Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

bestanden weg door virus

Anoniem
None
10 antwoorden
  • al mijn bestanden zijn letterlijk verdwenen en ik heb die bestanden echt nodig!!! wie kan mij ermee helpen?

    Volgens mij is dit de logfile


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:31:12, on 18-4-2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\AD-AWA~1\AdAware.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\ProgramData\VUOyWqOYGdRXu.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\ProgramData\7NvWDE3vssCkMv.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\5736z-453g32mnkk\Desktop\HijackThis.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O8 - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file - 6799 bytes
  • Hallo Demy,
    [img:c57b06410c]http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif[/img:c57b06410c]welkom op dit geweldige forum.

    [b:c57b06410c]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:c57b06410c]
  • Heel erg bedankt abraham met de tips.
    ik heb de logs voor je gemaakt alleen heb nog steeds mijn bestanden niet terug…


    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 4/19/2012 5:16:04 PM

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 4/19/2012 5:16:23 PM

    [3300] C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Ontdekt: Trace.TrackingCookie.ru4!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Ontdekt: Trace.TrackingCookie.247realmedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Ontdekt: Trace.TrackingCookie.2o7!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Ontdekt: Trace.TrackingCookie.about!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Ontdekt: Trace.TrackingCookie.adtech!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Ontdekt: Trace.TrackingCookie.advertising!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Ontdekt: Trace.TrackingCookie.adviva!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Ontdekt: Trace.TrackingCookie.burstnet!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Ontdekt: Trace.TrackingCookie.casalemedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Ontdekt: Trace.TrackingCookie.clickbank!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Ontdekt: Trace.TrackingCookie.fastclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Ontdekt: Trace.TrackingCookie.mediaplex!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Ontdekt: Trace.TrackingCookie.metriweb!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Ontdekt: Trace.TrackingCookie.realmedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Ontdekt: Trace.TrackingCookie.ru4!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Ontdekt: Trace.TrackingCookie.smartadserver!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Ontdekt: Trace.TrackingCookie.specificclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Ontdekt: Trace.TrackingCookie.statcounter!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Ontdekt: Trace.TrackingCookie.tradedoubler!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Ontdekt: Trace.TrackingCookie.tribalfusion!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Ontdekt: Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Ontdekt: Trace.TrackingCookie.zedo!A2
    C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Ontdekt: Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Ontdekt: Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Ontdekt: Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Ontdekt: JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Ontdekt: Exploit.Java.CVE!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Ontdekt: Trojan-Downloader.Java.OpenStream!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Ontdekt: Exploit.Java.CVE!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Ontdekt: Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Ontdekt: JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK
    C:\Users\All Users\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK

    Gescand

    Bestanden: 176209
    Sporen: 407359
    Cookies: 895
    Processen: 72

    Gevonden

    Bestanden: 22
    Sporen: 0
    Cookies: 33
    Processen: 1
    Registersleutels: 0

    Scan Geëindigd: 19-4-2012 18:40:25
    Scantijd: 1:24:02

    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Verwijderd Trojan-Downloader.Java.OpenStream!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Verwijderd Exploit.Java.CVE!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Verwijderd Exploit.Java.CVE!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Verwijderd Exploit.Java.CVE-2011-3544!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Verwijderd JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Verwijderd JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Verwijderd Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Verwijderd Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Verwijderd Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Verwijderd Exploit.Java.Blacole!IK
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Verwijderd Trace.TrackingCookie.zedo!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Verwijderd Trace.TrackingCookie.tribalfusion!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Verwijderd Trace.TrackingCookie.tradedoubler!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Verwijderd Trace.TrackingCookie.statcounter!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Verwijderd Trace.TrackingCookie.specificclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Verwijderd Trace.TrackingCookie.smartadserver!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Verwijderd Trace.TrackingCookie.realmedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Verwijderd Trace.TrackingCookie.metriweb!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Verwijderd Trace.TrackingCookie.mediaplex!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Verwijderd Trace.TrackingCookie.fastclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Verwijderd Trace.TrackingCookie.clickbank!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Verwijderd Trace.TrackingCookie.casalemedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Verwijderd Trace.TrackingCookie.burstnet!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Verwijderd Trace.TrackingCookie.adviva!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Verwijderd Trace.TrackingCookie.advertising!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Verwijderd Trace.TrackingCookie.adtech!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Verwijderd Trace.TrackingCookie.about!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Verwijderd Trace.TrackingCookie.2o7!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Verwijderd Trace.TrackingCookie.247realmedia!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Verwijderd Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Verwijderd Trace.TrackingCookie.ru4!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Verwijderd Trace.TrackingCookie.ru4!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2
    [3300] C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK
    C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK
    C:\Users\All Users\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK

    Verwijderd

    Bestanden: 22
    Sporen: 0
    Cookies: 33







    Dit is de log van mbam


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.04.19.02

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    5736z-453g32mnkk :: 5736Z-453G32MNK [administrator]

    19-4-2012 19:18:50
    mbam-log-2012-04-19 (19-18-50).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 195101
    Verstreken tijd: 6 minuut/minuten, 7 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\ProgramData\7NvWDE3vssCkMv.exe (Trojan.Agent.WQ) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)


    groetjes
  • Hallo Demy - ik heb ook nog niks beloofd.
    Gebruik overigens onder geen geding schoonmaakprogramma's.
    Het terughalen van je dokumenten heeft pas zin, indien de malware verwijderd is.

    We gaan dus door met scantools.

  • beste Abraham,

    het lijkt erop dat mijn laptop weer de oude is ik heb gelukkig mijn bestanden etc terug.

    17:13:54.0886 4204 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
    17:13:54.0886 4204 ============================================================
    17:13:54.0886 4204 Current date / time: 2012/04/20 17:13:54.0886
    17:13:54.0886 4204 SystemInfo:
    17:13:54.0886 4204
    17:13:54.0886 4204 OS Version: 6.1.7600 ServicePack: 0.0
    17:13:54.0886 4204 Product type: Workstation
    17:13:54.0886 4204 ComputerName: 5736Z-453G32MNK
    17:13:54.0886 4204 UserName: 5736z-453g32mnkk
    17:13:54.0886 4204 Windows directory: C:\Windows
    17:13:54.0886 4204 System windows directory: C:\Windows
    17:13:54.0886 4204 Running under WOW64
    17:13:54.0886 4204 Processor architecture: Intel x64
    17:13:54.0886 4204 Number of processors: 2
    17:13:54.0886 4204 Page size: 0x1000
    17:13:54.0886 4204 Boot type: Normal boot
    17:13:54.0886 4204 ============================================================
    17:13:55.0806 4204 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:13:55.0806 4204 \Device\Harddisk0\DR0:
    17:13:55.0806 4204 MBR partitions:
    17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
    17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
    17:13:55.0884 4204 C: <-> \Device\Harddisk0\DR0\Partition1
    17:13:55.0884 4204 Initialize success
    17:13:55.0884 4204 ============================================================
    17:13:56.0040 4452 ============================================================
    17:13:56.0040 4452 Scan started
    17:13:56.0040 4452 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    17:13:56.0040 4452 ============================================================
    17:13:57.0210 4452 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:13:57.0444 4452 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    17:13:57.0506 4452 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    17:13:57.0725 4452 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    17:13:57.0818 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:13:57.0928 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:13:57.0974 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:13:58.0084 4452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:13:58.0255 4452 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    17:13:58.0411 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    17:13:58.0474 4452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:13:58.0614 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    17:13:58.0661 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    17:13:58.0708 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:13:58.0786 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:13:58.0848 4452 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    17:13:58.0895 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:13:58.0957 4452 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    17:13:59.0051 4452 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    17:13:59.0144 4452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:13:59.0316 4452 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    17:13:59.0550 4452 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:13:59.0612 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:13:59.0644 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:13:59.0706 4452 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
    17:13:59.0940 4452 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
    17:14:00.0034 4452 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
    17:14:00.0127 4452 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
    17:14:00.0205 4452 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
    17:14:00.0268 4452 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
    17:14:00.0314 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:14:00.0486 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    17:14:00.0751 4452 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
    17:14:00.0876 4452 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    17:14:01.0016 4452 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    17:14:01.0126 4452 avast\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:14:01.0172 4452 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    17:14:01.0328 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:14:01.0422 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:14:01.0609 4452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:14:01.0734 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:14:01.0843 4452 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    17:14:02.0046 4452 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    17:14:02.0264 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:14:02.0452 4452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    17:14:02.0514 4452 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    17:14:02.0592 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:14:02.0717 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:14:02.0826 4452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:14:02.0966 4452 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    17:14:03.0044 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:14:03.0107 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:14:03.0200 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:14:03.0247 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:14:03.0278 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:14:03.0403 4452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:14:03.0668 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:14:03.0778 4452 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    17:14:03.0918 4452 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    17:14:04.0058 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:14:04.0152 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:14:04.0292 4452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:14:04.0448 4452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:14:04.0573 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:14:04.0636 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    17:14:04.0714 4452 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    17:14:04.0792 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:14:04.0838 4452 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:14:04.0901 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:14:04.0979 4452 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    17:14:05.0135 4452 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    17:14:05.0228 4452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:14:05.0353 4452 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    17:14:05.0478 4452 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    17:14:05.0634 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:14:05.0774 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:14:05.0868 4452 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
    17:14:05.0977 4452 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    17:14:06.0149 4452 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    17:14:06.0274 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:14:06.0461 4452 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    17:14:06.0570 4452 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    17:14:06.0648 4452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:14:07.0132 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:14:07.0256 4452 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    17:14:07.0397 4452 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
    17:14:07.0568 4452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:14:07.0678 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:14:07.0880 4452 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    17:14:07.0927 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    17:14:08.0036 4452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:14:08.0270 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:14:08.0380 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:14:08.0520 4452 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    17:14:08.0629 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:14:08.0692 4452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:14:08.0785 4452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:14:08.0879 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:14:08.0926 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:14:09.0097 4452 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    17:14:09.0160 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:14:09.0222 4452 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    17:14:09.0316 4452 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    17:14:09.0518 4452 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:14:09.0581 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:14:09.0659 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:14:09.0799 4452 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    17:14:09.0877 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:14:09.0924 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:14:10.0096 4452 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    17:14:10.0267 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:14:10.0470 4452 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    17:14:10.0688 4452 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:14:10.0766 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:14:10.0876 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:14:10.0985 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:14:11.0032 4452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:14:11.0110 4452 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    17:14:11.0188 4452 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    17:14:11.0281 4452 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    17:14:11.0406 4452 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    17:14:11.0453 4452 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    17:14:11.0531 4452 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    17:14:11.0640 4452 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    17:14:11.0718 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:14:11.0812 4452 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
    17:14:11.0983 4452 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:14:12.0077 4452 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    17:14:12.0233 4452 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:14:12.0638 4452 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:14:12.0950 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:14:13.0044 4452 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    17:14:13.0247 4452 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
    17:14:13.0325 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    17:14:13.0387 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:14:13.0434 4452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:14:13.0559 4452 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:14:13.0699 4452 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    17:14:13.0840 4452 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    17:14:13.0902 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:14:14.0167 4452 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    17:14:14.0245 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:14:14.0323 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    17:14:14.0370 4452 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:14:14.0448 4452 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
    17:14:14.0510 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:14:14.0542 4452 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:14:14.0620 4452 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:14:14.0744 4452 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    17:14:14.0807 4452 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    17:14:14.0885 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:14:15.0041 4452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:14:15.0212 4452 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
    17:14:15.0306 4452 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    17:14:15.0415 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:14:15.0540 4452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:14:15.0649 4452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:14:15.0727 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:14:15.0774 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:14:15.0805 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:14:15.0836 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:14:15.0899 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:14:15.0992 4452 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    17:14:16.0086 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:14:16.0164 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:14:16.0242 4452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:14:16.0351 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:14:16.0445 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:14:16.0523 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:14:16.0570 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:14:16.0726 4452 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    17:14:16.0772 4452 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    17:14:16.0835 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:14:17.0022 4452 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    17:14:17.0116 4452 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    17:14:17.0194 4452 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:14:17.0256 4452 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:14:17.0318 4452 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:14:17.0396 4452 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    17:14:17.0443 4452 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    17:14:17.0521 4452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:14:17.0662 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:14:17.0740 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:14:17.0896 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    17:14:17.0958 4452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:14:18.0083 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:14:18.0223 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:14:18.0301 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:14:18.0395 4452 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    17:14:18.0488 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:14:18.0535 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:14:18.0613 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:14:18.0738 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:14:18.0847 4452 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    17:14:19.0097 4452 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    17:14:19.0315 4452 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    17:14:19.0502 4452 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    17:14:19.0799 4452 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    17:14:20.0048 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    17:14:20.0251 4452 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers
    dis.sys
    17:14:20.0329 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    17:14:20.0516 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    17:14:20.0641 4452 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS
    disuio.sys
    17:14:20.0735 4452 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS
    diswan.sys
    17:14:20.0938 4452 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    17:14:21.0109 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    17:14:21.0328 4452 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS
    etbt.sys
    17:14:21.0515 4452 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:14:21.0608 4452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32
    etman.dll
    17:14:21.0686 4452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32
    etprofm.dll
    17:14:22.0108 4452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:14:22.0201 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    17:14:22.0310 4452 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32
    lasvc.dll
    17:14:22.0482 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:14:22.0638 4452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32
    sisvc.dll
    17:14:22.0732 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    17:14:22.0919 4452 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    17:14:23.0621 4452 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    17:14:24.0260 4452 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
    17:14:24.0557 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:14:24.0728 4452 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS
    vraid.sys
    17:14:24.0775 4452 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS
    vstor.sys
    17:14:24.0822 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS
    v_agp.sys
    17:14:25.0056 4452 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:14:25.0150 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:14:25.0290 4452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:14:25.0384 4452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:14:25.0493 4452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:14:25.0555 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:14:25.0602 4452 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    17:14:25.0649 4452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:14:25.0758 4452 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    17:14:25.0852 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    17:14:25.0945 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:14:26.0008 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:14:26.0070 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:14:26.0210 4452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:14:26.0725 4452 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    17:14:26.0897 4452 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
    17:14:27.0006 4452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:14:27.0084 4452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:14:27.0131 4452 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    17:14:27.0209 4452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:14:27.0365 4452 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    17:14:27.0458 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:14:27.0552 4452 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    17:14:27.0708 4452 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:14:27.0817 4452 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    17:14:27.0973 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:14:28.0067 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:14:28.0145 4452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:14:28.0254 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:14:28.0379 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:14:28.0519 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:14:28.0753 4452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:14:28.0847 4452 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:14:28.0940 4452 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    17:14:29.0284 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:14:29.0393 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:14:29.0471 4452 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    17:14:29.0564 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:14:29.0642 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:14:29.0705 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:14:29.0767 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:14:29.0876 4452 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    17:14:29.0954 4452 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    17:14:30.0001 4452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:14:30.0095 4452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:14:30.0188 4452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:14:30.0282 4452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:14:30.0391 4452 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    17:14:30.0500 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:14:30.0641 4452 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\System32\Drivers\RtsUStor.sys
    17:14:30.0703 4452 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:14:31.0670 4452 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
    17:14:31.0920 4452 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys
    17:14:32.0029 4452 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
    17:14:32.0201 4452 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
    17:14:32.0248 4452 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
    17:14:32.0294 4452 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
    17:14:32.0372 4452 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    17:14:32.0435 4452 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
    17:14:32.0528 4452 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
    17:14:32.0591 4452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:14:32.0903 4452 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    17:14:33.0308 4452 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
    17:14:33.0542 4452 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    17:14:33.0667 4452 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    17:14:33.0808 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:14:33.0948 4452 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    17:14:34.0057 4452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:14:34.0135 4452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:14:34.0276 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:14:34.0369 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:14:34.0432 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:14:34.0510 4452 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    17:14:34.0619 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    17:14:34.0681 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    17:14:34.0728 4452 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:14:34.0759 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:14:34.0837 4452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:14:34.0915 4452 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    17:14:35.0040 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:14:35.0071 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:14:35.0102 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:14:35.0227 4452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:14:35.0321 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:14:35.0383 4452 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
    17:14:35.0680 4452 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    17:14:36.0101 4452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:14:36.0366 4452 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
    17:14:37.0037 4452 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    17:14:37.0364 4452 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
    17:14:37.0552 4452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:14:37.0692 4452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:14:37.0817 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:14:37.0926 4452 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    17:14:38.0051 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    17:14:38.0176 4452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:14:38.0347 4452 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
    17:14:38.0519 4452 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    17:14:38.0612 4452 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    17:14:38.0659 4452 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    17:14:38.0784 4452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:14:39.0205 4452 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    17:14:39.0314 4452 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    17:14:39.0408 4452 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    17:14:39.0533 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:14:39.0595 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:14:39.0689 4452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    17:14:39.0782 4452 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    17:14:39.0923 4452 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    17:14:40.0063 4452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:14:40.0204 4452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:14:40.0438 4452 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    17:14:40.0516 4452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:14:40.0703 4452 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    17:14:40.0812 4452 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:14:40.0968 4452 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    17:14:41.0062 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:14:41.0140 4452 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
    17:14:41.0249 4452 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    17:14:41.0358 4452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:14:41.0467 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    17:14:41.0561 4452 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    17:14:41.0670 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:14:41.0748 4452 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    17:14:41.0888 4452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:14:42.0029 4452 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    17:14:42.0185 4452 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    17:14:42.0294 4452 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:14:42.0419 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    17:14:42.0544 4452 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
    17:14:42.0622 4452 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
    17:14:42.0668 4452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    17:14:42.0715 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:14:42.0809 4452 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:14:42.0949 4452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:14:43.0058 4452 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
    17:14:43.0136 4452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:14:43.0277 4452 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:14:43.0370 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    17:14:43.0542 4452 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    17:14:43.0651 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:14:43.0714 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:14:43.0807 4452 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    17:14:43.0854 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    17:14:43.0901 4452 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    17:14:43.0963 4452 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    17:14:44.0026 4452 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    17:14:44.0135 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:14:44.0228 4452 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    17:14:44.0338 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:14:44.0494 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:14:44.0634 4452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:14:44.0712 4452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:14:44.0837 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:14:44.0915 4452 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:14:44.0993 4452 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:14:45.0352 4452 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    17:14:45.0492 4452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:14:45.0586 4452 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    17:14:45.0664 4452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:14:45.0882 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:14:45.0991 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:14:46.0069 4452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:14:46.0132 4452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:14:46.0225 4452 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    17:14:46.0334 4452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:14:46.0506 4452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:14:46.0631 4452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:14:46.0849 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:14:46.0958 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:14:47.0208 4452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:14:47.0489 4452 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    17:14:47.0692 4452 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:14:47.0832 4452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:14:47.0972 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:14:48.0066 4452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:14:48.0238 4452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:14:48.0331 4452 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    17:14:48.0425 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:14:48.0596 4452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:14:48.0799 4452 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    17:14:48.0955 4452 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    17:14:49.0064 4452 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:14:49.0142 4452 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    17:14:49.0252 4452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:14:49.0439 4452 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
    17:14:49.0517 4452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:14:50.0312 4452 Boot (0x1200) (4c2f59815e7f8086f61d538a183d76ef) \Device\Harddisk0\DR0\Partition0
    17:14:50.0359 4452 Boot (0x1200) (f43b81d264358ad5f427c2e3138fd5c6) \Device\Harddisk0\DR0\Partition1
    17:14:50.0359 4452 ============================================================
    17:14:50.0359 4452 Scan finished
    17:14:50.0359 4452 ============================================================
    17:14:50.0921 4488 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF



    en deze is van de combofix

    ComboFix 12-04-18.02 - 5736z-453g32mnkk 20-04-2012 17:25:07.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3002.1963 [GMT 2:00]
    Gestart vanuit: c:\users\5736z-453g32mnkk\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-20 15:29 . 2012-04-20 15:29 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-04-20 15:13 . 2012-04-20 15:14 ——– d—–w- C:\TDSSStarter
    2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Malwarebytes
    2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\programdata\Malwarebytes
    2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-19 17:16 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Local\adaware
    2012-04-18 18:52 . 2011-05-17 16:36 45904 —-a-w- c:\windows\system32\sbbd.exe
    2012-04-18 18:52 . 2011-04-29 12:15 55384 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-18 18:52 . 2011-04-05 15:35 94296 —-a-w- c:\windows\system32\drivers\sbtis.sys
    2012-04-18 18:52 . 2011-04-05 15:35 60504 —-a-w- c:\windows\system32\drivers\sbhips.sys
    2012-04-18 18:52 . 2011-04-05 15:35 253528 —-a-w- c:\windows\system32\drivers\SbFw.sys
    2012-04-18 18:52 . 2011-02-08 07:14 84568 —-a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\programdata\Lavasoft
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\Ad-Aware Antivirus
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\programdata\Ad-Aware Browsing Protection
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\Toolbar Cleaner
    2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\adawaretb
    2012-04-18 18:51 . 2012-04-19 15:15 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Ad-Aware Antivirus
    2012-04-12 20:38 . 2012-04-12 20:38 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Password Generator Professional
    2012-04-12 20:37 . 2012-04-12 20:37 ——– d—–w- c:\program files (x86)\Kristanix
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2012-03-06 19:16 87440 —-a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:40 120176 —ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-19 137536]
    "WebCallDirect"="c:\program files (x86)\WebCallDirect.com\WebCallDirect\webcalldirect.exe" [2012-03-30 17947528]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher –windows-run" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0AOQAzADgAMgA3ADkAMQA3ADMALQBEADMAOAAxAEwAKwA1AC0AVgBPAFAAOQArADEALQBEAEQAVAArADAALQBJADkAMAArADEA&prod=54&ver=9.0.914" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-04-19 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 10:44]
    .
    2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000Core.job
    - c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23]
    .
    2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000UA.job
    - c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:42 137584 —ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Zoek op het web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-PSP Video 9 - c:\users\5736z-453g32mnkk\Desktop\Video Converter App\uninstaller.exe
    AddRemove-SpeakyChat - c:\users\5736z-453g32mnkk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SpeakyChat\uninstall.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\progra~2\AD-AWA~1\AdAware.exe
    c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-04-20 17:41:12 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-04-20 15:41
    .
    Pre-Run: 248.126.357.504 bytes beschikbaar
    Post-Run: 247.735.386.112 bytes beschikbaar
    .
    - - End Of File - - 625625AE66A799F17CAD0C38B7F2B7FE


    moet ik nog andere stappen nemen of is mijn laptop nu weer clean en veilig?
















  • Hoi Demi, fijn dat je de mappen weer terug hebt.

    Nee jouw Windows is niet veilig.

    Dat komt mede doordat er twee antivirusprogramma's in Windows draaien.
    Daar is Avast niet blij mee en jouw Windows zal ook heel blij zijn als [b:5cf44cd8fe]Lavasoft AdAware[/b:5cf44cd8fe] verwijderd is.

    Dus doe dat dan ook via [b:5cf44cd8fe]Configuratiescherm\
  • beste Abraham dit is dan de log van emergency kit

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 4/21/2012 11:56:20 AM

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 4/21/2012 11:56:36 AM

    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Ontdekt: JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Ontdekt: Java.CVE!IK

    Gescand

    Bestanden: 176228
    Sporen: 407359
    Cookies: 873
    Processen: 67

    Gevonden

    Bestanden: 2
    Sporen: 0
    Cookies: 4
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 4/21/2012 1:29:42 PM
    Scantijd: 1:33:06

    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Verwijderd Java.CVE!IK
    C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Verwijderd JAVA.Agent!IK
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
    C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2

    Verwijderd

    Bestanden: 2
    Sporen: 0
    Cookies: 4


    groetjess
  • [b:9326e53b5b]Welk programma[/b:9326e53b5b]:
  • beste abraham,

    hierbij de volgende logs.

    OTL Extras logfile created on: 4/21/2012 2:57:42 PM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\5736z-453g32mnkk\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.60% Memory free
    5.86 Gb Paging File | 4.70 Gb Available in Paging File | 80.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.99 Gb Total Space | 230.49 Gb Free Space | 80.88% Space Free | Partition Type: NTFS

    Computer Name: 5736Z-453G32MNK | User Name: 5736z-453g32mnkk | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • Hallo Demi, ga naar [b:4003d2f3de]Configuratiescherm\

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.