Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Schoon? Of toch niet?

nvandaalen
16 antwoorden
  • Had laatst last van spyware/malmware in de vorm van SecurityShield. Met behulp van MBAM weggekregen. Heb wel de indruk dat er nog wat restjes rommel op mijn computer rondzwerven.Kan iemand even naar mijn logs kijken (Hijackthis, TDSSKSTARTER, Combofix)?

    Hijackthis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:55:13, on 28-2-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe


    End of file - 4802 bytes

    TDSSstarter Log

    14:46:12.0510 3660 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
    14:46:12.0511 3660 ============================================================
    14:46:12.0511 3660 Current date / time: 2012/02/28 14:46:12.0511
    14:46:12.0511 3660 SystemInfo:
    14:46:12.0511 3660
    14:46:12.0511 3660 OS Version: 6.1.7601 ServicePack: 1.0
    14:46:12.0511 3660 Product type: Workstation
    14:46:12.0528 3660 ComputerName: NIELS-LAPTOP
    14:46:12.0529 3660 UserName: Niels
    14:46:12.0529 3660 Windows directory: C:\Windows
    14:46:12.0529 3660 System windows directory: C:\Windows
    14:46:12.0529 3660 Processor architecture: Intel x86
    14:46:12.0529 3660 Number of processors: 2
    14:46:12.0529 3660 Page size: 0x1000
    14:46:12.0529 3660 Boot type: Normal boot
    14:46:12.0530 3660 ============================================================
    14:46:14.0497 3660 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:46:14.0500 3660 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:46:14.0501 3660 \Device\Harddisk0\DR0:
    14:46:14.0501 3660 MBR used
    14:46:14.0502 3660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0x440A219
    14:46:14.0502 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x51B4A95, BlocksNum 0x4359A2C
    14:46:14.0502 3660 \Device\Harddisk1\DR1:
    14:46:14.0502 3660 MBR used
    14:46:14.0502 3660 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C0681
    14:46:14.0586 3660 Initialize success
    14:46:14.0586 3660 ============================================================
    14:46:14.0623 3028 ============================================================
    14:46:14.0623 3028 Scan started
    14:46:14.0623 3028 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    14:46:14.0623 3028 ============================================================
    14:46:16.0699 3028 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    14:46:16.0840 3028 1394ohci - ok
    14:46:16.0934 3028 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    14:46:16.0967 3028 ACPI - ok
    14:46:17.0044 3028 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    14:46:17.0097 3028 AcpiPmi - ok
    14:46:17.0216 3028 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:46:17.0253 3028 adp94xx - ok
    14:46:17.0338 3028 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    14:46:17.0362 3028 adpahci - ok
    14:46:17.0439 3028 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    14:46:17.0464 3028 adpu320 - ok
    14:46:17.0552 3028 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    14:46:17.0613 3028 AFD - ok
    14:46:17.0682 3028 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    14:46:17.0706 3028 agp440 - ok
    14:46:17.0789 3028 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    14:46:17.0815 3028 aic78xx - ok
    14:46:17.0920 3028 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    14:46:17.0942 3028 aliide - ok
    14:46:18.0029 3028 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    14:46:18.0054 3028 amdagp - ok
    14:46:18.0112 3028 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    14:46:18.0136 3028 amdide - ok
    14:46:18.0184 3028 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    14:46:18.0225 3028 AmdK8 - ok
    14:46:18.0283 3028 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    14:46:18.0348 3028 AmdPPM - ok
    14:46:18.0454 3028 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    14:46:18.0480 3028 amdsata - ok
    14:46:18.0563 3028 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:46:18.0591 3028 amdsbs - ok
    14:46:18.0627 3028 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    14:46:18.0642 3028 amdxata - ok
    14:46:18.0815 3028 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    14:46:18.0869 3028 AppID - ok
    14:46:19.0046 3028 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    14:46:19.0072 3028 arc - ok
    14:46:19.0091 3028 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    14:46:19.0107 3028 arcsas - ok
    14:46:19.0139 3028 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:46:19.0202 3028 AsyncMac - ok
    14:46:19.0324 3028 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    14:46:19.0348 3028 atapi - ok
    14:46:19.0421 3028 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    14:46:19.0521 3028 avgntflt - ok
    14:46:19.0652 3028 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
    14:46:19.0675 3028 avipbb - ok
    14:46:19.0739 3028 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    14:46:19.0758 3028 avkmgr - ok
    14:46:19.0916 3028 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    14:46:19.0976 3028 b06bdrv - ok
    14:46:20.0102 3028 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    14:46:20.0152 3028 b57nd60x - ok
    14:46:20.0212 3028 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    14:46:20.0267 3028 bcm4sbxp - ok
    14:46:20.0385 3028 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    14:46:20.0469 3028 Beep - ok
    14:46:20.0503 3028 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:46:20.0550 3028 blbdrive - ok
    14:46:20.0670 3028 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    14:46:20.0718 3028 bowser - ok
    14:46:20.0761 3028 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:46:20.0817 3028 BrFiltLo - ok
    14:46:20.0855 3028 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:46:20.0912 3028 BrFiltUp - ok
    14:46:21.0023 3028 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    14:46:21.0061 3028 Brserid - ok
    14:46:21.0143 3028 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:46:21.0184 3028 BrSerWdm - ok
    14:46:21.0276 3028 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:46:21.0328 3028 BrUsbMdm - ok
    14:46:21.0401 3028 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:46:21.0460 3028 BrUsbSer - ok
    14:46:21.0553 3028 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
    14:46:21.0683 3028 BthAvrcp - ok
    14:46:21.0956 3028 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    14:46:22.0015 3028 BthEnum - ok
    14:46:22.0057 3028 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:46:22.0111 3028 BTHMODEM - ok
    14:46:22.0237 3028 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    14:46:22.0294 3028 BthPan - ok
    14:46:22.0367 3028 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    14:46:22.0417 3028 BTHPORT - ok
    14:46:22.0547 3028 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    14:46:22.0589 3028 BTHUSB - ok
    14:46:22.0639 3028 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    14:46:22.0698 3028 cdfs - ok
    14:46:22.0836 3028 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    14:46:22.0886 3028 cdrom - ok
    14:46:22.0943 3028 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    14:46:22.0994 3028 circlass - ok
    14:46:23.0204 3028 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    14:46:23.0236 3028 CLFS - ok
    14:46:23.0831 3028 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:46:23.0881 3028 CmBatt - ok
    14:46:23.0920 3028 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    14:46:23.0942 3028 cmdide - ok
    14:46:23.0989 3028 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    14:46:24.0017 3028 CNG - ok
    14:46:24.0133 3028 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    14:46:24.0157 3028 Compbatt - ok
    14:46:24.0217 3028 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    14:46:24.0247 3028 CompositeBus - ok
    14:46:24.0364 3028 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:46:24.0388 3028 crcdisk - ok
    14:46:24.0463 3028 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    14:46:24.0509 3028 CSC - ok
    14:46:24.0637 3028 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    14:46:24.0703 3028 DfsC - ok
    14:46:24.0739 3028 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    14:46:24.0798 3028 discache - ok
    14:46:24.0945 3028 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    14:46:24.0971 3028 Disk - ok
    14:46:25.0020 3028 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    14:46:25.0064 3028 drmkaud - ok
    14:46:25.0204 3028 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    14:46:25.0242 3028 DXGKrnl - ok
    14:46:25.0379 3028 e.dentifier2 (5d41bfb57fe676fb513f84d23e40e939) C:\Windows\system32\DRIVERS\aabed2.sys
    14:46:25.0412 3028 e.dentifier2 - ok
    14:46:25.0574 3028 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    14:46:25.0659 3028 ebdrv - ok
    14:46:25.0816 3028 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    14:46:25.0844 3028 elxstor - ok
    14:46:25.0899 3028 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
    14:46:25.0923 3028 EMSCR - ok
    14:46:26.0024 3028 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    14:46:26.0075 3028 ErrDev - ok
    14:46:26.0117 3028 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
    14:46:26.0157 3028 ESDCR - ok
    14:46:26.0282 3028 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
    14:46:26.0319 3028 ESMCR - ok
    14:46:26.0376 3028 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    14:46:26.0449 3028 exfat - ok
    14:46:26.0568 3028 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    14:46:26.0648 3028 fastfat - ok
    14:46:26.0687 3028 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    14:46:26.0721 3028 fdc - ok
    14:46:26.0838 3028 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    14:46:26.0864 3028 FileInfo - ok
    14:46:26.0887 3028 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    14:46:26.0986 3028 Filetrace - ok
    14:46:27.0114 3028 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:46:27.0159 3028 flpydisk - ok
    14:46:27.0217 3028 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    14:46:27.0244 3028 FltMgr - ok
    14:46:27.0389 3028 FNETTHJM (756220289c526ce6780a66a5145f10c6) C:\Windows\system32\drivers\fnetthjm.sys
    14:46:27.0414 3028 FNETTHJM ( UnsignedFile.Multi.Generic ) - warning
    14:46:27.0415 3028 FNETTHJM - detected UnsignedFile.Multi.Generic (1)
    14:46:27.0473 3028 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    14:46:27.0498 3028 FsDepends - ok
    14:46:27.0602 3028 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    14:46:27.0631 3028 Fs_Rec - ok
    14:46:27.0682 3028 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    14:46:27.0709 3028 fvevol - ok
    14:46:27.0822 3028 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:46:27.0844 3028 gagp30kx - ok
    14:46:27.0910 3028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:46:27.0928 3028 GEARAspiWDM - ok
    14:46:28.0050 3028 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
    14:46:28.0069 3028 ggflt - ok
    14:46:28.0089 3028 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
    14:46:28.0099 3028 ggsemc - ok
    14:46:28.0128 3028 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    14:46:28.0146 3028 hcw85cir - ok
    14:46:28.0280 3028 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    14:46:28.0333 3028 HdAudAddService - ok
    14:46:28.0369 3028 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    14:46:28.0406 3028 HDAudBus - ok
    14:46:28.0510 3028 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:46:28.0552 3028 HidBatt - ok
    14:46:28.0586 3028 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    14:46:28.0628 3028 HidBth - ok
    14:46:28.0655 3028 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    14:46:28.0693 3028 HidIr - ok
    14:46:28.0968 3028 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    14:46:29.0058 3028 HidUsb - ok
    14:46:29.0239 3028 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    14:46:29.0265 3028 HpSAMD - ok
    14:46:29.0412 3028 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    14:46:29.0473 3028 HTTP - ok
    14:46:29.0547 3028 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    14:46:29.0572 3028 hwpolicy - ok
    14:46:29.0663 3028 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    14:46:29.0708 3028 i8042prt - ok
    14:46:29.0798 3028 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    14:46:29.0827 3028 iaStorV - ok
    14:46:30.0098 3028 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    14:46:30.0206 3028 igfx - ok
    14:46:30.0341 3028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    14:46:30.0367 3028 iirsp - ok
    14:46:30.0411 3028 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    14:46:30.0436 3028 intelide - ok
    14:46:30.0467 3028 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    14:46:30.0506 3028 intelppm - ok
    14:46:30.0624 3028 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:46:30.0697 3028 IpFilterDriver - ok
    14:46:30.0735 3028 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    14:46:30.0769 3028 IPMIDRV - ok
    14:46:30.0802 3028 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    14:46:30.0862 3028 IPNAT - ok
    14:46:31.0008 3028 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    14:46:31.0053 3028 IRENUM - ok
    14:46:31.0109 3028 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    14:46:31.0134 3028 isapnp - ok
    14:46:31.0258 3028 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    14:46:31.0288 3028 iScsiPrt - ok
    14:46:31.0320 3028 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    14:46:31.0335 3028 kbdclass - ok
    14:46:31.0456 3028 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    14:46:31.0502 3028 kbdhid - ok
    14:46:31.0554 3028 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    14:46:31.0580 3028 KSecDD - ok
    14:46:31.0601 3028 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    14:46:31.0618 3028 KSecPkg - ok
    14:46:31.0743 3028 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    14:46:31.0762 3028 Lavasoft Kernexplorer - ok
    14:46:31.0876 3028 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
    14:46:31.0895 3028 Lbd - ok
    14:46:31.0960 3028 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    14:46:32.0040 3028 lltdio - ok
    14:46:32.0171 3028 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:46:32.0198 3028 LSI_FC - ok
    14:46:32.0242 3028 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:46:32.0268 3028 LSI_SAS - ok
    14:46:32.0314 3028 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:46:32.0339 3028 LSI_SAS2 - ok
    14:46:32.0454 3028 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:46:32.0480 3028 LSI_SCSI - ok
    14:46:32.0528 3028 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    14:46:32.0593 3028 luafv - ok
    14:46:32.0758 3028 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
    14:46:32.0781 3028 MBAMSwissArmy - ok
    14:46:32.0822 3028 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    14:46:32.0847 3028 megasas - ok
    14:46:32.0872 3028 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:46:32.0891 3028 MegaSR - ok
    14:46:32.0917 3028 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    14:46:32.0989 3028 Modem - ok
    14:46:33.0116 3028 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    14:46:33.0165 3028 monitor - ok
    14:46:33.0220 3028 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    14:46:33.0242 3028 mouclass - ok
    14:46:33.0359 3028 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    14:46:33.0412 3028 mouhid - ok
    14:46:33.0456 3028 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    14:46:33.0481 3028 mountmgr - ok
    14:46:33.0517 3028 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    14:46:33.0533 3028 mpio - ok
    14:46:33.0635 3028 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    14:46:33.0704 3028 mpsdrv - ok
    14:46:33.0754 3028 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    14:46:33.0786 3028 MRxDAV - ok
    14:46:33.0920 3028 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:46:33.0969 3028 mrxsmb - ok
    14:46:34.0001 3028 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:46:34.0027 3028 mrxsmb10 - ok
    14:46:34.0047 3028 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:46:34.0083 3028 mrxsmb20 - ok
    14:46:34.0218 3028 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    14:46:34.0243 3028 msahci - ok
    14:46:34.0332 3028 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    14:46:34.0355 3028 msdsm - ok
    14:46:34.0485 3028 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    14:46:34.0533 3028 Msfs - ok
    14:46:34.0557 3028 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    14:46:34.0614 3028 mshidkmdf - ok
    14:46:34.0651 3028 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    14:46:34.0675 3028 msisadrv - ok
    14:46:34.0817 3028 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    14:46:34.0878 3028 MSKSSRV - ok
    14:46:34.0909 3028 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:46:34.0965 3028 MSPCLOCK - ok
    14:46:35.0089 3028 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    14:46:35.0165 3028 MSPQM - ok
    14:46:35.0201 3028 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    14:46:35.0227 3028 MsRPC - ok
    14:46:35.0260 3028 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    14:46:35.0275 3028 mssmbios - ok
    14:46:35.0396 3028 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    14:46:35.0470 3028 MSTEE - ok
    14:46:35.0499 3028 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:46:35.0540 3028 MTConfig - ok
    14:46:35.0573 3028 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    14:46:35.0588 3028 Mup - ok
    14:46:35.0721 3028 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS
    wifi.sys
    14:46:35.0751 3028 NativeWifiP - ok
    14:46:35.0807 3028 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers
    dis.sys
    14:46:35.0840 3028 NDIS - ok
    14:46:35.0961 3028 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS
    discap.sys
    14:46:36.0013 3028 NdisCap - ok
    14:46:36.0052 3028 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS
    distapi.sys
    14:46:36.0101 3028 NdisTapi - ok
    14:46:36.0147 3028 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS
    disuio.sys
    14:46:36.0192 3028 Ndisuio - ok
    14:46:36.0303 3028 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS
    diswan.sys
    14:46:36.0348 3028 NdisWan - ok
    14:46:36.0387 3028 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    14:46:36.0461 3028 NDProxy - ok
    14:46:36.0584 3028 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS
    etbios.sys
    14:46:36.0661 3028 NetBIOS - ok
    14:46:36.0715 3028 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS
    etbt.sys
    14:46:36.0769 3028 NetBT - ok
    14:46:37.0040 3028 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS
    etw5v32.sys
    14:46:37.0143 3028 netw5v32 - ok
    14:46:37.0283 3028 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS
    frd960.sys
    14:46:37.0309 3028 nfrd960 - ok
    14:46:37.0369 3028 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    14:46:37.0423 3028 Npfs - ok
    14:46:37.0458 3028 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers
    siproxy.sys
    14:46:37.0532 3028 nsiproxy - ok
    14:46:37.0714 3028 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    14:46:37.0905 3028 Ntfs - ok
    14:46:38.0030 3028 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    14:46:38.0104 3028 Null - ok
    14:46:38.0209 3028 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers
    vraid.sys
    14:46:38.0236 3028 nvraid - ok
    14:46:38.0444 3028 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers
    vstor.sys
    14:46:38.0471 3028 nvstor - ok
    14:46:38.0511 3028 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers
    v_agp.sys
    14:46:38.0527 3028 nv_agp - ok
    14:46:38.0567 3028 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    14:46:38.0602 3028 ohci1394 - ok
    14:46:38.0784 3028 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS
    14:46:38.0836 3028 PAC207 - ok
    14:46:38.0948 3028 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    14:46:38.0977 3028 Parport - ok
    14:46:39.0016 3028 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    14:46:39.0041 3028 partmgr - ok
    14:46:39.0065 3028 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    14:46:39.0096 3028 Parvdm - ok
    14:46:39.0149 3028 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    14:46:39.0177 3028 pci - ok
    14:46:39.0288 3028 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    14:46:39.0312 3028 pciide - ok
    14:46:39.0350 3028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:46:39.0368 3028 pcmcia - ok
    14:46:39.0390 3028 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    14:46:39.0406 3028 pcw - ok
    14:46:39.0442 3028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    14:46:39.0500 3028 PEAUTH - ok
    14:46:39.0650 3028 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    14:46:39.0726 3028 PptpMiniport - ok
    14:46:39.0761 3028 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    14:46:39.0791 3028 Processor - ok
    14:46:39.0934 3028 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    14:46:40.0017 3028 Psched - ok
    14:46:40.0094 3028 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    14:46:40.0141 3028 ql2300 - ok
    14:46:40.0256 3028 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:46:40.0283 3028 ql40xx - ok
    14:46:40.0309 3028 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    14:46:40.0343 3028 QWAVEdrv - ok
    14:46:40.0367 3028 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    14:46:40.0415 3028 RasAcd - ok
    14:46:40.0539 3028 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:46:40.0600 3028 RasAgileVpn - ok
    14:46:40.0638 3028 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:46:40.0675 3028 Rasl2tp - ok
    14:46:40.0813 3028 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:46:40.0867 3028 RasPppoe - ok
    14:46:40.0894 3028 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    14:46:40.0946 3028 RasSstp - ok
    14:46:40.0995 3028 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    14:46:41.0074 3028 rdbss - ok
    14:46:41.0194 3028 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:46:41.0224 3028 rdpbus - ok
    14:46:41.0252 3028 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:46:41.0306 3028 RDPCDD - ok
    14:46:41.0356 3028 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    14:46:41.0382 3028 RDPDR - ok
    14:46:41.0505 3028 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    14:46:41.0588 3028 RDPENCDD - ok
    14:46:41.0619 3028 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    14:46:41.0654 3028 RDPREFMP - ok
    14:46:41.0687 3028 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    14:46:41.0751 3028 RDPWD - ok
    14:46:41.0893 3028 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    14:46:41.0917 3028 rdyboost - ok
    14:46:41.0982 3028 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    14:46:42.0017 3028 RFCOMM - ok
    14:46:42.0169 3028 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    14:46:42.0245 3028 rspndr - ok
    14:46:42.0279 3028 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    14:46:42.0320 3028 s3cap - ok
    14:46:42.0511 3028 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    14:46:42.0537 3028 sbp2port - ok
    14:46:42.0588 3028 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    14:46:42.0642 3028 scfilter - ok
    14:46:42.0769 3028 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    14:46:42.0823 3028 sdbus - ok
    14:46:42.0887 3028 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    14:46:42.0967 3028 secdrv - ok
    14:46:43.0111 3028 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
    14:46:43.0155 3028 seehcri - ok
    14:46:43.0220 3028 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    14:46:43.0248 3028 Serenum - ok
    14:46:43.0365 3028 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    14:46:43.0396 3028 Serial - ok
    14:46:43.0426 3028 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    14:46:43.0444 3028 sermouse - ok
    14:46:43.0486 3028 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    14:46:43.0505 3028 sffdisk - ok
    14:46:43.0526 3028 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    14:46:43.0559 3028 sffp_mmc - ok
    14:46:43.0668 3028 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    14:46:43.0734 3028 sffp_sd - ok
    14:46:43.0772 3028 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:46:43.0800 3028 sfloppy - ok
    14:46:43.0845 3028 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    14:46:43.0860 3028 sisagp - ok
    14:46:43.0981 3028 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:46:44.0006 3028 SiSRaid2 - ok
    14:46:44.0036 3028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:46:44.0052 3028 SiSRaid4 - ok
    14:46:44.0085 3028 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    14:46:44.0122 3028 Smb - ok
    14:46:44.0286 3028 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    14:46:44.0317 3028 spldr - ok
    14:46:44.0398 3028 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    14:46:44.0398 3028 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    14:46:44.0402 3028 sptd ( LockedFile.Multi.Generic ) - warning
    14:46:44.0402 3028 sptd - detected LockedFile.Multi.Generic (1)
    14:46:44.0525 3028 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    14:46:44.0581 3028 srv - ok
    14:46:44.0627 3028 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    14:46:44.0683 3028 srv2 - ok
    14:46:44.0815 3028 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    14:46:44.0868 3028 SrvHsfHDA - ok
    14:46:44.0923 3028 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    14:46:44.0956 3028 SrvHsfV92 - ok
    14:46:45.0084 3028 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    14:46:45.0125 3028 SrvHsfWinac - ok
    14:46:45.0242 3028 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    14:46:45.0293 3028 srvnet - ok
    14:46:45.0357 3028 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    14:46:45.0376 3028 ssmdrv - ok
    14:46:45.0496 3028 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    14:46:45.0520 3028 stexstor - ok
    14:46:45.0548 3028 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    14:46:45.0563 3028 storflt - ok
    14:46:45.0592 3028 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    14:46:45.0607 3028 storvsc - ok
    14:46:45.0623 3028 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    14:46:45.0638 3028 swenum - ok
    14:46:45.0804 3028 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    14:46:45.0847 3028 Tcpip - ok
    14:46:46.0015 3028 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    14:46:46.0057 3028 TCPIP6 - ok
    14:46:46.0175 3028 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    14:46:46.0244 3028 tcpipreg - ok
    14:46:46.0288 3028 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    14:46:46.0348 3028 TDPIPE - ok
    14:46:46.0465 3028 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    14:46:46.0535 3028 TDTCP - ok
    14:46:46.0581 3028 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    14:46:46.0639 3028 tdx - ok
    14:46:46.0752 3028 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    14:46:46.0774 3028 TermDD - ok
    14:46:46.0832 3028 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:46:46.0898 3028 tssecsrv - ok
    14:46:47.0023 3028 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    14:46:47.0074 3028 TsUsbFlt - ok
    14:46:47.0138 3028 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    14:46:47.0214 3028 tunnel - ok
    14:46:47.0336 3028 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    14:46:47.0362 3028 uagp35 - ok
    14:46:47.0407 3028 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    14:46:47.0474 3028 udfs - ok
    14:46:47.0618 3028 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    14:46:47.0642 3028 uliagpkx - ok
    14:46:47.0708 3028 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    14:46:47.0794 3028 umbus - ok
    14:46:47.0922 3028 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    14:46:47.0969 3028 UmPass - ok
    14:46:48.0032 3028 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    14:46:48.0079 3028 USBAAPL - ok
    14:46:48.0209 3028 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:46:48.0238 3028 usbccgp - ok
    14:46:48.0269 3028 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    14:46:48.0301 3028 usbcir - ok
    14:46:48.0328 3028 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    14:46:48.0367 3028 usbehci - ok
    14:46:48.0511 3028 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\drivers\usbhub.sys
    14:46:48.0563 3028 usbhub - ok
    14:46:48.0597 3028 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    14:46:48.0637 3028 usbohci - ok
    14:46:48.0677 3028 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    14:46:48.0724 3028 usbprint - ok
    14:46:48.0847 3028 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
    14:46:48.0873 3028 usbser - ok
    14:46:48.0903 3028 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
    14:46:48.0951 3028 USBSTOR - ok
    14:46:48.0982 3028 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:46:49.0000 3028 usbuhci - ok
    14:46:49.0127 3028 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    14:46:49.0152 3028 vdrvroot - ok
    14:46:49.0208 3028 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:46:49.0259 3028 vga - ok
    14:46:49.0381 3028 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    14:46:49.0454 3028 VgaSave - ok
    14:46:49.0496 3028 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    14:46:49.0513 3028 vhdmp - ok
    14:46:49.0645 3028 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    14:46:49.0672 3028 viaagp - ok
    14:46:49.0709 3028 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    14:46:49.0754 3028 ViaC7 - ok
    14:46:49.0788 3028 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    14:46:49.0803 3028 viaide - ok
    14:46:49.0921 3028 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    14:46:49.0950 3028 vmbus - ok
    14:46:49.0973 3028 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    14:46:50.0007 3028 VMBusHID - ok
    14:46:50.0040 3028 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    14:46:50.0065 3028 volmgr - ok
    14:46:50.0113 3028 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    14:46:50.0145 3028 volmgrx - ok
    14:46:50.0272 3028 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    14:46:50.0303 3028 volsnap - ok
    14:46:50.0361 3028 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:46:50.0384 3028 vsmraid - ok
    14:46:50.0495 3028 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    14:46:50.0524 3028 vwifibus - ok
    14:46:50.0560 3028 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    14:46:50.0592 3028 WacomPen - ok
    14:46:50.0731 3028 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    14:46:50.0776 3028 WANARP - ok
    14:46:50.0781 3028 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    14:46:50.0815 3028 Wanarpv6 - ok
    14:46:50.0881 3028 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    14:46:50.0896 3028 Wd - ok
    14:46:51.0021 3028 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    14:46:51.0062 3028 Wdf01000 - ok
    14:46:51.0215 3028 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:46:51.0286 3028 WfpLwf - ok
    14:46:51.0314 3028 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    14:46:51.0330 3028 WIMMount - ok
    14:46:51.0475 3028 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    14:46:51.0523 3028 WinUsb - ok
    14:46:51.0571 3028 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    14:46:51.0610 3028 WmiAcpi - ok
    14:46:51.0753 3028 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    14:46:51.0833 3028 ws2ifsl - ok
    14:46:51.0878 3028 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    14:46:51.0936 3028 WudfPf - ok
    14:46:52.0061 3028 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:46:52.0139 3028 WUDFRd - ok
    14:46:52.0199 3028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:46:52.0343 3028 \Device\Harddisk0\DR0 - ok
    14:46:52.0346 3028 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    14:46:56.0748 3028 \Device\Harddisk1\DR1 - ok
    14:46:56.0749 3028 Boot (0x1200) (4d9665321aaf56d56d04187d401b768c) \Device\Harddisk0\DR0\Partition0
    14:46:56.0750 3028 \Device\Harddisk0\DR0\Partition0 - ok
    14:46:56.0774 3028 Boot (0x1200) (8d8523a7b0fa55ffd486563b5849904f) \Device\Harddisk0\DR0\Partition1
    14:46:56.0775 3028 \Device\Harddisk0\DR0\Partition1 - ok
    14:46:56.0777 3028 Boot (0x1200) (249a8963b3f08477c69a2a2c7231f2b9) \Device\Harddisk1\DR1\Partition0
    14:46:56.0778 3028 \Device\Harddisk1\DR1\Partition0 - ok
    14:46:56.0778 3028 ============================================================
    14:46:56.0778 3028 Scan finished
    14:46:56.0778 3028 ============================================================
    14:46:57.0489 1160 Deinitialize success

    ==============================================
    System Restore Point Check:

    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================

    Older logs
    ==============================================
    C:\TDSSKiller.2.7.7.0_24.01.2012_22.43.21_log.txt
    ==============================================
    EOF

    ComboFix 12-02-27.02 - Niels 28-02-2012 15:20:16.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3062.2235 [GMT 1:00]
    Gestart vanuit: c:\users\Niels\Desktop\ComboFix.exe
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\test.txt
    c:\users\Niels\AppData\Roaming\Microsoft\Windows\Recent\Counter-Strike.url
    c:\users\Niels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\windows\$NtUninstallKB65208$
    c:\windows\$NtUninstallKB65208$\2232843182\@
    c:\windows\$NtUninstallKB65208$\2232843182\cfg.ini
    c:\windows\$NtUninstallKB65208$\2232843182\Desktop.ini
    c:\windows\$NtUninstallKB65208$\2232843182\L\xadqgnnk
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000001.$
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000002.$
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000004.$
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000000.$
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000004.$
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000032.$
    c:\windows\$NtUninstallKB65208$\3045627119
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-28 to 2012-02-28 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-28 14:28 . 2012-02-28 14:30 ——– d—–w- c:\users\Niels\AppData\Local\temp
    2012-02-28 14:28 . 2012-02-28 14:28 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-02-28 13:46 . 2012-02-28 13:46 ——– d—–w- C:\TDSSStarter
    2012-02-28 13:44 . 2012-02-28 13:44 388096 —-a-r- c:\users\Niels\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-28 13:44 . 2012-02-28 13:44 ——– d—–w- c:\program files\Trend Micro
    2012-02-28 13:15 . 2012-02-28 13:15 ——– d—–w- c:\users\Niels\AppData\Roaming\Myvyel
    2012-02-26 09:36 . 2012-02-28 13:31 ——– d—–w- c:\users\Niels\AppData\Roaming\Texu
    2012-02-26 09:36 . 2012-02-28 12:01 ——– d—–w- c:\users\Niels\AppData\Roaming\Erguy
    2012-02-25 14:34 . 2012-02-25 14:34 ——– d—–w- c:\program files\ESET
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\users\Niels\AppData\Roaming\Malwarebytes
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\programdata\Malwarebytes
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-25 14:20 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-25 12:48 . 2012-01-24 21:52 16432 —-a-w- c:\windows\system32\lsdelete.exe
    2012-02-15 15:45 . 2011-12-30 05:27 478720 —-a-w- c:\windows\system32\timedate.cpl
    2012-02-15 15:45 . 2011-12-16 07:52 690688 —-a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 15:45 . 2012-01-04 08:58 442880 —-a-w- c:\windows\system32
    tshrui.dll
    2012-02-15 15:45 . 2012-01-14 03:35 2343424 —-a-w- c:\windows\system32\win32k.sys
    2012-02-03 12:11 . 2011-11-17 05:41 67440 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-02-03 12:11 . 2011-11-17 05:41 134000 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-02-03 12:11 . 2011-11-17 05:39 369352 —-a-w- c:\windows\system32\drivers\cng.sys
    2012-02-03 12:11 . 2011-11-17 05:34 224768 —-a-w- c:\windows\system32\schannel.dll
    2012-02-03 12:11 . 2011-11-17 05:32 1038848 —-a-w- c:\windows\system32\lsasrv.dll
    2012-02-03 12:11 . 2011-11-17 05:35 314880 —-a-w- c:\windows\system32\webio.dll
    2012-02-03 12:11 . 2011-11-17 05:34 15872 —-a-w- c:\windows\system32\sspisrv.dll
    2012-02-03 12:11 . 2011-11-17 05:34 100352 —-a-w- c:\windows\system32\sspicli.dll
    2012-02-03 12:11 . 2011-11-17 05:34 22016 —-a-w- c:\windows\system32\secur32.dll
    2012-02-03 12:11 . 2011-11-17 05:29 22528 —-a-w- c:\windows\system32\lsass.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-15 15:59 . 2011-10-21 14:08 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-01-24 22:29 . 2011-09-27 12:14 78336 —-a-w- c:\windows\system32\drivers\dfsc.sys
    2012-01-24 21:52 . 2012-01-24 21:52 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-24 21:14 . 2011-05-20 12:03 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-06 04:19 . 2012-01-24 15:18 6557240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{494CB0B0-D8B5-4A23-B2A0-6A8164247FFD}\mpengine.dll
    2011-12-23 06:12 . 2012-01-24 21:49 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2012-02-25 13:05 . 2011-03-22 12:26 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
    R3 FNETTHJM;Freecom Turbo HDD USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2011-08-29 24448]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-08 13224]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-08 691696]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS
    etw5v32.sys [2009-07-13 4231168]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-08 27632]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000Core.job
    - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32]
    .
    2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000UA.job
    - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
    FF - ProfilePath - c:\users\Niels\AppData\Roaming\Mozilla\Firefox\Profiles\kwe789c4.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-70141153.sys
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1000889604-3478986291-2025876595-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "Currency"=dword:0000001c
    "GameDir"=""
    "ShortlistDir"=""
    "ScreenshotsDir"=""
    "SaveDir"=""
    "HistoryDir"="c:\\Users\\Niels\\Desktop\\FM Genie Scout 10\\History Points"
    "LangDB"=""
    "LastSaveGame"="c:\\Users\\Niels\\Documents\\Sports Interactive\\Football Manager 2010\\games\\WBA.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000000
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009d79
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000074
    "UniqueID"="C4-8700-E0EF"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-02-28 15:34:58 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-02-28 14:34
    .
    Pre-Run: 6.914.052.096 bytes beschikbaar
    Post-Run: 6.682.513.408 bytes beschikbaar
    .
    - - End Of File - - E726B81297FC5BD22D48E0CB073BB594















  • Ik zie niets waarvan ik zeg: Spyware/malware. Geen gekke verwijzingen en opstarten is clean.
  • Het gebruik op eigen houtje van ComboFix wordt ten strengste afgeraden.
    Een verkeerde handeling met dit sterke tool kan Windows vernielen!

    Gooi de oude ComboFix in de prullenbak en leeg deze en doe ComboFix conform onderstaande handleiding.

    [b:3c90b8ed6c]Welk programma[/b:3c90b8ed6c]: ComboFix
    [b:3c90b8ed6c]Waarvoor/waarom[/b:3c90b8ed6c]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:3c90b8ed6c]Moeilijkheidsgraad[/b:3c90b8ed6c]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:3c90b8ed6c]Downloadlokatie[/b:3c90b8ed6c]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3c90b8ed6c]Download ComboFix via één van deze locaties[/b:3c90b8ed6c]:
    [list:3c90b8ed6c][*:3c90b8ed6c][b:3c90b8ed6c]Bleepingcomputer[/b:3c90b8ed6c]
    [*:3c90b8ed6c][b:3c90b8ed6c]ForoSpyware[/b:3c90b8ed6c]
    [*:3c90b8ed6c][b:3c90b8ed6c]Geekstogo[/b:3c90b8ed6c][/list:u:3c90b8ed6c]
    [b:3c90b8ed6c]Hier[/b:3c90b8ed6c] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:3c90b8ed6c]Hier[/b:3c90b8ed6c] en [b:3c90b8ed6c]hier[/b:3c90b8ed6c] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:3c90b8ed6c]Voor alle duidelijkheid nogmaals[/b:3c90b8ed6c]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:3c90b8ed6c]ComboFix opstarten[/b:3c90b8ed6c]:
    [list:3c90b8ed6c][*:3c90b8ed6c] [b:3c90b8ed6c]
  • Nieuwe scanlog van Combofix.

    ComboFix 12-03-04.02 - Niels 05-03-2012 12:31:56.3.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3062.2241 [GMT 1:00]
    Gestart vanuit: c:\users\Niels\Desktop\ComboFix.exe
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB65208$
    c:\windows\$NtUninstallKB65208$\2232843182\@
    c:\windows\$NtUninstallKB65208$\2232843182\cfg.ini
    c:\windows\$NtUninstallKB65208$\2232843182\Desktop.ini
    c:\windows\$NtUninstallKB65208$\2232843182\L\xadqgnnk
    c:\windows\$NtUninstallKB65208$\2232843182\oemid
    c:\windows\$NtUninstallKB65208$\2232843182\twl.dll
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000001.@
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000002.@
    c:\windows\$NtUninstallKB65208$\2232843182\U\00000004.@
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000000.@
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000004.@
    c:\windows\$NtUninstallKB65208$\2232843182\U\80000032.@
    c:\windows\$NtUninstallKB65208$\2232843182\version
    c:\windows\$NtUninstallKB65208$\916052057
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-05 09:45 . 2012-03-05 09:45 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-03-05 09:35 . 2012-03-05 09:35 0 –sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-04 19:55 . 2012-02-08 06:03 6552120 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A69F06D5-D598-41ED-8F71-6E833A960B7D}\mpengine.dll
    2012-02-28 13:46 . 2012-03-05 09:46 ——– d—–w- C:\TDSSStarter
    2012-02-28 13:44 . 2012-02-28 13:44 388096 —-a-r- c:\users\Niels\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-28 13:44 . 2012-02-28 13:44 ——– d—–w- c:\program files\Trend Micro
    2012-02-28 13:15 . 2012-02-28 13:15 ——– d—–w- c:\users\Niels\AppData\Roaming\Myvyel
    2012-02-26 09:36 . 2012-02-28 13:31 ——– d—–w- c:\users\Niels\AppData\Roaming\Texu
    2012-02-26 09:36 . 2012-02-28 12:01 ——– d—–w- c:\users\Niels\AppData\Roaming\Erguy
    2012-02-25 14:34 . 2012-02-25 14:34 ——– d—–w- c:\program files\ESET
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\users\Niels\AppData\Roaming\Malwarebytes
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\programdata\Malwarebytes
    2012-02-25 14:20 . 2012-02-25 14:20 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-25 14:20 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-25 12:48 . 2012-01-24 21:52 16432 —-a-w- c:\windows\system32\lsdelete.exe
    2012-02-15 15:45 . 2011-12-30 05:27 478720 —-a-w- c:\windows\system32\timedate.cpl
    2012-02-15 15:45 . 2011-12-16 07:52 690688 —-a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 15:45 . 2012-01-04 08:58 442880 —-a-w- c:\windows\system32
    tshrui.dll
    2012-02-15 15:45 . 2012-01-14 03:35 2343424 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-05 09:47 . 2011-09-27 12:14 78336 —-a-w- c:\windows\system32\drivers\dfsc.sys
    2012-03-05 09:35 . 2011-05-20 12:03 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-15 15:59 . 2011-10-21 14:08 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-01-29 04:10 . 2010-04-07 15:21 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-01-24 21:52 . 2012-01-24 21:52 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-12-23 06:12 . 2012-01-24 21:49 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2012-02-25 13:05 . 2011-03-22 12:26 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
    R3 FNETTHJM;Freecom Turbo HDD USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2011-08-29 24448]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-08 13224]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-08 691696]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS
    etw5v32.sys [2009-07-13 4231168]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-08 27632]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    oracleorahomedatagatherer
    PCTINDIS5
    USBDongle
    govsrv
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000Core.job
    - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32]
    .
    2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000UA.job
    - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
    FF - ProfilePath - c:\users\Niels\AppData\Roaming\Mozilla\Firefox\Profiles\kwe789c4.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-76245286.sys
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1000889604-3478986291-2025876595-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "Currency"=dword:0000001c
    "GameDir"=""
    "ShortlistDir"=""
    "ScreenshotsDir"=""
    "SaveDir"=""
    "HistoryDir"="c:\\Users\\Niels\\Desktop\\FM Genie Scout 10\\History Points"
    "LangDB"=""
    "LastSaveGame"="c:\\Users\\Niels\\Documents\\Sports Interactive\\Football Manager 2010\\games\\WBA.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000000
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009d79
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000074
    "UniqueID"="C4-8700-E0EF"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-03-05 12:46:51 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-03-05 11:46
    ComboFix2.txt 2012-02-28 15:05
    ComboFix3.txt 2012-02-28 14:34
    .
    Pre-Run: 6.991.400.960 bytes beschikbaar
    Post-Run: 6.945.804.288 bytes beschikbaar
    .
    - - End Of File - - 2E52B11B25294630A596DDAF7D0873CE

  • Verwijder Lavasoft AdAware uit jouw Windows.
    Dit tool is zo te zien beschadigd; echter zal jouw Windows ook blij zijn als die last er uit is.

    Daarna doe je [b:81d34886a7]de ESET online scan (Klik).[/b:81d34886a7]
    [list:81d34886a7]
    [*:81d34886a7]Klik op de knop [b:81d34886a7]ESET Online Scanner[/b:81d34886a7]
    [*:81d34886a7]Zet een vinkje bij [b:81d34886a7]YES, I accept the Terms of Use[/b:81d34886a7]
    [*:81d34886a7]Klik op [b:81d34886a7]Start[/b:81d34886a7]
    [*:81d34886a7]Sta het ActiveX control toe om te installeren.
    [*:81d34886a7]Zet een vinkje bij de volgende opties:
    [list:81d34886a7][*:81d34886a7][b:81d34886a7]Remove found threats[/b:81d34886a7]
    [*:81d34886a7][b:81d34886a7]Scan archives[/b:81d34886a7][/list:u:81d34886a7]
    [*:81d34886a7]Klik vervolgens op [b:81d34886a7]
  • Lavasoft Ad-Aware is nu verwijderd. (Via configuratiescherm, software verwijderen etc.)

    Ben nu ESET online scan aan het uitvoeren.

    Ik heb trouwens Avira Antivir als gewone virusscanner geïnstalleerd. Lijkt mij normaal gesproken voldoende?
  • Ik schrik me hier even de pleuris! Ben nu met ESET Online Scanner op 30% maar heb al 3 trojans (Java/Exploit.CVE-2011-3544.AU, JS.Agent.NEJ en Win32/Rootkit.Kryptik.JV).

    Scan duurt nog wel even denk ik, ik post als de scan klaar is een Log-bestand!
  • Ik gebruik ook Avira.

    Meer info over hoe ik mijn Windows beveiligd heb vindt je hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1474812#1474812
  • Heb net ESET Online Scanner uitgevoerd. Hij heeft 3 zaken verwijderd (Java/Exploit.CVE-2011-3544.AU, JS.Agent.NEJ en Win32/Rootkit.Kryptik.JV) en het zou nu allemaal clean moeten zijn.

    Een log posten kan ik niet doen, aangezien in het Logbestand een oud log stond, van een vorige scan die ik ooit al had uitgevoerd. Ik snap niet hoe dit kan, maar het is niet anders.

    Zou het nu goed moeten zijn?

    Voor de zekerheid een scan met HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:33:56, on 5-3-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe


    End of file - 4138 bytes
  • Doe nu het volgende:
    [b:dbcbdeed07]Welk programma[/b:dbcbdeed07]: Malwarebytes MBAM
    [b:dbcbdeed07]Waarvoor/waarom[/b:dbcbdeed07]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:dbcbdeed07]Moeilijkheidsgraad[/b:dbcbdeed07]: geen.

    [b:dbcbdeed07]Download Malwarebytes MBAM via één van deze locaties[/b:dbcbdeed07]:
    [list:dbcbdeed07][*:dbcbdeed07][b:dbcbdeed07]Softpedia.com[/b:dbcbdeed07][*:dbcbdeed07][b:dbcbdeed07]Majorgeeks.com[/b:dbcbdeed07][/list:u:dbcbdeed07]
    [b:dbcbdeed07]Allereerst[/b:dbcbdeed07]:[list:dbcbdeed07][*:dbcbdeed07] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:dbcbdeed07] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:dbcbdeed07]
    [b:dbcbdeed07]Malwarebytes MBAM opstarten[/b:dbcbdeed07]:
    [list:dbcbdeed07][*:dbcbdeed07] [b:dbcbdeed07]
  • Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.02.28.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Niels :: NIELS-LAPTOP [administrator]

    5-3-2012 19:12:52
    mbam-log-2012-03-05 (19-12-52).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 181371
    Verstreken tijd: 4 minuut/minuten, 27 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • We gaan opruimen.

    Maar eerst dit:
    hou MBAM en de Eset Onlinescanner in jouw Windows erbij.
    Navigeer naar [b:61a043eaea]C:\Program Files\ESET\ESET Online Scanner[/b:61a043eaea] en klik met rechts op
  • Stap 1 - Gedaan
    Stap 2 - Gedaan
    Stap 3 - Gedaan

    Stap 4

    Results of screen317's Security Check version 0.99.31
    Windows 7 Service Pack 1 x86
    Internet Explorer 9
    [b:501a63cb00]``````````````````````````````
    [u:501a63cb00]Antivirus/Firewall Check:[/u:501a63cb00][/b:501a63cb00]
  • Java is verouderd, download daarom nu eerst [b:bd08dac12d]Java 6 Update 31 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:bd08dac12d] naar jouw bureaublad.
    [b:bd08dac12d]Echter nog niet de nieuwe versie installeren![/b:bd08dac12d]

    Je gaat daarna eerst naar Configuratiescherm
    [list:bd08dac12d][*:bd08dac12d][b:bd08dac12d]Software[/b:bd08dac12d] - Windows 2000/Windows XP
    [*:bd08dac12d][b:bd08dac12d]Programma's en onderdelen[/b:bd08dac12d] - Windows Vista en Windows 7[/list:u:bd08dac12d] en je verwijdert daar [b:bd08dac12d]Java(TM) 6 Update 26[/b:bd08dac12d]

    Vervolgens start jij je PC opnieuw op.
    Dan mag je daarna de nieuwste Java versie installeren.

    Adobe Flasplayer is net vernieuwd: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=216449
  • Heb de volgende programma's geupdate:

    [list:f0ec7a4d32]Java[/list:u:f0ec7a4d32]
    [list:f0ec7a4d32]Adobe Flashplayer[/list:u:f0ec7a4d32]
    [list:f0ec7a4d32]Adobe Shockwave[/list:u:f0ec7a4d32]

    Ik ga ervan uit dat het nu allemaal goed is?
  • In principe waarschijnlijk wel.
    Maar via mijn laatste tip weet je het zeker: ga meermaals per jaar naar [b:76c7a47084]Secunia PSI (klik)[/b:76c7a47084] om te controleren of ook alles binnen Windows uptodate is.
    Want alleen dan is Windows op zijn veiligst!

    Klik op de Secunia site eerst op de knop [b:76c7a47084]Start Scanner[/b:76c7a47084] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:76c7a47084]Enable thorough system inspection[/b:76c7a47084] aleer op [b:76c7a47084]Start[/b:76c7a47084] te klikken!

    Gebruik je geen Java, dan zal de site niet werken.
    Dan kan je de [b:76c7a47084]Secunia Personal Software Inspector (PSI)[/b:76c7a47084] downloaden en installeren.
    N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
    http://secunia.com/vulnerability_scanning/personal/

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.