFilterDriver - ok
    17:04:04.0882 4876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:04:05.0006 4876 IPMIDRV - ok
    17:04:05.0069 4876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:04:05.0318 4876 IPNAT - ok
    17:04:05.0428 4876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:04:05.0615 4876 IRENUM - ok
    17:04:05.0755 4876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:04:05.0818 4876 isapnp - ok
    17:04:05.0880 4876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:04:05.0927 4876 iScsiPrt - ok
    17:04:05.0974 4876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:04:06.0005 4876 kbdclass - ok
    17:04:06.0145 4876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:04:06.0254 4876 kbdhid - ok
    17:04:06.0301 4876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:04:06.0364 4876 KSecDD - ok
    17:04:06.0379 4876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:04:06.0410 4876 KSecPkg - ok
    17:04:06.0629 4876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:04:06.0878 4876 ksthunk - ok
    17:04:06.0956 4876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:04:07.0190 4876 lltdio - ok
    17:04:07.0237 4876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:04:07.0268 4876 LSI_FC - ok
    17:04:07.0315 4876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:04:07.0362 4876 LSI_SAS - ok
    17:04:07.0440 4876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:04:07.0518 4876 LSI_SAS2 - ok
    17:04:07.0596 4876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:04:07.0627 4876 LSI_SCSI - ok
    17:04:07.0721 4876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:04:12.0510 4876 luafv - ok
    17:04:12.0635 4876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:04:12.0682 4876 megasas - ok
    17:04:12.0775 4876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:04:12.0806 4876 MegaSR - ok
    17:04:12.0884 4876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:04:13.0321 4876 Modem - ok
    17:04:13.0540 4876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:04:13.0586 4876 monitor - ok
    17:04:13.0664 4876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    17:04:13.0711 4876 mouclass - ok
    17:04:13.0820 4876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:04:13.0867 4876 mouhid - ok
    17:04:13.0930 4876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:04:13.0992 4876 mountmgr - ok
    17:04:14.0070 4876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:04:14.0101 4876 mpio - ok
    17:04:14.0226 4876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:04:14.0382 4876 mpsdrv - ok
    17:04:14.0429 4876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:04:14.0694 4876 MRxDAV - ok
    17:04:14.0866 4876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:04:14.0944 4876 mrxsmb - ok
    17:04:15.0115 4876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:04:15.0178 4876 mrxsmb10 - ok
    17:04:15.0458 4876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:04:15.0505 4876 mrxsmb20 - ok
    17:04:15.0536 4876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:04:15.0599 4876 msahci - ok
    17:04:15.0880 4876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:04:15.0926 4876 msdsm - ok
    17:04:16.0036 4876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:04:16.0098 4876 Msfs - ok
    17:04:16.0348 4876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:04:16.0550 4876 mshidkmdf - ok
    17:04:16.0847 4876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:04:16.0909 4876 msisadrv - ok
    17:04:17.0034 4876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:04:17.0112 4876 MSKSSRV - ok
    17:04:17.0549 4876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:04:17.0705 4876 MSPCLOCK - ok
    17:04:18.0188 4876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:04:18.0344 4876 MSPQM - ok
    17:04:18.0563 4876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:04:18.0594 4876 MsRPC - ok
    17:04:18.0656 4876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:04:18.0688 4876 mssmbios - ok
    17:04:18.0937 4876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:04:19.0031 4876 MSTEE - ok
    17:04:19.0109 4876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:04:19.0156 4876 MTConfig - ok
    17:04:19.0374 4876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:04:19.0421 4876 Mup - ok
    17:04:19.0561 4876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    17:04:19.0655 4876 NativeWifiP - ok
    17:04:19.0842 4876 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120120.035\ENG64.SYS
    17:04:19.0936 4876 NAVENG - ok
    17:04:20.0154 4876 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120120.035\EX64.SYS
    17:04:20.0232 4876 NAVEX15 - ok
    17:04:20.0372 4876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    17:04:20.0419 4876 NDIS - ok
    17:04:20.0482 4876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    17:04:20.0560 4876 NdisCap - ok
    17:04:20.0669 4876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    17:04:20.0747 4876 NdisTapi - ok
    17:04:20.0809 4876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    17:04:20.0903 4876 Ndisuio - ok
    17:04:20.0965 4876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    17:04:21.0028 4876 NdisWan - ok
    17:04:21.0152 4876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:04:21.0277 4876 NDProxy - ok
    17:04:21.0340 4876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    17:04:21.0418 4876 NetBIOS - ok
    17:04:21.0511 4876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    17:04:21.0605 4876 NetBT - ok
    17:04:21.0839 4876 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS
    etw5v64.sys
    17:04:21.0995 4876 netw5v64 - ok
    17:04:22.0104 4876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    17:04:22.0135 4876 nfrd960 - ok
    17:04:22.0213 4876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:04:22.0276 4876 Npfs - ok
    17:04:22.0432 4876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    17:04:22.0541 4876 nsiproxy - ok
    17:04:22.0634 4876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:04:22.0697 4876 Ntfs - ok
    17:04:22.0853 4876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:04:22.0962 4876 Null - ok
    17:04:22.0993 4876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    17:04:23.0024 4876 nvraid - ok
    17:04:23.0056 4876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    17:04:23.0087 4876 nvstor - ok
    17:04:23.0243 4876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    17:04:23.0274 4876 nv_agp - ok
    17:04:23.0430 4876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:04:23.0555 4876 ohci1394 - ok
    17:04:24.0584 4876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:04:24.0647 4876 Parport - ok
    17:04:24.0818 4876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:04:24.0850 4876 partmgr - ok
    17:04:25.0130 4876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:04:25.0162 4876 pci - ok
    17:04:25.0427 4876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:04:25.0489 4876 pciide - ok
    17:04:25.0630 4876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:04:25.0692 4876 pcmcia - ok
    17:04:25.0739 4876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:04:25.0786 4876 pcw - ok
    17:04:25.0864 4876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:04:25.0973 4876 PEAUTH - ok
    17:04:26.0238 4876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:04:26.0332 4876 PptpMiniport - ok
    17:04:26.0410 4876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:04:26.0456 4876 Processor - ok
    17:04:26.0597 4876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:04:26.0659 4876 Psched - ok
    17:04:26.0753 4876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:04:26.0831 4876 ql2300 - ok
    17:04:26.0956 4876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:04:27.0002 4876 ql40xx - ok
    17:04:27.0034 4876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:04:27.0112 4876 QWAVEdrv - ok
    17:04:27.0190 4876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:04:27.0252 4876 RasAcd - ok
    17:04:27.0346 4876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:04:27.0408 4876 RasAgileVpn - ok
    17:04:27.0548 4876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:04:27.0658 4876 Rasl2tp - ok
    17:04:27.0720 4876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:04:27.0860 4876 RasPppoe - ok
    17:04:28.0063 4876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:04:28.0157 4876 RasSstp - ok
    17:04:28.0360 4876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:04:28.0422 4876 rdbss - ok
    17:04:28.0469 4876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:04:28.0547 4876 rdpbus - ok
    17:04:28.0703 4876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:04:28.0781 4876 RDPCDD - ok
    17:04:28.0796 4876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:04:28.0890 4876 RDPENCDD - ok
    17:04:28.0937 4876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:04:28.0999 4876 RDPREFMP - ok
    17:04:29.0093 4876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:04:29.0155 4876 RDPWD - ok
    17:04:29.0264 4876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:04:29.0296 4876 rdyboost - ok
    17:04:29.0467 4876 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    17:04:29.0561 4876 RFCOMM - ok
    17:04:29.0670 4876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:04:29.0764 4876 rspndr - ok
    17:04:29.0935 4876 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
    17:04:30.0091 4876 RSUSBSTOR - ok
    17:04:30.0169 4876 RTL2832UBDA (21158f0b38f1296f5d38505c43520ad4) C:\Windows\system32\drivers\RTL2832UBDA.sys
    17:04:30.0216 4876 RTL2832UBDA - ok
    17:04:30.0466 4876 RTL2832UUSB (f5d6c41fa141025b60784a273288e75f) C:\Windows\system32\Drivers\RTL2832UUSB.sys
    17:04:30.0544 4876 RTL2832UUSB - ok
    17:04:30.0793 4876 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:04:30.0918 4876 RTL8167 - ok
    17:04:31.0058 4876 RtsUIR - ok
    17:04:31.0105 4876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:04:31.0183 4876 sbp2port - ok
    17:04:31.0246 4876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:04:31.0339 4876 scfilter - ok
    17:04:31.0448 4876 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    17:04:31.0558 4876 sdbus - ok
    17:04:31.0698 4876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:04:31.0792 4876 secdrv - ok
    17:04:31.0838 4876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:04:31.0870 4876 Serenum - ok
    17:04:31.0963 4876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:04:32.0041 4876 Serial - ok
    17:04:32.0150 4876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:04:32.0228 4876 sermouse - ok
    17:04:32.0291 4876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:04:32.0353 4876 sffdisk - ok
    17:04:32.0384 4876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:04:32.0447 4876 sffp_mmc - ok
    17:04:32.0494 4876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:04:32.0556 4876 sffp_sd - ok
    17:04:32.0665 4876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:04:32.0728 4876 sfloppy - ok
    17:04:32.0774 4876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:04:32.0806 4876 SiSRaid2 - ok
    17:04:32.0852 4876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:04:32.0915 4876 SiSRaid4 - ok
    17:04:33.0008 4876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:04:33.0102 4876 Smb - ok
    17:04:33.0118 4876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:04:33.0133 4876 spldr - ok
    17:04:33.0227 4876 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
    17:04:33.0227 4876 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
    17:04:33.0227 4876 sptd ( LockedFile.Multi.Generic ) - warning
    17:04:33.0227 4876 sptd - detected LockedFile.Multi.Generic (1)
    17:04:33.0336 4876 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
    17:04:33.0383 4876 SRTSP - ok
    17:04:33.0476 4876 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
    17:04:33.0508 4876 SRTSPX - ok
    17:04:33.0586 4876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:04:33.0648 4876 srv - ok
    17:04:33.0757 4876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:04:33.0820 4876 srv2 - ok
    17:04:33.0898 4876 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:04:33.0991 4876 SrvHsfHDA - ok
    17:04:34.0038 4876 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:04:34.0132 4876 SrvHsfV92 - ok
    17:04:34.0210 4876 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:04:34.0257 4876 SrvHsfWinac - ok
    17:04:34.0366 4876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:04:34.0428 4876 srvnet - ok
    17:04:34.0522 4876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:04:34.0584 4876 stexstor - ok
    17:04:34.0693 4876 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    17:04:34.0803 4876 STHDA - ok
    17:04:34.0896 4876 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:04:34.0959 4876 StillCam - ok
    17:04:35.0005 4876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:04:35.0037 4876 swenum - ok
    17:04:35.0177 4876 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
    17:04:35.0224 4876 SymDS - ok
    17:04:35.0349 4876 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
    17:04:35.0380 4876 SymEFA - ok
    17:04:35.0427 4876 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:04:35.0473 4876 SymEvent - ok
    17:04:35.0661 4876 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
    17:04:35.0848 4876 SymIRON - ok
    17:04:36.0316 4876 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
    17:04:36.0363 4876 SYMTDIv - ok
    17:04:36.0487 4876 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
    17:04:36.0550 4876 SynasUSB - ok
    17:04:36.0643 4876 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
    17:04:36.0706 4876 SynTP - ok
    17:04:36.0846 4876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:04:36.0909 4876 Tcpip - ok
    17:04:37.0033 4876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:04:37.0096 4876 TCPIP6 - ok
    17:04:37.0127 4876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:04:37.0221 4876 tcpipreg - ok
    17:04:37.0314 4876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:04:37.0423 4876 TDPIPE - ok
    17:04:37.0470 4876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:04:37.0564 4876 TDTCP - ok
    17:04:37.0626 4876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:04:37.0704 4876 tdx - ok
    17:04:37.0798 4876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:04:37.0829 4876 TermDD - ok
    17:04:37.0891 4876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:04:37.0969 4876 tssecsrv - ok
    17:04:38.0063 4876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:04:38.0110 4876 TsUsbFlt - ok
    17:04:38.0219 4876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:04:38.0281 4876 tunnel - ok
    17:04:38.0359 4876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:04:38.0406 4876 uagp35 - ok
    17:04:38.0484 4876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:04:38.0593 4876 udfs - ok
    17:04:38.0687 4876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:04:38.0734 4876 uliagpkx - ok
    17:04:38.0796 4876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    17:04:38.0874 4876 umbus - ok
    17:04:38.0937 4876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:04:38.0983 4876 UmPass - ok
    17:04:39.0077 4876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:04:39.0155 4876 usbccgp - ok
    17:04:39.0155 4876 USBCCID - ok
    17:04:39.0264 4876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:04:39.0358 4876 usbcir - ok
    17:04:39.0389 4876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:04:39.0451 4876 usbehci - ok
    17:04:39.0561 4876 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
    17:04:39.0592 4876 usbfilter - ok
    17:04:39.0685 4876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:04:39.0748 4876 usbhub - ok
    17:04:39.0826 4876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    17:04:39.0888 4876 usbohci - ok
    17:04:39.0997 4876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:04:40.0060 4876 usbprint - ok
    17:04:40.0153 4876 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:04:40.0216 4876 usbscan - ok
    17:04:40.0247 4876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:04:40.0356 4876 USBSTOR - ok
    17:04:40.0434 4876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:04:40.0497 4876 usbuhci - ok
    17:04:40.0590 4876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    17:04:40.0653 4876 usbvideo - ok
    17:04:40.0731 4876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:04:40.0762 4876 vdrvroot - ok
    17:04:40.0809 4876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:04:40.0887 4876 vga - ok
    17:04:40.0980 4876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:04:41.0043 4876 VgaSave - ok
    17:04:41.0136 4876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:04:41.0167 4876 vhdmp - ok
    17:04:41.0214 4876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:04:41.0261 4876 viaide - ok
    17:04:41.0292 4876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:04:41.0339 4876 volmgr - ok
    17:04:41.0526 4876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:04:41.0573 4876 volmgrx - ok
    17:04:41.0651 4876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:04:41.0682 4876 volsnap - ok
    17:04:41.0729 4876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:04:41.0791 4876 vsmraid - ok
    17:04:41.0885 4876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:04:41.0947 4876 vwifibus - ok
    17:04:42.0010 4876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:04:42.0057 4876 vwififlt - ok
    17:04:42.0119 4876 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:04:42.0213 4876 vwifimp - ok
    17:04:42.0244 4876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:04:42.0306 4876 WacomPen - ok
    17:04:42.0447 4876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:04:42.0556 4876 WANARP - ok
    17:04:42.0571 4876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:04:42.0649 4876 Wanarpv6 - ok
    17:04:43.0367 4876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:04:43.0461 4876 Wd - ok
    17:04:43.0757 4876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:04:43.0804 4876 Wdf01000 - ok
    17:04:44.0038 4876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:04:44.0163 4876 WfpLwf - ok
    17:04:44.0397 4876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:04:44.0443 4876 WIMMount - ok
    17:04:44.0646 4876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:04:44.0709 4876 WinUsb - ok
    17:04:44.0880 4876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:04:45.0052 4876 WmiAcpi - ok
    17:04:45.0270 4876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:04:45.0379 4876 ws2ifsl - ok
    17:04:45.0426 4876 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:04:45.0489 4876 WSDPrintDevice - ok
    17:04:45.0879 4876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:04:45.0972 4876 WudfPf - ok
    17:04:46.0300 4876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:04:46.0425 4876 WUDFRd - ok
    17:04:46.0659 4876 X6va003 - ok
    17:04:46.0690 4876 X6va005 - ok
    17:04:46.0846 4876 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    17:04:46.0924 4876 yukonw7 - ok
    17:04:46.0971 4876 MBR (0x1B8) (125b507a6644b0ba762fd2f1cdba1ba3) \Device\Harddisk0\DR0
    17:04:47.0017 4876 \Device\Harddisk0\DR0 - ok
    17:04:47.0064 4876 Boot (0x1200) (1b72e9e2fcfea04daefd3c4108e6b1ec) \Device\Harddisk0\DR0\Partition0
    17:04:47.0080 4876 \Device\Harddisk0\DR0\Partition0 - ok
    17:04:47.0095 4876 Boot (0x1200) (ce8ee302bef076aab8b05085d1461ee6) \Device\Harddisk0\DR0\Partition1
    17:04:47.0127 4876 \Device\Harddisk0\DR0\Partition1 - ok
    17:04:47.0173 4876 Boot (0x1200) (7f3b91d40a9d5209214d2bf0e651b597) \Device\Harddisk0\DR0\Partition2
    17:04:47.0236 4876 \Device\Harddisk0\DR0\Partition2 - ok
    17:04:47.0267 4876 Boot (0x1200) (f54071a557189f42871363710de288ab) \Device\Harddisk0\DR0\Partition3
    17:04:47.0345 4876 \Device\Harddisk0\DR0\Partition3 - ok
    17:04:47.0345 4876 ============================================================
    17:04:47.0345 4876 Scan finished
    17:04:47.0345 4876 ============================================================
    17:04:48.0343 3936 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    RP170: 21-1-2012 15:57:42 - Removed Steinberg HALionOne Essential Set
    ==============================================
    EOF
    [/img]
  • Hallo Iggy, we zijn niet met een wedstrijd bezig hoor, alles in je eigen tempo doen is het beste.
    Dus veel plezier vanavond.

    Norton deactiveren: rechtsklikken op het Norton-icoon in de systray en kies "Disable Auto-Protect." met als instelling tot aan herstart van de PC.
  • Hoi Abraham,

    Daar ben ik weer. Het heeft wat moeite gekost om de laptop weer een beetje redelijk aan de gang te krijgen. Door bij energiebeheer de prestaties lager te zetten draait het weer een beetje. Ook doet soms de ventilator het wel en soms niet…. Nu gelukkig wel en hebben we een beetje snelheid.
    Hierbij de 2 logs van TDSS en Combofix

    Moet ik nu combofix van de laptop verwijderen of laten staan? Combofix heeft trouwens geen nieuwe opstart uitgevoerd. Zal ik zo ff zelf doen en alles weer aanzetten in Norton.

    gr. Iggy

    17:03:22.0980 3828 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    17:03:22.0980 3828 ============================================================
    17:03:22.0980 3828 Current date / time: 2012/01/21 17:03:22.0980
    17:03:22.0980 3828 SystemInfo:
    17:03:22.0980 3828
    17:03:22.0980 3828 OS Version: 6.1.7601 ServicePack: 1.0
    17:03:22.0980 3828 Product type: Workstation
    17:03:22.0980 3828 ComputerName: LUC-PC
    17:03:22.0980 3828 UserName: Luc
    17:03:22.0980 3828 Windows directory: C:\Windows
    17:03:22.0980 3828 System windows directory: C:\Windows
    17:03:22.0980 3828 Running under WOW64
    17:03:22.0980 3828 Processor architecture: Intel x64
    17:03:22.0980 3828 Number of processors: 1
    17:03:22.0980 3828 Page size: 0x1000
    17:03:22.0980 3828 Boot type: Normal boot
    17:03:22.0980 3828 ============================================================
    17:03:26.0506 3828 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:03:26.0802 3828 Initialize success
    17:03:26.0880 4876 ============================================================
    17:03:26.0880 4876 Scan started
    17:03:26.0880 4876 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    17:03:26.0880 4876 ============================================================
    17:03:29.0797 4876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:03:29.0984 4876 1394ohci - ok
    17:03:30.0156 4876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:03:30.0172 4876 ACPI - ok
    17:03:30.0281 4876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:03:30.0437 4876 AcpiPmi - ok
    17:03:30.0608 4876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:03:30.0702 4876 adp94xx - ok
    17:03:30.0842 4876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:03:30.0905 4876 adpahci - ok
    17:03:30.0952 4876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:03:30.0998 4876 adpu320 - ok
    17:03:31.0108 4876 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    17:03:31.0232 4876 AFD - ok
    17:03:31.0544 4876 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    17:03:31.0700 4876 AgereSoftModem - ok
    17:03:31.0810 4876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:03:31.0872 4876 agp440 - ok
    17:03:32.0106 4876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:03:32.0184 4876 aliide - ok
    17:03:32.0293 4876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:03:32.0371 4876 amdide - ok
    17:03:32.0527 4876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:03:32.0683 4876 AmdK8 - ok
    17:03:32.0746 4876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:03:32.0839 4876 AmdPPM - ok
    17:03:33.0089 4876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:03:33.0136 4876 amdsata - ok
    17:03:33.0182 4876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:03:33.0214 4876 amdsbs - ok
    17:03:33.0307 4876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:03:33.0338 4876 amdxata - ok
    17:03:33.0448 4876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:03:34.0150 4876 AppID - ok
    17:03:34.0368 4876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:03:34.0430 4876 arc - ok
    17:03:34.0524 4876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:03:34.0555 4876 arcsas - ok
    17:03:34.0664 4876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:03:35.0008 4876 AsyncMac - ok
    17:03:35.0132 4876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:03:35.0164 4876 atapi - ok
    17:03:35.0460 4876 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
    17:03:46.0692 4876 athr - ok
    17:03:47.0051 4876 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
    17:03:47.0129 4876 AtiHdmiService - ok
    17:03:47.0924 4876 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:03:48.0455 4876 atikmdag - ok
    17:03:48.0736 4876 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    17:03:48.0767 4876 AtiPcie - ok
    17:03:49.0001 4876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:03:49.0266 4876 b06bdrv - ok
    17:03:49.0438 4876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:03:49.0562 4876 b57nd60a - ok
    17:03:49.0750 4876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:03:49.0859 4876 Beep - ok
    17:03:50.0124 4876 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
    17:03:50.0218 4876 BHDrvx64 - ok
    17:03:50.0342 4876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:03:50.0405 4876 blbdrive - ok
    17:03:50.0436 4876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:03:50.0514 4876 bowser - ok
    17:03:50.0623 4876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:03:50.0748 4876 BrFiltLo - ok
    17:03:50.0795 4876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:03:50.0857 4876 BrFiltUp - ok
    17:03:50.0935 4876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:03:51.0029 4876 Brserid - ok
    17:03:51.0107 4876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:03:51.0185 4876 BrSerWdm - ok
    17:03:51.0325 4876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:03:51.0450 4876 BrUsbMdm - ok
    17:03:51.0575 4876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:03:51.0653 4876 BrUsbSer - ok
    17:03:51.0778 4876 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
    17:03:52.0261 4876 BthAvrcp - ok
    17:03:52.0370 4876 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    17:03:52.0542 4876 BthEnum - ok
    17:03:52.0682 4876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:03:52.0745 4876 BTHMODEM - ok
    17:03:52.0823 4876 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:03:53.0010 4876 BthPan - ok
    17:03:53.0119 4876 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    17:03:53.0213 4876 BTHPORT - ok
    17:03:53.0369 4876 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    17:03:53.0447 4876 BTHUSB - ok
    17:03:53.0650 4876 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
    17:03:53.0712 4876 ccHP - ok
    17:03:53.0852 4876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:03:53.0993 4876 cdfs - ok
    17:03:54.0180 4876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    17:03:54.0227 4876 cdrom - ok
    17:03:54.0336 4876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:03:54.0414 4876 circlass - ok
    17:03:54.0586 4876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:03:54.0632 4876 CLFS - ok
    17:03:54.0788 4876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:03:54.0913 4876 CmBatt - ok
    17:03:54.0976 4876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:03:55.0022 4876 cmdide - ok
    17:03:55.0210 4876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:03:55.0272 4876 CNG - ok
    17:03:55.0444 4876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:03:55.0522 4876 Compbatt - ok
    17:03:55.0600 4876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:03:55.0724 4876 CompositeBus - ok
    17:03:55.0880 4876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:03:56.0036 4876 crcdisk - ok
    17:03:56.0208 4876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:03:56.0348 4876 DfsC - ok
    17:03:56.0411 4876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:03:56.0489 4876 discache - ok
    17:03:56.0660 4876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:03:56.0692 4876 Disk - ok
    17:03:56.0801 4876 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    17:03:56.0879 4876 Dot4 - ok
    17:03:57.0035 4876 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    17:03:57.0097 4876 Dot4Print - ok
    17:03:57.0175 4876 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:03:57.0238 4876 dot4usb - ok
    17:03:57.0362 4876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:03:57.0394 4876 drmkaud - ok
    17:03:57.0487 4876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:03:57.0534 4876 DXGKrnl - ok
    17:03:57.0924 4876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:03:58.0127 4876 ebdrv - ok
    17:03:58.0283 4876 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:03:58.0361 4876 eeCtrl - ok
    17:03:58.0486 4876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:03:58.0564 4876 elxstor - ok
    17:03:58.0704 4876 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:03:58.0782 4876 EraserUtilRebootDrv - ok
    17:03:58.0876 4876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:03:58.0969 4876 ErrDev - ok
    17:03:59.0032 4876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:03:59.0203 4876 exfat - ok
    17:03:59.0297 4876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:03:59.0390 4876 fastfat - ok
    17:03:59.0468 4876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:03:59.0546 4876 fdc - ok
    17:03:59.0687 4876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:03:59.0718 4876 FileInfo - ok
    17:03:59.0749 4876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:03:59.0905 4876 Filetrace - ok
    17:03:59.0952 4876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:04:00.0046 4876 flpydisk - ok
    17:04:00.0139 4876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:04:00.0155 4876 FltMgr - ok
    17:04:00.0202 4876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:04:00.0217 4876 FsDepends - ok
    17:04:00.0248 4876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:04:00.0295 4876 Fs_Rec - ok
    17:04:00.0373 4876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:04:00.0420 4876 fvevol - ok
    17:04:00.0482 4876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:04:00.0545 4876 gagp30kx - ok
    17:04:00.0654 4876 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    17:04:00.0716 4876 hamachi - ok
    17:04:00.0810 4876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:04:00.0966 4876 hcw85cir - ok
    17:04:01.0060 4876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:04:01.0122 4876 HdAudAddService - ok
    17:04:01.0231 4876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:04:01.0309 4876 HDAudBus - ok
    17:04:01.0340 4876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:04:01.0403 4876 HidBatt - ok
    17:04:01.0543 4876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:04:01.0652 4876 HidBth - ok
    17:04:01.0652 4876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:04:01.0762 4876 HidIr - ok
    17:04:01.0933 4876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    17:04:01.0980 4876 HidUsb - ok
    17:04:02.0027 4876 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    17:04:02.0120 4876 HpqKbFiltr - ok
    17:04:02.0230 4876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:04:02.0292 4876 HpSAMD - ok
    17:04:02.0432 4876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:04:02.0542 4876 HTTP - ok
    17:04:02.0729 4876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:04:02.0807 4876 hwpolicy - ok
    17:04:02.0994 4876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:04:03.0056 4876 i8042prt - ok
    17:04:03.0134 4876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:04:03.0166 4876 iaStorV - ok
    17:04:03.0415 4876 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120120.002\IDSvia64.sys
    17:04:03.0478 4876 IDSVia64 - ok
    17:04:03.0758 4876 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:04:04.0008 4876 igfx - ok
    17:04:04.0102 4876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:04:04.0164 4876 iirsp - ok
    17:04:04.0211 4876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:04:04.0242 4876 intelide - ok
    17:04:04.0289 4876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:04:04.0367 4876 intelppm - ok
    17:04:04.0632 4876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:04:04.0757 4876 IpFilterDriver - ok
    17:04:04.0882 4876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:04:05.0006 4876 IPMIDRV - ok
    17:04:05.0069 4876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:04:05.0318 4876 IPNAT - ok
    17:04:05.0428 4876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:04:05.0615 4876 IRENUM - ok
    17:04:05.0755 4876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:04:05.0818 4876 isapnp - ok
    17:04:05.0880 4876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:04:05.0927 4876 iScsiPrt - ok
    17:04:05.0974 4876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:04:06.0005 4876 kbdclass - ok
    17:04:06.0145 4876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:04:06.0254 4876 kbdhid - ok
    17:04:06.0301 4876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:04:06.0364 4876 KSecDD - ok
    17:04:06.0379 4876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:04:06.0410 4876 KSecPkg - ok
    17:04:06.0629 4876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:04:06.0878 4876 ksthunk - ok
    17:04:06.0956 4876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:04:07.0190 4876 lltdio - ok
    17:04:07.0237 4876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:04:07.0268 4876 LSI_FC - ok
    17:04:07.0315 4876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:04:07.0362 4876 LSI_SAS - ok
    17:04:07.0440 4876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:04:07.0518 4876 LSI_SAS2 - ok
    17:04:07.0596 4876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:04:07.0627 4876 LSI_SCSI - ok
    17:04:07.0721 4876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:04:12.0510 4876 luafv - ok
    17:04:12.0635 4876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:04:12.0682 4876 megasas - ok
    17:04:12.0775 4876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:04:12.0806 4876 MegaSR - ok
    17:04:12.0884 4876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:04:13.0321 4876 Modem - ok
    17:04:13.0540 4876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:04:13.0586 4876 monitor - ok
    17:04:13.0664 4876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    17:04:13.0711 4876 mouclass - ok
    17:04:13.0820 4876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:04:13.0867 4876 mouhid - ok
    17:04:13.0930 4876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:04:13.0992 4876 mountmgr - ok
    17:04:14.0070 4876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:04:14.0101 4876 mpio - ok
    17:04:14.0226 4876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:04:14.0382 4876 mpsdrv - ok
    17:04:14.0429 4876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:04:14.0694 4876 MRxDAV - ok
    17:04:14.0866 4876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:04:14.0944 4876 mrxsmb - ok
    17:04:15.0115 4876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:04:15.0178 4876 mrxsmb10 - ok
    17:04:15.0458 4876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:04:15.0505 4876 mrxsmb20 - ok
    17:04:15.0536 4876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:04:15.0599 4876 msahci - ok
    17:04:15.0880 4876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:04:15.0926 4876 msdsm - ok
    17:04:16.0036 4876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:04:16.0098 4876 Msfs - ok
    17:04:16.0348 4876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:04:16.0550 4876 mshidkmdf - ok
    17:04:16.0847 4876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:04:16.0909 4876 msisadrv - ok
    17:04:17.0034 4876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:04:17.0112 4876 MSKSSRV - ok
    17:04:17.0549 4876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:04:17.0705 4876 MSPCLOCK - ok
    17:04:18.0188 4876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:04:18.0344 4876 MSPQM - ok
    17:04:18.0563 4876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:04:18.0594 4876 MsRPC - ok
    17:04:18.0656 4876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:04:18.0688 4876 mssmbios - ok
    17:04:18.0937 4876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:04:19.0031 4876 MSTEE - ok
    17:04:19.0109 4876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:04:19.0156 4876 MTConfig - ok
    17:04:19.0374 4876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:04:19.0421 4876 Mup - ok
    17:04:19.0561 4876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    17:04:19.0655 4876 NativeWifiP - ok
    17:04:19.0842 4876 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120120.035\ENG64.SYS
    17:04:19.0936 4876 NAVENG - ok
    17:04:20.0154 4876 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120120.035\EX64.SYS
    17:04:20.0232 4876 NAVEX15 - ok
    17:04:20.0372 4876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    17:04:20.0419 4876 NDIS - ok
    17:04:20.0482 4876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    17:04:20.0560 4876 NdisCap - ok
    17:04:20.0669 4876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    17:04:20.0747 4876 NdisTapi - ok
    17:04:20.0809 4876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    17:04:20.0903 4876 Ndisuio - ok
    17:04:20.0965 4876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    17:04:21.0028 4876 NdisWan - ok
    17:04:21.0152 4876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:04:21.0277 4876 NDProxy - ok
    17:04:21.0340 4876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    17:04:21.0418 4876 NetBIOS - ok
    17:04:21.0511 4876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    17:04:21.0605 4876 NetBT - ok
    17:04:21.0839 4876 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS
    etw5v64.sys
    17:04:21.0995 4876 netw5v64 - ok
    17:04:22.0104 4876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    17:04:22.0135 4876 nfrd960 - ok
    17:04:22.0213 4876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:04:22.0276 4876 Npfs - ok
    17:04:22.0432 4876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    17:04:22.0541 4876 nsiproxy - ok
    17:04:22.0634 4876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:04:22.0697 4876 Ntfs - ok
    17:04:22.0853 4876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:04:22.0962 4876 Null - ok
    17:04:22.0993 4876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    17:04:23.0024 4876 nvraid - ok
    17:04:23.0056 4876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    17:04:23.0087 4876 nvstor - ok
    17:04:23.0243 4876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    17:04:23.0274 4876 nv_agp - ok
    17:04:23.0430 4876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:04:23.0555 4876 ohci1394 - ok
    17:04:24.0584 4876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:04:24.0647 4876 Parport - ok
    17:04:24.0818 4876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:04:24.0850 4876 partmgr - ok
    17:04:25.0130 4876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:04:25.0162 4876 pci - ok
    17:04:25.0427 4876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:04:25.0489 4876 pciide - ok
    17:04:25.0630 4876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:04:25.0692 4876 pcmcia - ok
    17:04:25.0739 4876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:04:25.0786 4876 pcw - ok
    17:04:25.0864 4876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:04:25.0973 4876 PEAUTH - ok
    17:04:26.0238 4876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:04:26.0332 4876 PptpMiniport - ok
    17:04:26.0410 4876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:04:26.0456 4876 Processor - ok
    17:04:26.0597 4876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:04:26.0659 4876 Psched - ok
    17:04:26.0753 4876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:04:26.0831 4876 ql2300 - ok
    17:04:26.0956 4876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:04:27.0002 4876 ql40xx - ok
    17:04:27.0034 4876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:04:27.0112 4876 QWAVEdrv - ok
    17:04:27.0190 4876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:04:27.0252 4876 RasAcd - ok
    17:04:27.0346 4876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:04:27.0408 4876 RasAgileVpn - ok
    17:04:27.0548 4876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:04:27.0658 4876 Rasl2tp - ok
    17:04:27.0720 4876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:04:27.0860 4876 RasPppoe - ok
    17:04:28.0063 4876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:04:28.0157 4876 RasSstp - ok
    17:04:28.0360 4876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:04:28.0422 4876 rdbss - ok
    17:04:28.0469 4876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:04:28.0547 4876 rdpbus - ok
    17:04:28.0703 4876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:04:28.0781 4876 RDPCDD - ok
    17:04:28.0796 4876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:04:28.0890 4876 RDPENCDD - ok
    17:04:28.0937 4876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:04:28.0999 4876 RDPREFMP - ok
    17:04:29.0093 4876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:04:29.0155 4876 RDPWD - ok
    17:04:29.0264 4876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:04:29.0296 4876 rdyboost - ok
    17:04:29.0467 4876 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    17:04:29.0561 4876 RFCOMM - ok
    17:04:29.0670 4876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:04:29.0764 4876 rspndr - ok
    17:04:29.0935 4876 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
    17:04:30.0091 4876 RSUSBSTOR - ok
    17:04:30.0169 4876 RTL2832UBDA (21158f0b38f1296f5d38505c43520ad4) C:\Windows\system32\drivers\RTL2832UBDA.sys
    17:04:30.0216 4876 RTL2832UBDA - ok
    17:04:30.0466 4876 RTL2832UUSB (f5d6c41fa141025b60784a273288e75f) C:\Windows\system32\Drivers\RTL2832UUSB.sys
    17:04:30.0544 4876 RTL2832UUSB - ok
    17:04:30.0793 4876 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:04:30.0918 4876 RTL8167 - ok
    17:04:31.0058 4876 RtsUIR - ok
    17:04:31.0105 4876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:04:31.0183 4876 sbp2port - ok
    17:04:31.0246 4876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:04:31.0339 4876 scfilter - ok
    17:04:31.0448 4876 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    17:04:31.0558 4876 sdbus - ok
    17:04:31.0698 4876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:04:31.0792 4876 secdrv - ok
    17:04:31.0838 4876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:04:31.0870 4876 Serenum - ok
    17:04:31.0963 4876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:04:32.0041 4876 Serial - ok
    17:04:32.0150 4876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:04:32.0228 4876 sermouse - ok
    17:04:32.0291 4876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:04:32.0353 4876 sffdisk - ok
    17:04:32.0384 4876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:04:32.0447 4876 sffp_mmc - ok
    17:04:32.0494 4876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:04:32.0556 4876 sffp_sd - ok
    17:04:32.0665 4876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:04:32.0728 4876 sfloppy - ok
    17:04:32.0774 4876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:04:32.0806 4876 SiSRaid2 - ok
    17:04:32.0852 4876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:04:32.0915 4876 SiSRaid4 - ok
    17:04:33.0008 4876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:04:33.0102 4876 Smb - ok
    17:04:33.0118 4876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:04:33.0133 4876 spldr - ok
    17:04:33.0227 4876 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
    17:04:33.0227 4876 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
    17:04:33.0227 4876 sptd ( LockedFile.Multi.Generic ) - warning
    17:04:33.0227 4876 sptd - detected LockedFile.Multi.Generic (1)
    17:04:33.0336 4876 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
    17:04:33.0383 4876 SRTSP - ok
    17:04:33.0476 4876 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
    17:04:33.0508 4876 SRTSPX - ok
    17:04:33.0586 4876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:04:33.0648 4876 srv - ok
    17:04:33.0757 4876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:04:33.0820 4876 srv2 - ok
    17:04:33.0898 4876 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:04:33.0991 4876 SrvHsfHDA - ok
    17:04:34.0038 4876 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:04:34.0132 4876 SrvHsfV92 - ok
    17:04:34.0210 4876 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:04:34.0257 4876 SrvHsfWinac - ok
    17:04:34.0366 4876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:04:34.0428 4876 srvnet - ok
    17:04:34.0522 4876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:04:34.0584 4876 stexstor - ok
    17:04:34.0693 4876 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    17:04:34.0803 4876 STHDA - ok
    17:04:34.0896 4876 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:04:34.0959 4876 StillCam - ok
    17:04:35.0005 4876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:04:35.0037 4876 swenum - ok
    17:04:35.0177 4876 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
    17:04:35.0224 4876 SymDS - ok
    17:04:35.0349 4876 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
    17:04:35.0380 4876 SymEFA - ok
    17:04:35.0427 4876 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:04:35.0473 4876 SymEvent - ok
    17:04:35.0661 4876 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
    17:04:35.0848 4876 SymIRON - ok
    17:04:36.0316 4876 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
    17:04:36.0363 4876 SYMTDIv - ok
    17:04:36.0487 4876 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
    17:04:36.0550 4876 SynasUSB - ok
    17:04:36.0643 4876 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
    17:04:36.0706 4876 SynTP - ok
    17:04:36.0846 4876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:04:36.0909 4876 Tcpip - ok
    17:04:37.0033 4876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:04:37.0096 4876 TCPIP6 - ok
    17:04:37.0127 4876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:04:37.0221 4876 tcpipreg - ok
    17:04:37.0314 4876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:04:37.0423 4876 TDPIPE - ok
    17:04:37.0470 4876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:04:37.0564 4876 TDTCP - ok
    17:04:37.0626 4876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:04:37.0704 4876 tdx - ok
    17:04:37.0798 4876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:04:37.0829 4876 TermDD - ok
    17:04:37.0891 4876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:04:37.0969 4876 tssecsrv - ok
    17:04:38.0063 4876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:04:38.0110 4876 TsUsbFlt - ok
    17:04:38.0219 4876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:04:38.0281 4876 tunnel - ok
    17:04:38.0359 4876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:04:38.0406 4876 uagp35 - ok
    17:04:38.0484 4876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:04:38.0593 4876 udfs - ok
    17:04:38.0687 4876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:04:38.0734 4876 uliagpkx - ok
    17:04:38.0796 4876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    17:04:38.0874 4876 umbus - ok
    17:04:38.0937 4876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:04:38.0983 4876 UmPass - ok
    17:04:39.0077 4876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:04:39.0155 4876 usbccgp - ok
    17:04:39.0155 4876 USBCCID - ok
    17:04:39.0264 4876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:04:39.0358 4876 usbcir - ok
    17:04:39.0389 4876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:04:39.0451 4876 usbehci - ok
    17:04:39.0561 4876 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
    17:04:39.0592 4876 usbfilter - ok
    17:04:39.0685 4876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:04:39.0748 4876 usbhub - ok
    17:04:39.0826 4876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    17:04:39.0888 4876 usbohci - ok
    17:04:39.0997 4876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:04:40.0060 4876 usbprint - ok
    17:04:40.0153 4876 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:04:40.0216 4876 usbscan - ok
    17:04:40.0247 4876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:04:40.0356 4876 USBSTOR - ok
    17:04:40.0434 4876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:04:40.0497 4876 usbuhci - ok
    17:04:40.0590 4876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    17:04:40.0653 4876 usbvideo - ok
    17:04:40.0731 4876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:04:40.0762 4876 vdrvroot - ok
    17:04:40.0809 4876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:04:40.0887 4876 vga - ok
    17:04:40.0980 4876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:04:41.0043 4876 VgaSave - ok
    17:04:41.0136 4876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:04:41.0167 4876 vhdmp - ok
    17:04:41.0214 4876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:04:41.0261 4876 viaide - ok
    17:04:41.0292 4876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:04:41.0339 4876 volmgr - ok
    17:04:41.0526 4876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:04:41.0573 4876 volmgrx - ok
    17:04:41.0651 4876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:04:41.0682 4876 volsnap - ok
    17:04:41.0729 4876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:04:41.0791 4876 vsmraid - ok
    17:04:41.0885 4876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:04:41.0947 4876 vwifibus - ok
    17:04:42.0010 4876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:04:42.0057 4876 vwififlt - ok
    17:04:42.0119 4876 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:04:42.0213 4876 vwifimp - ok
    17:04:42.0244 4876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:04:42.0306 4876 WacomPen - ok
    17:04:42.0447 4876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:04:42.0556 4876 WANARP - ok
    17:04:42.0571 4876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:04:42.0649 4876 Wanarpv6 - ok
    17:04:43.0367 4876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:04:43.0461 4876 Wd - ok
    17:04:43.0757 4876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:04:43.0804 4876 Wdf01000 - ok
    17:04:44.0038 4876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:04:44.0163 4876 WfpLwf - ok
    17:04:44.0397 4876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:04:44.0443 4876 WIMMount - ok
    17:04:44.0646 4876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:04:44.0709 4876 WinUsb - ok
    17:04:44.0880 4876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:04:45.0052 4876 WmiAcpi - ok
    17:04:45.0270 4876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:04:45.0379 4876 ws2ifsl - ok
    17:04:45.0426 4876 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:04:45.0489 4876 WSDPrintDevice - ok
    17:04:45.0879 4876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:04:45.0972 4876 WudfPf - ok
    17:04:46.0300 4876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:04:46.0425 4876 WUDFRd - ok
    17:04:46.0659 4876 X6va003 - ok
    17:04:46.0690 4876 X6va005 - ok
    17:04:46.0846 4876 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    17:04:46.0924 4876 yukonw7 - ok
    17:04:46.0971 4876 MBR (0x1B8) (125b507a6644b0ba762fd2f1cdba1ba3) \Device\Harddisk0\DR0
    17:04:47.0017 4876 \Device\Harddisk0\DR0 - ok
    17:04:47.0064 4876 Boot (0x1200) (1b72e9e2fcfea04daefd3c4108e6b1ec) \Device\Harddisk0\DR0\Partition0
    17:04:47.0080 4876 \Device\Harddisk0\DR0\Partition0 - ok
    17:04:47.0095 4876 Boot (0x1200) (ce8ee302bef076aab8b05085d1461ee6) \Device\Harddisk0\DR0\Partition1
    17:04:47.0127 4876 \Device\Harddisk0\DR0\Partition1 - ok
    17:04:47.0173 4876 Boot (0x1200) (7f3b91d40a9d5209214d2bf0e651b597) \Device\Harddisk0\DR0\Partition2
    17:04:47.0236 4876 \Device\Harddisk0\DR0\Partition2 - ok
    17:04:47.0267 4876 Boot (0x1200) (f54071a557189f42871363710de288ab) \Device\Harddisk0\DR0\Partition3
    17:04:47.0345 4876 \Device\Harddisk0\DR0\Partition3 - ok
    17:04:47.0345 4876 ============================================================
    17:04:47.0345 4876 Scan finished
    17:04:47.0345 4876 ============================================================
    17:04:48.0343 3936 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    RP170: 21-1-2012 15:57:42 - Removed Steinberg HALionOne Essential Set





    ComboFix 12-01-23.02 - Luc 23-01-2012 16:28:32.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2812.1672 [GMT 1:00]
    Gestart vanuit: c:\users\Luc\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\CrashLog_20101204.txt
    c:\cflog\CrashLog_20101224.txt
    c:\cflog\CrashLog_20110209.txt
    c:\cflog\CrashLog_20110213.txt
    c:\cflog\CrashLog_20110528.txt
    c:\cflog\CrashLog_20110531.txt
    c:\cflog\CrashLog_20110902.txt
    c:\cflog\CrashLog_20110903.txt
    c:\cflog\CrashLog_20110904.txt
    c:\cflog\CrashLog_20110905.txt
    c:\cflog\CrashLog_20110910.txt
    c:\cflog\CrashLog_20110918.txt
    c:\cflog\CrashLog_20110921.txt
    c:\cflog\CrashLog_20111008.txt
    c:\cflog\CrashLog_20111010.txt
    c:\cflog\CrashLog_20111022.txt
    c:\cflog\CrashLog_20111029.txt
    c:\cflog\CrashLog_20111111.txt
    c:\cflog\CrashLog_20111119.txt
    c:\cflog\CrashLog_20111121.txt
    c:\cflog\CrashLog_20111130.txt
    c:\cflog\CrashLog_20111210.txt
    c:\windows\IsUn0413.exe
    c:\windows\SysWow64\system32
    c:\windows\SysWow64\system32\DRIVERS\RTL2832U_IRHID.sys
    c:\windows\SysWow64\system32\DRIVERS\RTL2832UBDA.sys
    c:\windows\SysWow64\system32\DRIVERS\RTL2832UUSB.sys
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-23 15:44 . 2012-01-23 15:44 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-01-21 16:03 . 2012-01-21 16:04 ——– d—–w- C:\TDSSStarter
    2012-01-21 15:13 . 2012-01-21 15:13 ——– d—–w- c:\users\Luc\AppData\Roaming\Malwarebytes
    2012-01-21 15:12 . 2012-01-21 15:12 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-21 15:12 . 2012-01-21 15:12 ——– d—–w- c:\programdata\Malwarebytes
    2012-01-21 15:12 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-21 12:06 . 2012-01-21 12:06 388096 —-a-r- c:\users\Luc\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-21 12:06 . 2012-01-21 12:06 ——– d—–w- c:\program files (x86)\Trend Micro
    2012-01-11 14:41 . 2011-10-26 05:25 1572864 —-a-w- c:\windows\system32\quartz.dll
    2012-01-11 14:41 . 2011-10-26 04:32 514560 —-a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-11 14:41 . 2011-10-26 04:32 1328128 —-a-w- c:\windows\SysWow64\quartz.dll
    2012-01-11 14:41 . 2011-10-26 05:25 366592 —-a-w- c:\windows\system32\qdvd.dll
    2012-01-11 14:41 . 2011-11-17 06:41 1731920 —-a-w- c:\windows\system32
    tdll.dll
    2012-01-11 14:41 . 2011-11-17 05:38 1292080 —-a-w- c:\windows\SysWow64
    tdll.dll
    2012-01-11 14:41 . 2011-11-19 14:58 77312 —-a-w- c:\windows\system32\packager.dll
    2012-01-11 14:41 . 2011-11-19 14:01 67072 —-a-w- c:\windows\SysWow64\packager.dll
    2012-01-06 07:25 . 2012-01-21 12:47 280736 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-01-06 07:25 . 2012-01-06 08:24 280736 —-a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-01-06 07:24 . 2012-01-21 12:47 280736 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-01-06 07:24 . 2012-01-06 07:24 75136 —-a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-01-05 15:20 . 2012-01-05 15:20 ——– d—–w- c:\windows\system32\Macromed
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-05 15:20 . 2011-05-16 13:27 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-24 04:52 . 2011-12-15 15:19 3145216 —-a-w- c:\windows\system32\win32k.sys
    2011-11-10 04:54 . 2010-04-28 18:25 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-11-05 05:32 . 2011-12-15 15:19 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:26 . 2011-12-15 15:19 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-16 13:31 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-16 13:31 1390080 —-a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-16 13:31 1493504 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-16 13:31 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-16 13:31 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-16 13:31 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-16 13:31 1127424 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-16 13:31 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21 . 2011-12-15 15:19 43520 —-a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
    R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va003;X6va003;c:\users\Luc\AppData\Local\Temp\003AA2A.tmp [x]
    R3 X6va005;X6va005;c:\users\Luc\AppData\Local\Temp\0055503.tmp [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
    R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
    R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120120.002\IDSvia64.sys [2011-08-22 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 10:45]
    .
    2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 10:45]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.hyves.nl/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{6D8D66F3-14FC-4736-A096-FAC0EA66289C} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\Luc\AppData\Local\Temp\003AA2A.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Luc\AppData\Local\Temp\0055503.tmp"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-2319316078-2554005352-4139559210-1001\Software\SecuROM\License information*]
    "datasecu"=hex:1c,87,28,ef,19,72,b9,a0,6f,57,31,ae,87,12,cb,dc,5f,3f,0d,7c,f9,
    0f,d2,d1,c7,c6,43,5c,e6,a6,b0,73,e1,f4,80,86,7e,56,8e,24,f4,f1,75,8c,f9,2c,\
    "rkeysecu"=hex:7b,92,63,5f,10,44,44,21,e1,cc,f7,60,5a,f9,e6,70
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-01-23 16:49:42
    ComboFix-quarantined-files.txt 2012-01-23 15:49
    .
    Pre-Run: 123.425.505.280 bytes beschikbaar
    Post-Run: 123.339.776.000 bytes beschikbaar
    .
    - - End Of File - - 5FD7AFA629F18315BA4C84EA62937AA5
  • Hoi Iggy, wat jij vertelt over de fan van dat notebook: ik vermoed dat deze vol met stof zit.

    Het beste is een bus perslucht te kopen en daarmee de ventilatie openingen mee uitblazen (ook vanaf de onderkant!).

    Verder kan je aan de achterzijde een kleine ophoging onder het notebook plaatsen, zodat er makkelijker lucht via de onderzijde aangezogen kan worden!


    En je mag het volgende doen: [b:214ef9cf89]Doe de ESET online scan (Klik).[/b:214ef9cf89]
    [list:214ef9cf89]
    [*:214ef9cf89]Klik op de knop [b:214ef9cf89]ESET Online Scanner[/b:214ef9cf89]
    [*:214ef9cf89]Zet een vinkje bij [b:214ef9cf89]YES, I accept the Terms of Use[/b:214ef9cf89]
    [*:214ef9cf89]Klik op [b:214ef9cf89]Start[/b:214ef9cf89]
    [*:214ef9cf89]Sta het ActiveX control toe om te installeren.
    [*:214ef9cf89]Zet een vinkje bij de volgende opties:
    [list:214ef9cf89][*:214ef9cf89][b:214ef9cf89]Remove found threats[/b:214ef9cf89]
    [*:214ef9cf89][b:214ef9cf89]Scan archives[/b:214ef9cf89][/list:u:214ef9cf89]
    [*:214ef9cf89]Klik vervolgens op [b:214ef9cf89]"Advanced Settings"[/color:214ef9cf89][/b:214ef9cf89]
    [list:214ef9cf89][*:214ef9cf89][b:214ef9cf89]Scan for potentially unwanted applications[/b:214ef9cf89]
    [*:214ef9cf89][b:214ef9cf89]Scan for potentially unsafe applications[/b:214ef9cf89]
    [*:214ef9cf89][b:214ef9cf89]Enable Anti-Stealth technology [/b:214ef9cf89][/list:u:214ef9cf89]
    [*:214ef9cf89]Klik op [b:214ef9cf89]Start[/b:214ef9cf89]
    [*:214ef9cf89]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:214ef9cf89]is de scan klaar, klik dan op [b:214ef9cf89]> List of found threats[/color:214ef9cf89][/b:214ef9cf89]
    [*:214ef9cf89]Klik vervolgens op [b:214ef9cf89]> Export to text file….[/b:214ef9cf89][/color:214ef9cf89]
    [*:214ef9cf89]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
    [*:214ef9cf89]Daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:214ef9cf89]Open vervolgens het log dat op je bureaublad staat.
    [*:214ef9cf89]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:214ef9cf89]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Hoi Abraham,

    Ik heb de scan gedaan en kreeg alleen maar de melding 'no threats found' dus geen 'list of found threats die ik naar een file kon exporteren.

    Goed teken toch?

    De laptop is al 2 keer volledig uit elkaar gehaald en doorgeblazen, er zat wel wat stof in maar op dit moment kan ik gewoon niet geloven dat er echt nog veel stof in zit. Het kan natuurlijk ook zijn dat de fan 'gewoon' kapot is maar deze zit onder platen weggewerkt en kunnen we niet zo maar even loshalen (durf ik niet, ben bang iets kapot te maken).

    Heb je nog meer stappen voor me om te doorlopen of zijn we klaar met diep schoonmaken?

    groet,

    Iggy
  • Hoi, indien je Taakbeheer opstart, hoeveel processen zijn dan aktief en wat is het CPU-gebruik?
  • Hoi,

    Nu zijn er nog maar 61 processen aktief. CPU is tussen 14 en 20%.

    Ik heb er geen verstand van maar dit lijkt mij al een hele verbetering.

    gr. Iggy
  • Hoi Iggy, het aantal processen is feitelijk akkoord.

    Maar dat CPU-gebruik vindt ik hoog.
    Weet jij nog welke applikaties op dat moment open stonden?

    Desnoosnoods start je Taakbeheer nogmaals op terwijl er verder geen nieuwe vensters zijn geopend en post dan nogmaals dezelfde gegevens.
  • Hoi Abraham,

    Ik heb nu de laptop opgestart, even een minuut of 10 laten staan en nu gekeken:

    Aantal processen 58. CPU tussen 2 en 7 procent maar iedere 20 seconden is er wel een uitschieter naar 25% of zelfs 40%. Hierna zakt het direct weer naar 2%.

    Ik heb dan geen enkel programma open staan, alleen Norton draait op de achtergrond.

    Moet een fan trouwens altijd draaien of alleen als het warm is? Op dit moment draait die niet en heb ik wel een normale reactie tijd van de laptop. Maar dat zal misschien over 10 minuten heel anders zijn :-)

    Ik hoor graag weer van je.
    groet,
    Iggy
  • Ik acht het mogelijk dat op zich Windows Update (Wau.exe) aktief is.

    Download (klik hier), installeer en start CPUID's [b:6a06e99c86]Hardwaremonitor[/b:6a06e99c86] om de temperatuur van de verschillende onderdelen te kunnen zien.

    [img:6a06e99c86]http://www.cpuid.com/medias/images/en/softwares-hwmonitor.jpg[/img:6a06e99c86]
  • Hoi Abraham,

    Ik gisteren CPUID monitor geinstalleerd en sindsdien houden we een beetje bij wat de temperaturen zoal zijn. Zodra we een beetje vermogen gaan vragen aan de laptop (bijvoorbeeld even Hyves aan, een muziekje erbij en de huiswerksite open) dan loopt de temp makkelijk op richting 95 graden in zo'n 10 minuten. Zoon raakt dan wel in paniek en zet de laptop uit. Als het zo heet wordt dan gaat het ook erg langzaam allemaal.

    Als ik opstart en vrijwel niets doe, alleen even hier naar het forum (met natuurlijk Norton op de achtergrond draaiend) dan loopt de temp op tot 79 graden in een minuut of 10 tijd.

    Ik weet niet hoe ik hier een plaatje bij kan plakken zodat je het kan zien.

    Ik heb wel het idee dat nu de fan helemaal niet meer draait. De laptop is nog nooit zo stil geweest…. we missen het zachte gebrom op de achtergrond…..

    gr. Iggy

    [/img]
  • Ik denk dat de fan stuk is, die temps duiden daarop.
    Heb j het notebook al te reparatie gedaan?
    Anders dit z.s.m. doen.
  • Hoi Abraham,

    Ik was even stil maar heb de laptop ter reparatie weggebracht en er is inderdaad een nieuwe ventilator ingezet. Tjee….. wat is dat duur zeg!
    De fan kost 50 Euro en reparatiekosten zijn 45, dus in totaal was het 95 Euro. Duur grapje voor een hp laptop van maar 350 Euro (was een aanbieding, normaal 450 Euro).

    Ik ben wel erg blij met al jouw hulp hier op dit forum want door alle opruimwerkzaamheden samen met de nieuwe fan loopt de laptop weer als een zonnetje!

    Ik heb veel van je geleerd. Hartelijk dan voor je hulp.

    Gr. Iggy
  • Hallo Iggy, mij is al lang ter ore gekomen, dat de budget notebooks van HP nu niet bepaald van de beste kwaliteit zijn.
    Ik weet niet hoe oud dat notebook inmiddels al is, maar de Nederlandse wet is bepaald duidelijk als het om consumentenrechten gaat.
    Voor PC's en notebooks geldt, dat de standaard garantietermijn voor de wet feitelijk 3 jaar is.
    Meer daarover vindt je op www.consuwijzer.nl

    En verder moeten we nog opruimen!

    Maar eerst dit:
    hou MBAM en de Eset Onlinescanner in jouw Windows erbij.
    Navigeer naar [b:b0fef5f50a]C:\Program Files\ESET\ESET Online Scanner[/b:b0fef5f50a] en klik met rechts op [b:b0fef5f50a]OnlineScannerApp.exe[/b:b0fef5f50a] en kies dan voor Snelkoppeling op het bureaublad plaatsen.

    Gebruik MBAM 1x wekelijks - na upaten kies je voor snelle scan.
    Gebruik OnlineScannerApp.exe ix maandelijks.
    Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten.
    En nog een tip: hier - http://www.jawwi.nl/artikelen/cookies.html - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren.


    [b:b0fef5f50a]Stap •1•[/b:b0fef5f50a][/color:b0fef5f50a]
    [b:b0fef5f50a]C:\TDSSStarter [/b:b0fef5f50a] mag je handmatig verwijderen.

    [b:b0fef5f50a]Stap •2•[/b:b0fef5f50a][/color:b0fef5f50a]
    ComboFix mag nu verwijderd worden:
    [list:b0fef5f50a][*:b0fef5f50a] ga daarvoor naar Start - Uitvoeren
    [*:b0fef5f50a] kopieer en plak hierin het volgende: [b:b0fef5f50a]Combofix /Uninstall[/b:b0fef5f50a]
    [*:b0fef5f50a] klik daarna op [b:b0fef5f50a]OK[/b:b0fef5f50a].
    [*:b0fef5f50a] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:b0fef5f50a]

    Voorbeeld:

    [img:b0fef5f50a]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:b0fef5f50a]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:b0fef5f50a]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:b0fef5f50a]

    [b:b0fef5f50a]Stap •3•[/b:b0fef5f50a][/color:b0fef5f50a]
    [b:b0fef5f50a]Welk programma[/b:b0fef5f50a]: TFC.
    [b:b0fef5f50a]Waarvoor/waarom[/b:b0fef5f50a]:grondige reiniging van Windows.
    [b:b0fef5f50a]Moeilijkheidsgraad[/b:b0fef5f50a]: geen.

    Windows Vista en Windows 7 gebruikers starten dit tool via rechtsklik erop met administratorrechten.

    [b:b0fef5f50a]Download: Download TFC naar je bureaublad (klick)[/color:b0fef5f50a] [/b:b0fef5f50a]

    [b:b0fef5f50a]TFC opstarten[/b:b0fef5f50a]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:b0fef5f50a][*:b0fef5f50a] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:b0fef5f50a] Vervolgens klik je op de knop [b:b0fef5f50a]Start[/b:b0fef5f50a] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:b0fef5f50a] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:b0fef5f50a] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:b0fef5f50a] Noot: TFC vertoont geen log![/list:u:b0fef5f50a]

    [b:b0fef5f50a]Stap •4•[/b:b0fef5f50a][/color:b0fef5f50a]
    Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:b0fef5f50a]Security Check[/color:b0fef5f50a][/b:b0fef5f50a].
    [list:b0fef5f50a][*:b0fef5f50a] Klik/dubbelklik op [b:b0fef5f50a]SecurityCheck.exe[/b:b0fef5f50a] en let op de instrukties in het zwarte venster.
    [*:b0fef5f50a] Een Kladblok document genaamd [b:b0fef5f50a]checkup.txt[/b:b0fef5f50a] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:b0fef5f50a] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:b0fef5f50a]
    Post de inhoud van [b:b0fef5f50a]checkup.txt [/b:b0fef5f50a]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.