Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

S.M.A.R.T. heeft mijn dokumenten en foto's laten verdwijnen.

Poon
32 antwoorden
  • Hallo
    Nadat het virus het kwaad had gedaan, heeft AVG hem wel herkend en uitgeschakeld.
    Daarna heb ik geprobeerd met Recuva de verdwenen zaken terug te krijgen.
    Recuva heeft ongelooflijk veel gevonden maar daar was niet veel bij dat waarde voor mij had.
    Hoe kan ik deze ellende voorkomen en kan er nog hersteld worden ?

    Bij voorbaat dank.
  • Je kan dit voorkomen door regelmatig backups te maken.

    bijvoorbeeld door je bestanden te kopieren naar een externe harddisk, die je alleen aansluit op het moment dat je de backups wilt maken.
  • Dank je wel Marc. Dat ga ik zeker doen.
    Het verbaasde me dat de virusscanner het virus meteen herkende nadat het had huisgehouden maar het eerst wel had doorgelaten.
    Hopelijk is het ook mogelijk een en ander terug te halen.
  • Ik heb met gecrashte schijven zeer goede ervaringen met Get Data Back.
    Of het in jouw geval ook zo goed werkt?
    Maak altijd een image vd schijf die je laat analyseren door recovery software….
    Een backup is idd wel erg handig ;) ….
  • Hallo Andre. Dank je voor dit advies.
    Het klinkt goed maar de schijf is niet gecrashed want de programmas werken nog en sommige hebben eigen data files die nog wel in takt zijn.
    Is "Get Data Back" speciaal voor gecrashte schijven of kan ik in dit geval ook gebruiken ?
  • Ze schrijven:
    http://www.runtime.org/data-recovery-software.htm
    [quote:a3d70d0518]GetDataBack will recover your data if the hard drive's partition table, boot record, FAT/MFT or root directory are lost or damaged, data was lost due to a [b:a3d70d0518]virus attack[/b:a3d70d0518], the drive was formatted, fdisk has been run, a power failure has caused a system crash, files were lost due to a software failure, files were accidentally deleted. GetDataBack can even recover your data when the drive is no longer recognized by Windows. It can likewise be used even if all directory information - not just the root directory- is missing. [/quote:a3d70d0518]

    Je kunt met de demo kijken wat je ziet (alleen niet alles terughalen met de demo, daarvoor moet je het complete programma voor hebben)
  • Hallo Abraham.
    Naar aanlijding van eerder behandelde gelijksoortige problemen heb ik de volgende logs verzameld.Zou je die willen bekijken en advies willen geven? Bij voorbaad dank.

    [hjt]
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:53:15, on 14-7-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    [b:61be0be955]Running processes:[/b:61be0be955]
    c:\windows\system32\[/color:61be0be955]smss.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]winlogon.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]services.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]lsass.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]ati2evxx.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]svchost.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]svchost.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]spoolsv.exe[/color:61be0be955]
    c:\program files\common files\apple\mobile device support\[/color:61be0be955]applemobiledeviceservice.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgwdsvc.exe[/color:61be0be955]
    c:\program files\bonjour\[/color:61be0be955]mdnsresponder.exe[/color:61be0be955]
    c:\program files\ahead\incd\[/color:61be0be955]incdsrv.exe[/color:61be0be955]
    c:\program files\java\jre6\bin\[/color:61be0be955]jqs.exe[/color:61be0be955]
    c:\program files\common files\lightscribe\[/color:61be0be955]lssrvc.exe[/color:61be0be955]
    c:\program files\malwarebytes' anti-malware\[/color:61be0be955]mbamservice.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgnsx.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]cnab4rpk.exe[/color:61be0be955]
    c:\documents and settings\all users\application data\soluto\update\[/color:61be0be955]solutoupdateservice.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgrsx.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgcsrvx.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]svchost.exe[/color:61be0be955]
    c:\program files\tomtom home 2\[/color:61be0be955]tomtomhomeservice.exe[/color:61be0be955]
    c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\[/color:61be0be955]toolbarupdater.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgidsagent.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]wscntfy.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]ati2evxx.exe[/color:61be0be955]
    c:\windows\[/color:61be0be955]explorer.exe[/color:61be0be955]
    c:\windows\[/color:61be0be955]agrsmmsg.exe[/color:61be0be955]
    c:\program files\ati technologies\ati control panel\[/color:61be0be955]atiptaxx.exe[/color:61be0be955]
    c:\program files\avg\avg2012\[/color:61be0be955]avgtray.exe[/color:61be0be955]
    c:\program files\avg secure search\[/color:61be0be955]vprot.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]wuauclt.exe[/color:61be0be955]
    c:\program files\quicktime\[/color:61be0be955]qttask.exe[/color:61be0be955]
    c:\program files\malwarebytes' anti-malware\[/color:61be0be955]mbamgui.exe[/color:61be0be955]
    c:\program files\microsoft activesync\[/color:61be0be955]wcescomm.exe[/color:61be0be955]
    c:\windows\system32\[/color:61be0be955]ctfmon.exe[/color:61be0be955]
    c:\program files\messenger\[/color:61be0be955]msmsgs.exe[/color:61be0be955]
    c:\program files\tomtom home 2\[/color:61be0be955]tomtomhomerunner.exe[/color:61be0be955]
    c:\documents and settings\compaq_eigenaar\bureaublad\[/color:61be0be955]hijackthis.exe[/color:61be0be955]

    r1 -[/color:61be0be955] hklm\software\microsoft\internet explorer\main[/color:61be0be955],default_page_url = [u:61be0be955][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u:61be0be955]
    r1 -[/color:61be0be955] hklm\software\microsoft\internet explorer\main[/color:61be0be955],default_search_url = [u:61be0be955][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:61be0be955]
    r1 -[/color:61be0be955] hklm\software\microsoft\internet explorer\main[/color:61be0be955],search bar = [u:61be0be955][noparse]http://ie.redirect.hp.com/svs
    dr?type=3&tp=iesearch&locale=nl_nl&c=q105&bd=presario&pf=desktop[/noparse][/u:61be0be955]
    r1 -[/color:61be0be955] hklm\software\microsoft\internet explorer\main[/color:61be0be955],search page = [u:61be0be955][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:61be0be955]
    r0 -[/color:61be0be955] hklm\software\microsoft\internet explorer\main[/color:61be0be955],start page = [u:61be0be955][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u:61be0be955]
    r1 -[/color:61be0be955] hkcu\software\microsoft\windows\currentversion\internet settings[/color:61be0be955],proxyoverride = *.local
    r0 -[/color:61be0be955] hkcu\software\microsoft\internet explorer\toolbar[/color:61be0be955],linksfoldername = koppelingen
    r3 -[/color:61be0be955] urlsearchhook[/color:61be0be955]: wiseconvert toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:61be0be955] - c:\program files\wiseconvert\[/color:61be0be955]prxtbwise.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3}[/color:61be0be955] - c:\program files\common files\adobe\acrobat\activex\[/color:61be0be955]acroiehelpershim.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: dgnwebie - {2843dac1-05ef-11d2-95ba-0060083493d6}[/color:61be0be955] - c:\program files\dragon systems
    aturallyspeaking\program\[/color:61be0be955]web_ie.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: avg do not track - {31332eef-cb9f-458f-afeb-d30e9a66b6ba}[/color:61be0be955] - c:\program files\avg\avg2012\[/color:61be0be955]avgdtiex.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}[/color:61be0be955] - c:\program files\avg\avg2012\[/color:61be0be955]avgssie.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: avg security toolbar - {95b7759c-8c7f-4bf1-b163-73684a933233}[/color:61be0be955] - c:\program files\avg secure search\11.1.0.7\[/color:61be0be955]avg secure search_toolbar.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7}[/color:61be0be955] - c:\program files\google\google toolbar\[/color:61be0be955]googletoolbar_32.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d}[/color:61be0be955] - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\[/color:61be0be955]swg.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: java™ plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9}[/color:61be0be955] - c:\program files\java\jre6\bin\[/color:61be0be955]jp2ssv.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c}[/color:61be0be955] - c:\program files\java\jre6\lib\deploy\jqs\ie\[/color:61be0be955]jqs_plugin.dll[/color:61be0be955]
    o2 -[/color:61be0be955] bho[/color:61be0be955]: wiseconvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:61be0be955] - c:\program files\wiseconvert\[/color:61be0be955]prxtbwise.dll[/color:61be0be955]
    o3 -[/color:61be0be955] toolbar[/color:61be0be955]: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88}[/color:61be0be955] - c:\program files\yahoo!\companion\installs\cpn\[/color:61be0be955]yt.dll[/color:61be0be955]
    o3 -[/color:61be0be955] toolbar[/color:61be0be955]: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829}[/color:61be0be955] - (no file)
    o3 -[/color:61be0be955] toolbar[/color:61be0be955]: avg security toolbar - {95b7759c-8c7f-4bf1-b163-73684a933233}[/color:61be0be955] - c:\program files\avg secure search\11.1.0.7\[/color:61be0be955]avg secure search_toolbar.dll[/color:61be0be955]
    o3 -[/color:61be0be955] toolbar[/color:61be0be955]: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f}[/color:61be0be955] - c:\program files\google\google toolbar\[/color:61be0be955]googletoolbar_32.dll[/color:61be0be955]
    o3 -[/color:61be0be955] toolbar[/color:61be0be955]: wiseconvert toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:61be0be955] - c:\program files\wiseconvert\[/color:61be0be955]prxtbwise.dll[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][recguard][/b:61be0be955] c:\windows\sminst\[/color:61be0be955]recguard.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][sispower][/b:61be0be955] rundll32.exe sispower.dll,modeagent
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][agrsmmsg][/b:61be0be955] agrsmmsg.exe
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][atipta][/b:61be0be955] c:\program files\ati technologies\ati control panel\[/color:61be0be955]atiptaxx.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][avg_tray][/b:61be0be955] c:\program files\avg\avg2012\[/color:61be0be955]avgtray.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][vprot][/b:61be0be955] c:\program files\avg secure search\[/color:61be0be955]vprot.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][apsdaemon][/b:61be0be955] c:\program files\common files\apple\apple application support\[/color:61be0be955]apsdaemon.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][roc_roc_dec12][/b:61be0be955] c:\program files\avg secure search\[/color:61be0be955]roc_roc_dec12.exe[/color:61be0be955] /prompt /cmpid=roc_dec12
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][adobe reader speed launcher][/b:61be0be955] c:\program files\adobe\reader 9.0\reader\[/color:61be0be955]reader_sl.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][adobe arm][/b:61be0be955] c:\program files\common files\adobe\arm\1.0\[/color:61be0be955]adobearm.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][quicktime task][/b:61be0be955] c:\program files\quicktime\[/color:61be0be955]qttask.exe[/color:61be0be955] -atboottime
    o4 -[/color:61be0be955] hklm\..\run[/color:61be0be955]: [b:61be0be955][malwarebytes' anti-malware][/b:61be0be955] c:\program files\malwarebytes' anti-malware\[/color:61be0be955]mbamgui.exe[/color:61be0be955] /starttray
    o4 -[/color:61be0be955] hkcu\..\run[/color:61be0be955]: [b:61be0be955][h/pc connection agent][/b:61be0be955] c:\program files\microsoft activesync\[/color:61be0be955]wcescomm.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hkcu\..\run[/color:61be0be955]: [b:61be0be955][ctfmon.exe][/b:61be0be955] c:\windows\system32\[/color:61be0be955]ctfmon.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hkcu\..\run[/color:61be0be955]: [b:61be0be955][swg][/b:61be0be955] c:\program files\google\googletoolbarnotifier\[/color:61be0be955]googletoolbarnotifier.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hkcu\..\run[/color:61be0be955]: [b:61be0be955][msmsgs][/b:61be0be955] c:\program files\messenger\[/color:61be0be955]msmsgs.exe[/color:61be0be955] /background
    o4 -[/color:61be0be955] hkcu\..\run[/color:61be0be955]: [b:61be0be955][tomtomhome.exe][/b:61be0be955] c:\program files\tomtom home 2\[/color:61be0be955]tomtomhomerunner.exe[/color:61be0be955]
    o4 -[/color:61be0be955] hkus\s-1-5-19\..\run[/color:61be0be955]: [b:61be0be955][ctfmon.exe][/b:61be0be955] c:\windows\system32\[/color:61be0be955]ctfmon.exe[/color:61be0be955] (user 'lokale service')
    o4 -[/color:61be0be955] hkus\s-1-5-19\..\runonce[/color:61be0be955]: [b:61be0be955][3dxassociatefileexts][/b:61be0be955] c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxviewer\[/color:61be0be955]register.exe[/color:61be0be955] "fileexts" (user 'lokale service')
    o4 -[/color:61be0be955] hkus\s-1-5-20\..\run[/color:61be0be955]: [b:61be0be955][ctfmon.exe][/b:61be0be955] c:\windows\system32\[/color:61be0be955]ctfmon.exe[/color:61be0be955] (user 'netwerkservice')
    o4 -[/color:61be0be955] hkus\s-1-5-20\..\runonce[/color:61be0be955]: [b:61be0be955][3dxassociatefileexts][/b:61be0be955] c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxviewer\[/color:61be0be955]register.exe[/color:61be0be955] "fileexts" (user 'netwerkservice')
    o4 -[/color:61be0be955] hkus\s-1-5-18\..\run[/color:61be0be955]: [b:61be0be955][swg][/b:61be0be955] c:\program files\google\googletoolbarnotifier\[/color:61be0be955]googletoolbarnotifier.exe[/color:61be0be955] (user 'system')
    o4 -[/color:61be0be955] hkus\s-1-5-18\..\runonce[/color:61be0be955]: [b:61be0be955][3dxassociatefileexts][/b:61be0be955] c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxviewer\[/color:61be0be955]register.exe[/color:61be0be955] "fileexts" (user 'system')
    o4 -[/color:61be0be955] hkus\.default\..\run[/color:61be0be955]: [b:61be0be955][swg][/b:61be0be955] c:\program files\google\googletoolbarnotifier\[/color:61be0be955]googletoolbarnotifier.exe[/color:61be0be955] (user 'default user')
    o4 -[/color:61be0be955] hkus\.default\..\runonce[/color:61be0be955]: [b:61be0be955][3dxassociatefileexts][/b:61be0be955] c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxviewer\[/color:61be0be955]register.exe[/color:61be0be955] "fileexts" (user 'default user')
    o4 -[/color:61be0be955] startup[/color:61be0be955]: autorunsdisabled
    o4 -[/color:61be0be955] startup[/color:61be0be955]: check for tws updates.lnk = c:\jts\[/color:61be0be955]wiseupdt.exe[/color:61be0be955]
    o4 -[/color:61be0be955] global startup[/color:61be0be955]: autorunsdisabled
    o4 -[/color:61be0be955] global startup[/color:61be0be955]: microsoft office.lnk = c:\program files\microsoft office\office10\[/color:61be0be955]osa.exe[/color:61be0be955]
    o6 -[/color:61be0be955] hkcu\software\policies\microsoft\internet explorer\restrictions present[/color:61be0be955]
    o8 -[/color:61be0be955] extra context menu item[/color:61be0be955]: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: (no name) - autorunsdisabled - (no file)
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: toevoegen aan mobiele favorieten - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f}[/color:61be0be955] - c:\program files\microsoft activesync\[/color:61be0be955]inetrepl.dll[/color:61be0be955]
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f}[/color:61be0be955] - c:\program files\microsoft activesync\[/color:61be0be955]inetrepl.dll[/color:61be0be955]
    o9 -[/color:61be0be955] extra 'tools' menuitem[/color:61be0be955]: toevoegen aan mobiele favorieten… - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f}[/color:61be0be955] - c:\program files\microsoft activesync\[/color:61be0be955]inetrepl.dll[/color:61be0be955]
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: avg do not track - {68bcffe1-a2da-4b40-9068-87ecbfc19d16}[/color:61be0be955] - c:\program files\avg\avg2012\[/color:61be0be955]avgdtiex.dll[/color:61be0be955]
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:61be0be955] - c:\windows
    etwork diagnostic\[/color:61be0be955]xpnetdiag.exe[/color:61be0be955]
    o9 -[/color:61be0be955] extra 'tools' menuitem[/color:61be0be955]: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:61be0be955] - c:\windows
    etwork diagnostic\[/color:61be0be955]xpnetdiag.exe[/color:61be0be955]
    o9 -[/color:61be0be955] extra button[/color:61be0be955]: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:61be0be955] - c:\program files\messenger\[/color:61be0be955]msmsgs.exe[/color:61be0be955]
    o9 -[/color:61be0be955] extra 'tools' menuitem[/color:61be0be955]: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:61be0be955] - c:\program files\messenger\[/color:61be0be955]msmsgs.exe[/color:61be0be955]
    o16 -[/color:61be0be955] dpf[/color:61be0be955]: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe}[/color:61be0be955] (jordanuploader class) - [u:61be0be955][noparse]http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab[/noparse][/u:61be0be955]
    o16 -[/color:61be0be955] dpf[/color:61be0be955]: {6e718d87-6909-4fce-92d4-edcb2f725727}[/color:61be0be955] (navigram control) - [u:61be0be955][noparse]http://www.navigram.com/engine/v911/navigram.cab[/noparse][/u:61be0be955]
    o16 -[/color:61be0be955] dpf[/color:61be0be955]: {6f15128c-e66a-490c-b848-5000b5abeeac}[/color:61be0be955] (hp download manager) - [u:61be0be955][noparse]https://h20436.www2.hp.com/ediags/dex/secure/hpdexaxo.cab[/noparse][/u:61be0be955]
    o16 -[/color:61be0be955] dpf[/color:61be0be955]: {b0a2c7fc-8666-44d6-a990-2fce3b933341}[/color:61be0be955] (ing bank autorisatiescherm) - [u:61be0be955][noparse]https://secure.ingbank.nl/download/digisign.cab[/noparse][/u:61be0be955]
    o16 -[/color:61be0be955] dpf[/color:61be0be955]: {d27cdb6e-ae6d-11cf-96b8-444553540000}[/color:61be0be955] (shockwave flash object) - [u:61be0be955][noparse]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/noparse][/u:61be0be955]
    o18 -[/color:61be0be955] protocol[/color:61be0be955]: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1}[/color:61be0be955] - c:\program files\avg\avg2012\[/color:61be0be955]avgpp.dll[/color:61be0be955]
    o18 -[/color:61be0be955] protocol[/color:61be0be955]: viprotocol - {b658800c-f66e-4ef3-ab85-6c0c227862a9}[/color:61be0be955] - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\[/color:61be0be955]viprotocol.dll[/color:61be0be955]
    o22 -[/color:61be0be955] sharedtaskscheduler[/color:61be0be955]: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1}[/color:61be0be955] - c:\windows\system32\[/color:61be0be955]browseui.dll[/color:61be0be955]
    o22 -[/color:61be0be955] sharedtaskscheduler[/color:61be0be955]: cache-daemon voor onderdeelcategorieën - {8c7461ef-2b13-11d2-be35-3078302c2030}[/color:61be0be955] - c:\windows\system32\[/color:61be0be955]browseui.dll[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\system32\macromed\flash\[/color:61be0be955]flashplayerupdateservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\[/color:61be0be955]applemobiledeviceservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: ati hotkey poller - ati technologies inc. - c:\windows\system32\[/color:61be0be955]ati2evxx.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: avgidsagent - avg technologies cz, s.r.o. - c:\program files\avg\avg2012\[/color:61be0be955]avgidsagent.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: avg watchdog (avgwd) - avg technologies cz, s.r.o. - c:\program files\avg\avg2012\[/color:61be0be955]avgwdsvc.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\[/color:61be0be955]mdnsresponder.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\[/color:61be0be955]googleupdate.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\[/color:61be0be955]googleupdate.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: google software updater (gusvc) - google - c:\program files\google\common\google updater\[/color:61be0be955]googleupdaterservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\[/color:61be0be955]idrivert.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: incd helper (incdsrv) - ahead software - c:\program files\ahead\incd\[/color:61be0be955]incdsrv.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\[/color:61be0be955]jqs.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: lightscribeservice direct disc labeling service (lightscribeservice) - unknown owner - c:\program files\common files\lightscribe\[/color:61be0be955]lssrvc.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: mbamservice - malwarebytes corporation - c:\program files\malwarebytes' anti-malware\[/color:61be0be955]mbamservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: soluto pcgenome core service (solutoservice) - unknown owner - c:\program files\soluto\[/color:61be0be955]solutoservice.exe[/color:61be0be955] (file missing)[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: soluto auto update service (solutoupdate) - soluto - c:\documents and settings\all users\application data\soluto\update\[/color:61be0be955]solutoupdateservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: tomtomhomeservice - tomtom - c:\program files\tomtom home 2\[/color:61be0be955]tomtomhomeservice.exe[/color:61be0be955]
    o23 -[/color:61be0be955] service[/color:61be0be955]: vtoolbarupdater11.1.0 - unknown owner - c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\[/color:61be0be955]toolbarupdater.exe[/color:61be0be955]
    o24 -[/color:61be0be955] desktop component 0[/color:61be0be955]: (no name) - (no file)

    end of file - 12542 bytes

    [/hjt]

    13:36:42.0375 0796 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    13:36:42.0500 0796 ============================================================
    13:36:42.0500 0796 Current date / time: 2012/07/12 13:36:42.0500
    13:36:42.0500 0796 SystemInfo:
    13:36:42.0500 0796
    13:36:42.0500 0796 OS Version: 5.1.2600 ServicePack: 3.0
    13:36:42.0500 0796 Product type: Workstation
    13:36:42.0500 0796 ComputerName: COMPAQ
    13:36:42.0500 0796 UserName: Compaq_Eigenaar
    13:36:42.0500 0796 Windows directory: C:\WINDOWS
    13:36:42.0500 0796 System windows directory: C:\WINDOWS
    13:36:42.0500 0796 Processor architecture: Intel x86
    13:36:42.0500 0796 Number of processors: 1
    13:36:42.0500 0796 Page size: 0x1000
    13:36:42.0500 0796 Boot type: Safe boot with network
    13:36:42.0500 0796 ============================================================
    13:36:46.0015 0796 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    13:36:46.0062 0796 ============================================================
    13:36:46.0062 0796 \Device\Harddisk0\DR0:
    13:36:46.0062 0796 MBR partitions:
    13:36:46.0062 0796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7995B1
    13:36:46.0062 0796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7995F0, BlocksNum 0x16D00910
    13:36:46.0062 0796 ============================================================
    13:36:46.0125 0796 C: <-> \Device\Harddisk0\DR0\Partition1
    13:36:46.0125 0796 D: <-> \Device\Harddisk0\DR0\Partition0
    13:36:46.0171 0796 ============================================================
    13:36:46.0171 0796 Initialize success
    13:36:46.0171 0796 ============================================================
    13:37:23.0156 0828 ============================================================
    13:37:23.0156 0828 Scan started
    13:37:23.0156 0828 Mode: Manual;
    13:37:23.0156 0828 ============================================================
    13:37:24.0578 0828 Abiosdsk - ok
    13:37:24.0609 0828 abp480n5 - ok
    13:37:24.0734 0828 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:37:24.0796 0828 ACPI - ok
    13:37:24.0859 0828 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:37:24.0859 0828 ACPIEC - ok
    13:37:25.0046 0828 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:37:25.0125 0828 AdobeFlashPlayerUpdateSvc - ok
    13:37:25.0140 0828 adpu160m - ok
    13:37:25.0234 0828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:37:25.0296 0828 aec - ok
    13:37:25.0375 0828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:37:25.0421 0828 AFD - ok
    13:37:25.0890 0828 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    13:37:26.0281 0828 AgereSoftModem - ok
    13:37:26.0671 0828 Aha154x - ok
    13:37:26.0703 0828 aic78u2 - ok
    13:37:26.0718 0828 aic78xx - ok
    13:37:27.0500 0828 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    13:37:28.0203 0828 ALCXWDM - ok
    13:37:28.0578 0828 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
    13:37:28.0640 0828 Alerter - ok
    13:37:28.0703 0828 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
    13:37:28.0718 0828 ALG - ok
    13:37:28.0781 0828 AliIde - ok
    13:37:28.0875 0828 AmdK7 (5e8eb512f516247e8c1b96a9dcab6c9c) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    13:37:28.0875 0828 AmdK7 - ok
    13:37:28.0937 0828 AmdK8 (0b621cf31d082983706c98bcfa474822) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    13:37:28.0953 0828 AmdK8 - ok
    13:37:28.0984 0828 amsint - ok
    13:37:29.0093 0828 AnyDVD (5685f8c51daba97b38e8f889a23a251b) C:\WINDOWS\system32\Drivers\AnyDVD.sys
    13:37:29.0125 0828 AnyDVD - ok
    13:37:29.0281 0828 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:37:29.0296 0828 Apple Mobile Device - ok
    13:37:29.0328 0828 AppMgmt - ok
    13:37:29.0390 0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    13:37:29.0421 0828 Arp1394 - ok
    13:37:29.0437 0828 asc - ok
    13:37:29.0453 0828 asc3350p - ok
    13:37:29.0484 0828 asc3550 - ok
    13:37:29.0671 0828 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:37:29.0687 0828 aspnet_state - ok
    13:37:29.0750 0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:37:29.0750 0828 AsyncMac - ok
    13:37:29.0828 0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:37:29.0828 0828 atapi - ok
    13:37:29.0843 0828 Atdisk - ok
    13:37:30.0031 0828 Ati HotKey Poller (af7f023aaf480d2ff3a824db0a1fa479) C:\WINDOWS\system32\Ati2evxx.exe
    13:37:30.0140 0828 Ati HotKey Poller - ok
    13:37:30.0453 0828 ati2mtag (5658b0f5c6bd9d77723b93398e48f0f3) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    13:37:30.0718 0828 ati2mtag - ok
    13:37:30.0781 0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:37:30.0796 0828 Atmarpc - ok
    13:37:30.0843 0828 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
    13:37:30.0859 0828 AudioSrv - ok
    13:37:30.0921 0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:37:30.0921 0828 audstub - ok
    13:37:32.0828 0828 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    13:37:34.0390 0828 AVGIDSAgent - ok
    13:37:34.0875 0828 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    13:37:34.0921 0828 AVGIDSDriver - ok
    13:37:34.0984 0828 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
    13:37:34.0984 0828 AVGIDSFilter - ok
    13:37:35.0046 0828 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    13:37:35.0062 0828 AVGIDSHX - ok
    13:37:35.0109 0828 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    13:37:35.0109 0828 AVGIDSShim - ok
    13:37:35.0250 0828 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    13:37:35.0328 0828 Avgldx86 - ok
    13:37:35.0359 0828 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    13:37:35.0375 0828 Avgmfx86 - ok
    13:37:35.0421 0828 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    13:37:35.0421 0828 Avgrkx86 - ok
    13:37:35.0562 0828 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    13:37:35.0578 0828 Avgtdix - ok
    13:37:35.0781 0828 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    13:37:35.0843 0828 avgwd - ok
    13:37:35.0921 0828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:37:35.0921 0828 Beep - ok
    13:37:36.0093 0828 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
    13:37:36.0421 0828 BITS - ok
    13:37:36.0671 0828 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
    13:37:36.0781 0828 Bonjour Service - ok
    13:37:36.0843 0828 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
    13:37:36.0859 0828 Browser - ok
    13:37:36.0906 0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:37:36.0921 0828 cbidf2k - ok
    13:37:36.0937 0828 cd20xrnt - ok
    13:37:37.0000 0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:37:37.0015 0828 Cdaudio - ok
    13:37:37.0078 0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:37:37.0093 0828 Cdfs - ok
    13:37:37.0125 0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:37:37.0156 0828 Cdrom - ok
    13:37:37.0171 0828 Changer - ok
    13:37:37.0203 0828 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
    13:37:37.0203 0828 CiSvc - ok
    13:37:37.0234 0828 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
    13:37:37.0250 0828 ClipSrv - ok
    13:37:37.0421 0828 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:37:37.0468 0828 clr_optimization_v2.0.50727_32 - ok
    13:37:37.0484 0828 CmdIde - ok
    13:37:37.0500 0828 COMSysApp - ok
    13:37:37.0546 0828 Cpqarray - ok
    13:37:37.0609 0828 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
    13:37:37.0625 0828 CryptSvc - ok
    13:37:37.0640 0828 dac2w2k - ok
    13:37:37.0671 0828 dac960nt - ok
    13:37:37.0843 0828 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    13:37:38.0000 0828 DcomLaunch - ok
    13:37:38.0093 0828 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
    13:37:38.0125 0828 Dhcp - ok
    13:37:38.0187 0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:37:38.0203 0828 Disk - ok
    13:37:38.0218 0828 dmadmin - ok
    13:37:38.0515 0828 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    13:37:38.0765 0828 dmboot - ok
    13:37:38.0859 0828 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    13:37:38.0906 0828 dmio - ok
    13:37:38.0968 0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:37:38.0968 0828 dmload - ok
    13:37:39.0046 0828 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
    13:37:39.0062 0828 dmserver - ok
    13:37:39.0125 0828 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    13:37:39.0140 0828 DMusic - ok
    13:37:39.0218 0828 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
    13:37:39.0218 0828 Dnscache - ok
    13:37:39.0359 0828 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
    13:37:39.0406 0828 Dot3svc - ok
    13:37:39.0421 0828 dpti2o - ok
    13:37:39.0484 0828 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:37:39.0484 0828 drmkaud - ok
    13:37:39.0531 0828 e.dentifier2 (30e8affed744ec4c79b4961f5fe10134) C:\WINDOWS\system32\DRIVERS\aabed2.sys
    13:37:39.0562 0828 e.dentifier2 - ok
    13:37:39.0640 0828 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
    13:37:39.0640 0828 EapHost - ok
    13:37:39.0718 0828 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    13:37:39.0750 0828 EL90XBC - ok
    13:37:39.0812 0828 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    13:37:39.0812 0828 ElbyCDIO - ok
    13:37:39.0875 0828 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
    13:37:39.0875 0828 ERSvc - ok
    13:37:39.0953 0828 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    13:37:39.0984 0828 Eventlog - ok
    13:37:40.0109 0828 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
    13:37:40.0187 0828 EventSystem - ok
    13:37:40.0265 0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:37:40.0312 0828 Fastfat - ok
    13:37:40.0406 0828 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    13:37:40.0453 0828 FastUserSwitchingCompatibility - ok
    13:37:40.0625 0828 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe
    13:37:40.0718 0828 Fax - ok
    13:37:40.0750 0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:37:40.0765 0828 Fdc - ok
    13:37:40.0828 0828 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    13:37:40.0843 0828 Fips - ok
    13:37:40.0890 0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:37:40.0890 0828 Flpydisk - ok
    13:37:40.0968 0828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:37:41.0015 0828 FltMgr - ok
    13:37:41.0156 0828 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:37:41.0171 0828 FontCache3.0.0.0 - ok
    13:37:41.0234 0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:37:41.0234 0828 Fs_Rec - ok
    13:37:41.0296 0828 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:37:41.0343 0828 Ftdisk - ok
    13:37:41.0375 0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:37:41.0375 0828 GEARAspiWDM - ok
    13:37:41.0437 0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:37:41.0453 0828 Gpc - ok
    13:37:41.0625 0828 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    13:37:41.0687 0828 gupdate - ok
    13:37:41.0734 0828 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    13:37:41.0734 0828 gupdatem - ok
    13:37:41.0875 0828 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    13:37:41.0937 0828 gusvc - ok
    13:37:42.0078 0828 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:37:42.0078 0828 helpsvc - ok
    13:37:42.0125 0828 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
    13:37:42.0140 0828 HidServ - ok
    13:37:42.0187 0828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:37:42.0203 0828 HidUsb - ok
    13:37:42.0281 0828 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
    13:37:42.0312 0828 hkmsvc - ok
    13:37:42.0328 0828 hpn - ok
    13:37:42.0484 0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:37:42.0578 0828 HTTP - ok
    13:37:42.0640 0828 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
    13:37:42.0640 0828 HTTPFilter - ok
    13:37:42.0671 0828 i2omgmt - ok
    13:37:42.0703 0828 i2omp - ok
    13:37:42.0765 0828 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:37:42.0781 0828 i8042prt - ok
    13:37:43.0078 0828 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    13:37:43.0328 0828 ialm - ok
    13:37:43.0531 0828 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    13:37:43.0562 0828 IDriverT - ok
    13:37:44.0031 0828 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:37:44.0328 0828 idsvc - ok
    13:37:44.0656 0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:37:44.0671 0828 Imapi - ok
    13:37:44.0796 0828 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
    13:37:44.0828 0828 ImapiService - ok
    13:37:44.0953 0828 InCDfs (6577f49cc833974fdc5f5f061fc85488) C:\WINDOWS\system32\drivers\InCDfs.sys
    13:37:44.0984 0828 InCDfs - ok
    13:37:45.0062 0828 InCDPass (5499f13bbccec1bd084d02b107c72740) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
    13:37:45.0062 0828 InCDPass - ok
    13:37:45.0093 0828 InCDrec (d7a79ea851e67d6c9eddf516aa23cb34) C:\WINDOWS\system32\drivers\InCDrec.sys
    13:37:45.0093 0828 InCDrec - ok
    13:37:45.0500 0828 InCDsrv (0c368487115e88477fb5eabbb563b3d4) C:\Program Files\Ahead\InCD\InCDsrv.exe
    13:37:45.0750 0828 InCDsrv - ok
    13:37:45.0765 0828 ini910u - ok
    13:37:45.0812 0828 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:37:45.0812 0828 IntelIde - ok
    13:37:45.0890 0828 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:37:45.0906 0828 intelppm - ok
    13:37:45.0953 0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:37:45.0968 0828 Ip6Fw - ok
    13:37:46.0031 0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:37:46.0046 0828 IpFilterDriver - ok
    13:37:46.0078 0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:37:46.0078 0828 IpInIp - ok
    13:37:46.0187 0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:37:46.0234 0828 IpNat - ok
    13:37:46.0296 0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:37:46.0312 0828 IPSec - ok
    13:37:46.0359 0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:37:46.0359 0828 IRENUM - ok
    13:37:46.0421 0828 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:37:46.0437 0828 isapnp - ok
    13:37:46.0500 0828 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    13:37:46.0500 0828 Iviaspi - ok
    13:37:46.0703 0828 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) C:\Program Files\Java\jre6\bin\jqs.exe
    13:37:46.0765 0828 JavaQuickStarterService - ok
    13:37:46.0843 0828 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:37:46.0843 0828 Kbdclass - ok
    13:37:46.0953 0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:37:47.0000 0828 kmixer - ok
    13:37:47.0093 0828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:37:47.0125 0828 KSecDD - ok
    13:37:47.0218 0828 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
    13:37:47.0250 0828 lanmanserver - ok
    13:37:47.0343 0828 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
    13:37:47.0421 0828 lanmanworkstation - ok
    13:37:47.0453 0828 lbrtfdc - ok
    13:37:47.0609 0828 LightScribeService (75f8fdf480dbed5358188e0eaa2020d9) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    13:37:47.0625 0828 LightScribeService - ok
    13:37:47.0671 0828 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
    13:37:47.0671 0828 LmHosts - ok
    13:37:47.0734 0828 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
    13:37:47.0750 0828 Messenger - ok
    13:37:47.0812 0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:37:47.0812 0828 mnmdd - ok
    13:37:47.0859 0828 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
    13:37:47.0875 0828 mnmsrvc - ok
    13:37:47.0906 0828 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    13:37:47.0921 0828 Modem - ok
    13:37:47.0968 0828 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:37:47.0968 0828 Mouclass - ok
    13:37:48.0015 0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:37:48.0031 0828 MountMgr - ok
    13:37:48.0062 0828 mraid35x - ok
    13:37:48.0140 0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:37:48.0203 0828 MRxDAV - ok
    13:37:48.0437 0828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:37:48.0578 0828 MRxSmb - ok
    13:37:48.0609 0828 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
    13:37:48.0625 0828 MSDTC - ok
    13:37:48.0656 0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    13:37:48.0671 0828 Msfs - ok
    13:37:48.0687 0828 MSIServer - ok
    13:37:48.0750 0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:37:48.0750 0828 MSKSSRV - ok
    13:37:48.0781 0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:37:48.0781 0828 MSPCLOCK - ok
    13:37:48.0812 0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    13:37:48.0812 0828 MSPQM - ok
    13:37:48.0843 0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:37:48.0859 0828 mssmbios - ok
    13:37:48.0921 0828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    13:37:48.0968 0828 Mup - ok
    13:37:49.0125 0828 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
    13:37:49.0218 0828 napagent - ok
    13:37:49.0312 0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    13:37:49.0375 0828 NDIS - ok
    13:37:49.0437 0828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    13:37:49.0437 0828 NdisTapi - ok
    13:37:49.0484 0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    13:37:49.0500 0828 Ndisuio - ok
    13:37:49.0546 0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    13:37:49.0578 0828 NdisWan - ok
    13:37:49.0640 0828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:37:49.0656 0828 NDProxy - ok
    13:37:49.0671 0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    13:37:49.0687 0828 NetBIOS - ok
    13:37:49.0796 0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    13:37:49.0859 0828 NetBT - ok
    13:37:49.0953 0828 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    13:37:49.0984 0828 NetDDE - ok
    13:37:50.0015 0828 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    13:37:50.0015 0828 NetDDEdsdm - ok
    13:37:50.0062 0828 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    13:37:50.0062 0828 Netlogon - ok
    13:37:50.0156 0828 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32
    etman.dll
    13:37:50.0203 0828 Netman - ok
    13:37:50.0406 0828 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:37:50.0453 0828 NetTcpPortSharing - ok
    13:37:50.0515 0828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    13:37:50.0531 0828 NIC1394 - ok
    13:37:50.0687 0828 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
    13:37:50.0750 0828 Nla - ok
    13:37:50.0796 0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    13:37:50.0796 0828 Npfs - ok
    13:37:51.0031 0828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:37:51.0203 0828 Ntfs - ok
    13:37:51.0250 0828 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    13:37:51.0250 0828 NtLmSsp - ok
    13:37:51.0421 0828 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32
    tmssvc.dll
    13:37:51.0578 0828 NtmsSvc - ok
    13:37:51.0640 0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    13:37:51.0640 0828 Null - ok
    13:37:51.0671 0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    13:37:51.0687 0828 NwlnkFlt - ok
    13:37:51.0718 0828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    13:37:51.0734 0828 NwlnkFwd - ok
    13:37:51.0781 0828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    13:37:51.0796 0828 ohci1394 - ok
    13:37:51.0875 0828 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    13:37:51.0890 0828 Parport - ok
    13:37:51.0921 0828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:37:51.0937 0828 PartMgr - ok
    13:37:51.0968 0828 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    13:37:51.0968 0828 ParVdm - ok
    13:37:52.0015 0828 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:37:52.0031 0828 PCI - ok
    13:37:52.0062 0828 PCIDump - ok
    13:37:52.0109 0828 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:37:52.0109 0828 PCIIde - ok
    13:37:52.0187 0828 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:37:52.0218 0828 Pcmcia - ok
    13:37:52.0296 0828 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    13:37:52.0312 0828 pcouffin - ok
    13:37:52.0343 0828 PDCOMP - ok
    13:37:52.0359 0828 PDFRAME - ok
    13:37:52.0390 0828 PDRELI - ok
    13:37:52.0406 0828 PDRFRAME - ok
    13:37:52.0437 0828 perc2 - ok
    13:37:52.0453 0828 perc2hib - ok
    13:37:52.0562 0828 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    13:37:52.0562 0828 Pfc - ok
    13:37:52.0640 0828 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    13:37:52.0640 0828 PlugPlay - ok
    13:37:52.0671 0828 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    13:37:52.0671 0828 PolicyAgent - ok
    13:37:52.0734 0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:37:52.0750 0828 PptpMiniport - ok
    13:37:52.0796 0828 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    13:37:52.0796 0828 Processor - ok
    13:37:52.0828 0828 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    13:37:52.0828 0828 ProtectedStorage - ok
    13:37:52.0906 0828 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
    13:37:52.0921 0828 Ps2 - ok
    13:37:52.0968 0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    13:37:53.0000 0828 PSched - ok
    13:37:53.0062 0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:37:53.0078 0828 Ptilink - ok
    13:37:53.0125 0828 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    13:37:53.0140 0828 PxHelp20 - ok
    13:37:53.0171 0828 ql1080 - ok
    13:37:53.0187 0828 Ql10wnt - ok
    13:37:53.0218 0828 ql12160 - ok
    13:37:53.0250 0828 ql1240 - ok
    13:37:53.0265 0828 ql1280 - ok
    13:37:53.0296 0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:37:53.0296 0828 RasAcd - ok
    13:37:53.0390 0828 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
    13:37:53.0421 0828 RasAuto - ok
    13:37:53.0468 0828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:37:53.0484 0828 Rasl2tp - ok
    13:37:53.0593 0828 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
    13:37:53.0656 0828 RasMan - ok
    13:37:53.0703 0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:37:53.0703 0828 RasPppoe - ok
    13:37:53.0750 0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:37:53.0781 0828 Raspti - ok
    13:37:53.0859 0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:37:53.0906 0828 Rdbss - ok
    13:37:53.0937 0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:37:53.0953 0828 RDPCDD - ok
    13:37:54.0062 0828 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:37:54.0109 0828 RDPWD - ok
    13:37:54.0234 0828 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
    13:37:54.0281 0828 RDSessMgr - ok
    13:37:54.0343 0828 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:37:54.0359 0828 redbook - ok
    13:37:54.0453 0828 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
    13:37:54.0468 0828 RemoteAccess - ok
    13:37:54.0531 0828 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
    13:37:54.0562 0828 RpcLocator - ok
    13:37:54.0734 0828 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    13:37:54.0734 0828 RpcSs - ok
    13:37:54.0843 0828 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
    13:37:54.0890 0828 RSVP - ok
    13:37:54.0953 0828 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    13:37:54.0953 0828 SamSs - ok
    13:37:55.0015 0828 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
    13:37:55.0046 0828 SCardSvr - ok
    13:37:55.0156 0828 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
    13:37:55.0218 0828 Schedule - ok
    13:37:55.0296 0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:37:55.0312 0828 Secdrv - ok
    13:37:55.0375 0828 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
    13:37:55.0390 0828 seclogon - ok
    13:37:55.0468 0828 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
    13:37:55.0484 0828 SENS - ok
    13:37:55.0515 0828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:37:55.0531 0828 serenum - ok
    13:37:55.0562 0828 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    13:37:55.0593 0828 Serial - ok
    13:37:55.0671 0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:37:55.0671 0828 Sfloppy - ok
    13:37:55.0796 0828 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
    13:37:55.0890 0828 SharedAccess - ok
    13:37:56.0000 0828 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    13:37:56.0000 0828 ShellHWDetection - ok
    13:37:56.0031 0828 Simbad - ok
    13:37:56.0187 0828 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    13:37:56.0250 0828 SiS315 - ok
    13:37:56.0312 0828 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    13:37:56.0328 0828 SISAGP - ok
    13:37:56.0375 0828 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    13:37:56.0390 0828 SiSkp - ok
    13:37:56.0453 0828 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
    13:37:56.0468 0828 SISNIC - ok
    13:37:56.0546 0828 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
    13:37:56.0562 0828 Soluto - ok
    13:37:56.0656 0828 SolutoService - ok
    13:37:56.0859 0828 SolutoUpdate (8f431ad1af1d2bb9b07cad7366ea5d23) C:\Documents and Settings\All Users\Application Data\Soluto\Update\SolutoUpdateService.exe
    13:37:56.0921 0828 SolutoUpdate - ok
    13:37:56.0937 0828 Sparrow - ok
    13:37:57.0000 0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    13:37:57.0000 0828 splitter - ok
    13:37:57.0062 0828 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    13:37:57.0093 0828 Spooler - ok
    13:37:57.0140 0828 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    13:37:57.0156 0828 sr - ok
    13:37:57.0250 0828 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
    13:37:57.0296 0828 srservice - ok
    13:37:57.0484 0828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:37:57.0593 0828 Srv - ok
    13:37:57.0656 0828 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
    13:37:57.0687 0828 SSDPSRV - ok
    13:37:57.0750 0828 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:
  • We beginnen met een speciaal schoonmaakprogramma: download AdwCleaner by Xplode naar het bureaublad.

    [list:3515ca434a][*:3515ca434a]Sluit alle openstaande vensters
    [*:3515ca434a]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
    [*:3515ca434a]Klik vervolgens op Delete
    [*:3515ca434a]Klik bij AdwCleaner – Information op OK
    [*:3515ca434a]Klik bij AdwCleaner – Restart Required op OK[/list:u:3515ca434a]

    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.
  • # AdwCleaner v1.703 - Logfile created 07/20/2012 at 11:40:19
    # Updated 20/07/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Compaq_Eigenaar - COMPAQ
    # Running from : C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : vToolbarUpdater11.1.0

    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Application Data\WiseConvert
    Folder Deleted : C:\Documents and Settings\a.vennix\Local Settings\Application Data\AVG Secure Search
    Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\avg@toolbar
    Folder Deleted : C:\Documents and Settings\Compaq_Eigenaar\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Compaq_Eigenaar\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\a.vennix\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Gast\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\WiseConvert
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

    ***** [Registry] *****

  • Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
  • Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\Smartbar
    Key Deleted : HKCU\Software\WiseConvert
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\WiseConvert
    Key Deleted : HKLM\SOFTWARE\Wise Solutions
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Registre - GUID] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={6F37E276-7DB0-4BDC-9328-0B38F376C57C}&mid=05b6852880cd1512e23baba4e7dc94f2-a6050b3b76a9952c51375af84edc028834efbd29&lang=nl&ds=AVG&pr=fr&d=2012-06-08 23:46:08&v=11.1.0.7&sap=nt –> hxxp://www.google.com

    *************************

    AdwCleaner[S1].txt - [7244 octets] - [20/07/2012 11:40:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [7372 octets] ##########
  • Mooi zo - hoe gaat het nu?
  • Hallo Abraham.
    De PC draait soepel maar mijn documenten en fotos krijg ik nog niet te zien.
  • Dan gaan we wat proberen: download [b:41c01089c2]Unhide.exe[/color:41c01089c2][/b:41c01089c2] naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.
    [list:41c01089c2]
    [*:41c01089c2] Dubbelklik op "[b:41c01089c2]Unhide.exe[/b:41c01089c2]" om de tool te starten.
    [*:41c01089c2] [b:41c01089c2]Let op!!![/color:41c01089c2][/b:41c01089c2] [i:41c01089c2]Windows Vista & 7 gebruikers dienen "[b:41c01089c2]Unhide.exe[/b:41c01089c2]" als administrator uit te voeren "[u:41c01089c2]Rechtermuisknop uitvoeren als administrator[/u:41c01089c2]",[/i:41c01089c2]
    [*:41c01089c2] Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
    [*:41c01089c2] Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "[b:41c01089c2]Your files should now be visible[/b:41c01089c2]"
    [list:41c01089c2]
    [*:41c01089c2][img:41c01089c2]http://www.imgdumper.nl/uploads4/4d9d78e7013bd/4d9d78e700801-unhide..jpg[/img:41c01089c2][/list:u:41c01089c2]
    [*:41c01089c2] Vermeld in uw volgende bericht of u deze melding heeft gekregen.[/list:u:41c01089c2]
  • Ahbraham ik was iets vergeten.
    Er komt een melding:
    "Associated Application not found.
    The WiseUpdate client could not locate an associated application to Update. Please make sure that this software is installed properly."

    Moet ik daar nog iets mee doen voordat ik je advies opvolg ?
  • Kijk in de Windows Software lijst, of daar iets van Wise tegenkomt.
    Dan gewoon verwijderen!
  • Hallo Abraham.
    Dank je wel. Het is heel fijn dat ik nu heel veel foto's en documenten terug heb.
    Tijdens het proces kwam een melding.
    "Windows Geen schijf.
    Exeption Processing Message C0000013
    Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c"

    met de keuzes, Doorgaan, Anuleren, Opnieuw.
    Na enkele keren Doorgaan te hebben aangeklikt ging het proces verder.

    Na afloop kwam een melding
    "Finished
    Your files should be visible.
    If you are still missing Start Menu Items, please temporarily disable your Antivirus or Secutity programs and try again in the event that they interfered with the restoral process. Once completed it is advised that you reboot your computer for all the settings to function properly.
    A logfile containing information about what actions Unhide performed can be found on your Windows Desktop."

    Veel foto's mogelijk alemaal, staan weer op hun plek
    Word documenten zijn terug. Er verscheen wel een melding "Bestandsconversie -~$gnwnlc,doc.

    Na opniew opstarten de melding Autoruns Disabled.
    SAM.exe
    Exif Launcher S
    Start 3DxWare.

    Ook de meldin dat Wise niet kan worden geupdate blijft komen.
    Een programma Wise is ook niet met de zoekfunctie van de verkenner te vinden.
    Waar kan ik op internet vinden wat dit allemaal voor programmas zijn ?

    Met vriendelijke groet.
    Poon.
  • Laten we wat proberen, want dat wise is niet echt lekker!

    Download AdwCleaner by Xplode naar het bureaublad.

    [list:874456005e][*:874456005e]Sluit alle openstaande vensters
    [*:874456005e]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
    [*:874456005e]Klik vervolgens op Delete
    [*:874456005e]Klik bij AdwCleaner – Information op OK
    [*:874456005e]Klik bij AdwCleaner – Restart Required op OK[/list:u:874456005e]

    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.
  • # AdwCleaner v1.703 - Logfile created 07/23/2012 at 18:50:06
    # Updated 20/07/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Compaq_Eigenaar - COMPAQ
    # Running from : C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Registre - GUID] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    *************************

    AdwCleaner[S1].txt - [7373 octets] - [20/07/2012 11:40:19]
    AdwCleaner[S2].txt - [624 octets] - [23/07/2012 18:50:06]

    ########## EOF - C:\AdwCleaner[S2].txt - [751 octets] ##########

    De eerste keer dat we AdwCleaner gebruikten was het resultaat veel uitgebreider lijkt me.
  • Je mag HijackThis opstarten (zonder log) en deze regel fixen:

    [b:aa9799a43d]o4 - startup: check for tws updates.lnk = c:\jts\wiseupdt.exe[/b:aa9799a43d]

    Het gros van Wise was al verwijderd door AdwCleaner in een vorige ronde.
  • Dat is gelukt, de melding betreffende Wise is weg.

    Wat moet ik doen met de AutorunsDisabled meldingen ?
  • Bedoel je die melding in HijackThis of krijg je dat op andere wijze door?
  • Beantwoord deze vraag

    Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.