Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Laptop erg traag

Abraham54
26 antwoorden
  • Mijn laptop is de laatste tijd erg traag, maar er ziz een vrij recente installatie van Windows 7 Home op (circa vier maanden).
    Zou iemand eens naar mijn Hijack log kunnen kijken of er wat verkeerd is? Bij voorbaat dank,

    Sjouke


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:41:41, on 05.08.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application
    usb3mon.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Sjouke Hoving\Desktop\Maintenance\HiJackThis204.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application
    usb3mon.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64
    vinit.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12389 bytes
  • Vertel eens: gebruik jij Eset soms met een fix?

    Download AdwCleaner by Xplode naar het bureaublad.

    [list:4902f102bb][*:4902f102bb]Sluit alle openstaande vensters
    [*:4902f102bb]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
    [*:4902f102bb]Klik vervolgens op Delete
    [*:4902f102bb]Klik bij AdwCleaner – Information op OK
    [*:4902f102bb]Klik bij AdwCleaner – Restart Required op OK[/list:u:4902f102bb]

    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.
  • Dank voor de hulp. Ik heb een licentie voor ESET ( al enkele jaren, hoezo?).
    Bijgaand is de log file van de AdwCleaner. Ik hoop, dat je er iets mee kunt.

    MfG, Sjouke

    # AdwCleaner v1.800 - Logfile created 08/05/2012 at 16:06:59
    # Updated 01/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Sjouke Hoving - SJOUKEHOVING-PC
    # Running from : C:\Users\Sjouke Hoving\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\boost_interprocess

    ***** [Registry] *****


    ***** [Registre - GUID] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v21.0.1180.60

    File : C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted : "description": "The fastest way to search the web.",

    *************************

    AdwCleaner[S1].txt - [896 octets] - [05/08/2012 16:06:59]

    ########## EOF - C:\AdwCleaner[S1].txt - [1023 octets] ##########
  • Er draait maar één service van Eset.
    Welke versie gebruik jij ervan?

    En doe het volgende:

    [b:5563103c52]Welk programma[/b:5563103c52]: [b:5563103c52]ComboFix[/b:5563103c52][/color:5563103c52]
    [b:5563103c52]Waarvoor/waarom[/b:5563103c52]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:5563103c52]Moeilijkheidsgraad[/b:5563103c52]: Lees alles eerst goed vanwege de voorbereidingsfase.
    [b:5563103c52]Downloadlokatie[/b:5563103c52]: Dit programma absoluut naar het bureaublad downloaden!
    [b:5563103c52]Download ComboFix via één van deze locaties[/b:5563103c52]:
    [list:5563103c52][*:5563103c52][b:5563103c52]Bleepingcomputer[/b:5563103c52]
    [*:5563103c52][b:5563103c52]ForoSpyware[/b:5563103c52]
    [*:5563103c52][b:5563103c52]Geekstogo[/b:5563103c52][/list:u:5563103c52]
    [b:5563103c52]Hier[/b:5563103c52] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:5563103c52]Hier[/color:5563103c52][/b:5563103c52] of [b:5563103c52]hier[/b:5563103c52][/color:5563103c52] kan je lezen hoe je dat doet.

    [b:5563103c52]Opmerkingen[/b:5563103c52]:
    [list:5563103c52][*:5563103c52][b:5563103c52]Voor alle duidelijkheid nogmaals[/b:5563103c52]: ComboFix dient vanaf het bureaublad gestart te worden.
    [*:5563103c52] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:5563103c52]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:5563103c52]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:5563103c52]
    [b:5563103c52]ComboFix is opgestart[/b:5563103c52]:
    [list:5563103c52][*:5563103c52]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:5563103c52]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:5563103c52]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:5563103c52]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:5563103c52]Post de inhoud van dit logbestand in je volgende bericht.
    [*:5563103c52]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:5563103c52]
    [b:5563103c52]Belangrijke opmerking[/b:5563103c52]:
    [list:5563103c52][*:5563103c52][b:5563103c52]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:5563103c52][/b:5563103c52]
    [*:5563103c52][b:5563103c52]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:5563103c52][/b:5563103c52]
    [*:5563103c52][b:5563103c52]Start dan de computer opnieuw op.[/color:5563103c52][/b:5563103c52][/list:u:5563103c52]
  • Dit is mijn ESET versie:

    [img:4e8ba10043]http://i15.photobucket.com/albums/a389/hovinsj1/th_ESET-1.jpg[/img:4e8ba10043]

    Hier is de log van de ComboFix:


    ComboFix 12-08-05.02 - Sjouke Hoving 06.08.2012 8:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.8086.5924 [GMT 2:00]
    ausgeführt von:: c:\users\Sjouke Hoving\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Sjouke Hoving\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-06 06:30 . 2012-08-06 06:30 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-06 06:30 . 2012-08-06 06:30 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\users\Sjouke Hoving\AppData\Roaming\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\programdata\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 06:09 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 18:38 . 2012-08-03 18:38 ——– d—–w- c:\program files\ESET
    2012-08-03 18:18 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50351CE-15C6-40F4-93B5-47C979D14B55}\mpengine.dll
    2012-07-10 17:20 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
    2012-07-10 17:13 . 2012-06-02 12:49 17807360 —-a-w- c:\windows\system32\mshtml.dll
    2012-07-10 17:13 . 2012-06-02 12:17 10924032 —-a-w- c:\windows\system32\ieframe.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-10 17:15 . 2012-03-23 18:26 59701280 —-a-w- c:\windows\system32\MRT.exe
    2012-06-26 21:21 . 2012-06-26 21:21 255352 —-a-w- c:\windows\SysWow64\awrdscdc.ax
    2012-06-18 05:20 . 2012-06-18 05:20 476936 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-06-18 05:20 . 2012-04-03 20:04 472840 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-21 17:24 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:24 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:24 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:24 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:24 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:24 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:24 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-21 17:24 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-21 17:24 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-05-31 10:25 . 2012-03-23 18:13 279656 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application
    usb3mon.exe" [2010-11-17 113288]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64
    vinit.dll
    .
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
    R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS
    vpciflt.sys [2010-12-24 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2010-12-23 378984]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-02-17 103936]
    S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-02-17 12800]
    S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-02-17 61440]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [2010-11-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS
    usb3xhc.sys [2010-11-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000Core.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000UA.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-31 4500128]
    "NVHotkey"="c:\windows\system32
    vHotkey.dll" [2010-12-23 312936]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-25 6611560]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-02-17 2364928]
    "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-02-17 2351104]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32
    vinitx.dll
    .
    ——- Zusätzlicher Suchlauf ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ch/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
    .
    .
    ——————— Gesperrte Registrierungsschluessel ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2012-08-06 08:32:32
    ComboFix-quarantined-files.txt 2012-08-06 06:32
    .
    Vor Suchlauf: 36'131'868'672 bytes free
    Nach Suchlauf: 35'839'565'824 bytes free
    .
    - - End Of File - - EC64FF1F664F105E6B7E0C6B20DB9B3A
  • De ESET versie is deze:

    http://i15.photobucket.com/albums/a389/hovinsj1/ESET.jpg

    Dank voor de hulp zover. Kun je bijzondere dingen vinden?
  • Hoe gaat het nu met jouw Windows?
    En het is misschien een goed idee Eset opnieuw te installeren (met administratorrechten via rechtsklik).

    Verrassend overigens dat jij een een Duitse Windows 7 gebruikt.
  • Bedankt voor de hulp. Ik heb het idee, dat het wel weer wat sneller draait. Ik heb ESET opnieuw geinstalleerd (alles is groen).

    Ik draai een engelstalige windows, maar omdat ik in Basel (CH) ben, staat de locatie op Swiss-German. Daarom zijn bepaalde zaken in het Duits aangegeven, denk ik.

    MfG, Sjouke
  • Aha en mooi zo; toch wil ik nog wat controleren:

    [b:c51f3ea643]Welk programma[/b:c51f3ea643]: [b:c51f3ea643]TDSSStarter .exe[/b:c51f3ea643][/color:c51f3ea643]
    [b:c51f3ea643]Waarvoor/waarom[/b:c51f3ea643]: Rootkitscanner
    [b:c51f3ea643]Moeilijkheidsgraad[/b:c51f3ea643]: geen
    Download [b:c51f3ea643]TDSSStarter [/b:c51f3ea643] naar het bureaublad.

    [b:c51f3ea643]"TDSSSStarter.exe" gebruiken[/b:c51f3ea643]:
    [list:c51f3ea643][*:c51f3ea643] [b:c51f3ea643]Sluit nu eerst alle nog openstaande programmavensters![/color:c51f3ea643][/b:c51f3ea643]
    [list:c51f3ea643][*:c51f3ea643][b:c51f3ea643]Windows 2000[/color:c51f3ea643][/b:c51f3ea643] en [b:c51f3ea643]Windows XP[/b:c51f3ea643][/color:c51f3ea643]: start "[b:c51f3ea643] TDSSStarter .exe[/b:c51f3ea643]" middels dubbelklikken er op .
    [*:c51f3ea643][b:c51f3ea643]Windows Vista[/b:c51f3ea643][/color:c51f3ea643] en [b:c51f3ea643]Windows 7[/b:c51f3ea643][/color:c51f3ea643]: start "[b:c51f3ea643] TDSSStarter .exe[/b:c51f3ea643]" middels rechtsklik en kies dan voor [b:c51f3ea643]Als Administrator uitvoeren[/b:c51f3ea643].[/list:u:c51f3ea643]
    [*:c51f3ea643]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:c51f3ea643]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:c51f3ea643]
  • Hier is de log inhoud (het is voor mij allemaal een beetje black box hoor, wat er allemaal getest wordt):


    11:49:51.0159 2304 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    11:49:51.0159 2304 ============================================================
    11:49:51.0159 2304 Current date / time: 2012/08/06 11:49:51.0159
    11:49:51.0159 2304 SystemInfo:
    11:49:51.0159 2304
    11:49:51.0159 2304 OS Version: 6.1.7601 ServicePack: 1.0
    11:49:51.0159 2304 Product type: Workstation
    11:49:51.0159 2304 ComputerName: SJOUKEHOVING-PC
    11:49:51.0159 2304 UserName: Sjouke Hoving
    11:49:51.0159 2304 Windows directory: C:\Windows
    11:49:51.0159 2304 System windows directory: C:\Windows
    11:49:51.0159 2304 Running under WOW64
    11:49:51.0159 2304 Processor architecture: Intel x64
    11:49:51.0159 2304 Number of processors: 4
    11:49:51.0159 2304 Page size: 0x1000
    11:49:51.0159 2304 Boot type: Normal boot
    11:49:51.0159 2304 ============================================================
    11:49:51.0674 2304 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:49:51.0690 2304 ============================================================
    11:49:51.0690 2304 \Device\Harddisk0\DR0:
    11:49:51.0690 2304 MBR partitions:
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
    11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x4B1F5000
    11:49:51.0690 2304 ============================================================
    11:49:51.0721 2304 C: <-> \Device\Harddisk0\DR0\Partition1
    11:49:51.0737 2304 D: <-> \Device\Harddisk0\DR0\Partition2
    11:49:51.0737 2304 ============================================================
    11:49:51.0737 2304 Initialize success
    11:49:51.0737 2304 ============================================================
    11:49:51.0830 1100 ============================================================
    11:49:51.0830 1100 Scan started
    11:49:51.0830 1100 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    11:49:51.0830 1100 ============================================================
    11:49:54.0217 1100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:49:54.0342 1100 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    11:49:54.0389 1100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:49:54.0420 1100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:49:54.0545 1100 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    11:49:54.0623 1100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:49:54.0716 1100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:49:54.0872 1100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:49:55.0028 1100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:49:55.0184 1100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:49:55.0356 1100 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    11:49:55.0449 1100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    11:49:55.0543 1100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:49:55.0637 1100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:49:55.0730 1100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:49:55.0808 1100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:49:55.0871 1100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:49:55.0964 1100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:49:56.0058 1100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:49:56.0167 1100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:49:56.0214 1100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:49:56.0292 1100 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
    11:49:56.0401 1100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:49:56.0526 1100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:49:56.0604 1100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    11:49:56.0729 1100 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:49:56.0807 1100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:49:56.0885 1100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:49:56.0947 1100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:49:57.0041 1100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:49:57.0134 1100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:49:57.0259 1100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:49:57.0368 1100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    11:49:57.0477 1100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:49:57.0587 1100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:49:57.0743 1100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:49:57.0805 1100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:49:57.0961 1100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    11:49:58.0304 1100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    11:49:58.0445 1100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:49:58.0647 1100 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    11:49:58.0694 1100 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:49:58.0694 1100 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
    11:49:58.0757 1100 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    11:49:58.0819 1100 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:49:58.0819 1100 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
    11:49:58.0881 1100 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    11:49:58.0913 1100 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:49:58.0913 1100 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
    11:49:58.0991 1100 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    11:49:59.0225 1100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:49:59.0365 1100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:49:59.0412 1100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:49:59.0490 1100 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    11:49:59.0646 1100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    11:49:59.0755 1100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:49:59.0817 1100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:49:59.0880 1100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:49:59.0927 1100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:49:59.0989 1100 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    11:50:00.0083 1100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:50:00.0176 1100 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    11:50:00.0285 1100 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    11:50:00.0426 1100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    11:50:00.0519 1100 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    11:50:00.0597 1100 btmaudio (8652c1572157bfa7e86ee41cb729eb46) C:\Windows\system32\drivers\btmaud.sys
    11:50:00.0691 1100 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
    11:50:00.0769 1100 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
    11:50:00.0894 1100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:50:01.0019 1100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:50:01.0128 1100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:50:01.0237 1100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:50:01.0346 1100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:50:01.0533 1100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:50:01.0674 1100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:50:01.0783 1100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:50:01.0861 1100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:50:01.0908 1100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:50:02.0017 1100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:50:02.0142 1100 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    11:50:02.0251 1100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:50:02.0282 1100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:50:02.0360 1100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:50:02.0438 1100 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    11:50:02.0563 1100 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    11:50:02.0688 1100 cyhid (8486e8160981ed6a4b796debbbd37d47) C:\Windows\system32\DRIVERS\cyhid.sys
    11:50:02.0766 1100 cykbfltrService (3ccf3355ad4888bba1d29d6d51a6c6df) C:\Windows\system32\DRIVERS\cykbfltr.sys
    11:50:02.0844 1100 cymfltrService (af1d103bdf6dad8e680f3a268e1d370f) C:\Windows\system32\DRIVERS\cymfltr.sys
    11:50:03.0015 1100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    11:50:03.0156 1100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    11:50:03.0281 1100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:50:03.0421 1100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    11:50:03.0530 1100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:50:03.0639 1100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:50:03.0702 1100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    11:50:03.0811 1100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    11:50:03.0998 1100 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    11:50:04.0123 1100 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    11:50:04.0217 1100 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    11:50:04.0373 1100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    11:50:04.0513 1100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:50:04.0685 1100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:50:04.0809 1100 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
    11:50:04.0872 1100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    11:50:07.0337 1100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:50:07.0680 1100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    11:50:07.0820 1100 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
    11:50:08.0507 1100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    11:50:08.0616 1100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    11:50:09.0224 1100 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    11:50:09.0723 1100 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    11:50:09.0848 1100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:50:10.0004 1100 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
    11:50:10.0082 1100 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
    11:50:10.0207 1100 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
    11:50:10.0254 1100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:50:10.0379 1100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    11:50:10.0956 1100 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    11:50:11.0268 1100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:50:11.0424 1100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:50:11.0549 1100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    11:50:11.0627 1100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:50:11.0720 1100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    11:50:11.0783 1100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    11:50:11.0845 1100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:50:11.0876 1100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:50:11.0954 1100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:50:12.0001 1100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:50:12.0110 1100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    11:50:12.0251 1100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:50:12.0297 1100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:50:12.0375 1100 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    11:50:12.0438 1100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:50:12.0500 1100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:50:12.0625 1100 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:50:12.0719 1100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    11:50:12.0890 1100 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:50:12.0953 1100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:50:13.0046 1100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    11:50:13.0155 1100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:50:13.0233 1100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:50:13.0343 1100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:50:13.0436 1100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:50:13.0530 1100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    11:50:13.0639 1100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:50:13.0701 1100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    11:50:13.0811 1100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    11:50:13.0904 1100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    11:50:14.0060 1100 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    11:50:14.0091 1100 hpqcxs08 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:50:14.0091 1100 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
    11:50:14.0123 1100 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    11:50:14.0138 1100 hpqddsvc ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:50:14.0138 1100 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
    11:50:14.0169 1100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:50:14.0263 1100 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    11:50:14.0325 1100 HPSLPSVC ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:50:14.0325 1100 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
    11:50:14.0388 1100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:50:14.0513 1100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:50:14.0575 1100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    11:50:14.0700 1100 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
    11:50:14.0778 1100 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    11:50:14.0871 1100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:50:15.0012 1100 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
    11:50:15.0137 1100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:50:15.0651 1100 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:50:16.0073 1100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:50:16.0166 1100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    11:50:16.0416 1100 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
    11:50:16.0634 1100 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:50:16.0775 1100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:50:16.0837 1100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:50:16.0915 1100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    11:50:17.0040 1100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:50:17.0211 1100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    11:50:17.0352 1100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:50:17.0414 1100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:50:17.0617 1100 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    11:50:17.0726 1100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:50:17.0804 1100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:50:17.0898 1100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:50:18.0038 1100 JMCR (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys
    11:50:18.0132 1100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:50:18.0179 1100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:50:18.0241 1100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:50:18.0288 1100 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    11:50:18.0350 1100 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    11:50:18.0413 1100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:50:18.0584 1100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    11:50:18.0740 1100 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
    11:50:18.0849 1100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    11:50:18.0974 1100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    11:50:19.0099 1100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:50:19.0239 1100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    11:50:19.0349 1100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    11:50:19.0473 1100 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    11:50:19.0536 1100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:50:19.0614 1100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:50:19.0676 1100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:50:19.0739 1100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:50:19.0785 1100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:50:19.0910 1100 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    11:50:19.0988 1100 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:50:20.0082 1100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    11:50:20.0160 1100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:50:20.0253 1100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:50:20.0331 1100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:50:20.0425 1100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:50:20.0534 1100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:50:20.0643 1100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:50:20.0737 1100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:50:20.0784 1100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:50:20.0877 1100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:50:20.0924 1100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:50:21.0002 1100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:50:21.0158 1100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    11:50:21.0314 1100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:50:21.0392 1100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:50:21.0470 1100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:50:21.0611 1100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:50:21.0704 1100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:50:21.0782 1100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:50:21.0845 1100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    11:50:21.0923 1100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:50:22.0001 1100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:50:22.0063 1100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:50:22.0110 1100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    11:50:22.0157 1100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:50:22.0235 1100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:50:22.0297 1100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:50:22.0391 1100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:50:22.0437 1100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:50:22.0484 1100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:50:22.0578 1100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:50:22.0625 1100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:50:22.0703 1100 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    11:50:22.0812 1100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    11:50:22.0968 1100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    11:50:23.0139 1100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    11:50:23.0233 1100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    11:50:23.0327 1100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    11:50:23.0405 1100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    11:50:23.0498 1100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    11:50:23.0639 1100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:50:23.0779 1100 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
    11:50:23.0795 1100 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:50:23.0795 1100 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    11:50:23.0841 1100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    11:50:23.0997 1100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    11:50:24.0107 1100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:50:24.0169 1100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32
    etman.dll
    11:50:24.0309 1100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32
    etprofm.dll
    11:50:24.0450 1100 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:50:24.0824 1100 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    11:50:25.0214 1100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    11:50:25.0339 1100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32
    lasvc.dll
    11:50:25.0479 1100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:50:25.0557 1100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32
    sisvc.dll
    11:50:25.0667 1100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    11:50:25.0807 1100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:50:26.0057 1100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:50:26.0197 1100 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS
    usb3hub.sys
    11:50:26.0259 1100 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS
    usb3xhc.sys
    11:50:26.0759 1100 nvlddmkm (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    11:50:26.0993 1100 nvpciflt (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS
    vpciflt.sys
    11:50:27.0055 1100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    11:50:27.0149 1100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    11:50:27.0258 1100 NVSvc (e0978d69d66403beb006bed61b27b883) C:\Windows\system32
    vvsvc.exe
    11:50:27.0461 1100 nvUpdatusService (dc49ec481397457aea7d094383c0e1b6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    11:50:27.0617 1100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    11:50:27.0695 1100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:50:27.0851 1100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:50:28.0147 1100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:50:28.0365 1100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:50:28.0490 1100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    11:50:28.0584 1100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:50:28.0677 1100 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    11:50:28.0771 1100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    11:50:28.0849 1100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:50:28.0943 1100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:50:29.0021 1100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:50:29.0083 1100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:50:29.0161 1100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:50:29.0379 1100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    11:50:29.0520 1100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    11:50:29.0723 1100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    11:50:29.0847 1100 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
    11:50:29.0879 1100 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245]
    11:50:29.0879 1100 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    11:50:29.0894 1100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    11:50:29.0988 1100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:50:30.0081 1100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    11:50:30.0222 1100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    11:50:30.0331 1100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:50:30.0440 1100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:50:30.0534 1100 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    11:50:30.0596 1100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:50:30.0674 1100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:50:30.0799 1100 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:50:30.0939 1100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:50:31.0173 1100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:50:31.0251 1100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    11:50:31.0329 1100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:50:31.0376 1100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:50:31.0470 1100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:50:31.0595 1100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    11:50:31.0704 1100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:50:31.0813 1100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    11:50:31.0907 1100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:50:32.0016 1100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:50:32.0141 1100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:50:32.0265 1100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:50:32.0343 1100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:50:32.0453 1100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:50:32.0531 1100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:50:32.0609 1100 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    11:50:32.0702 1100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:50:32.0858 1100 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    11:50:32.0952 1100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    11:50:33.0077 1100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    11:50:33.0186 1100 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    11:50:33.0451 1100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    11:50:33.0576 1100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    11:50:33.0669 1100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    11:50:33.0794 1100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:50:33.0919 1100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:50:33.0966 1100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:50:34.0059 1100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    11:50:34.0184 1100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:50:34.0340 1100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    11:50:34.0512 1100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:50:34.0574 1100 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    11:50:34.0621 1100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    11:50:34.0683 1100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:50:34.0777 1100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    11:50:34.0855 1100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    11:50:34.0949 1100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    11:50:34.0980 1100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:50:35.0058 1100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:50:35.0214 1100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:50:35.0276 1100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    11:50:35.0339 1100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    11:50:35.0385 1100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:50:35.0448 1100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:50:35.0510 1100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:50:35.0619 1100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    11:50:35.0760 1100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    11:50:35.0900 1100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:50:35.0978 1100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:50:36.0009 1100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:50:36.0087 1100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    11:50:36.0150 1100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:50:36.0228 1100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    11:50:36.0493 1100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    11:50:36.0758 1100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    11:50:36.0914 1100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:50:37.0023 1100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:50:37.0101 1100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:50:37.0179 1100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    11:50:37.0242 1100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    11:50:37.0304 1100 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    11:50:37.0413 1100 Stereo Service (39d9ca03cc9ff883f8e36d95e7bfd193) C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    11:50:37.0476 1100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:50:37.0569 1100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    11:50:37.0679 1100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:50:37.0772 1100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    11:50:37.0991 1100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    11:50:38.0178 1100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    11:50:38.0256 1100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    11:50:38.0365 1100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    11:50:38.0583 1100 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    11:50:38.0849 1100 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    11:50:38.0958 1100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:50:39.0067 1100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:50:39.0161 1100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    11:50:39.0254 1100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:50:39.0379 1100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:50:39.0457 1100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    11:50:39.0582 1100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    11:50:39.0660 1100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:50:39.0769 1100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    11:50:39.0878 1100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    11:50:40.0003 1100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:50:40.0112 1100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:50:40.0221 1100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:50:40.0331 1100 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    11:50:40.0424 1100 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    11:50:40.0487 1100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:50:40.0580 1100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:50:40.0721 1100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    11:50:40.0767 1100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:50:40.0861 1100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    11:50:40.0939 1100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:50:41.0173 1100 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    11:50:41.0329 1100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    11:50:41.0485 1100 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    11:50:41.0579 1100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:50:41.0672 1100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:50:41.0719 1100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    11:50:41.0781 1100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:50:41.0875 1100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:50:41.0937 1100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:50:42.0047 1100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:50:42.0125 1100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:50:42.0203 1100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:50:42.0249 1100 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    11:50:42.0327 1100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    11:50:42.0390 1100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:50:42.0421 1100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:50:42.0515 1100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    11:50:42.0639 1100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:50:42.0686 1100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:50:42.0842 1100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:50:42.0889 1100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:50:42.0951 1100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:50:43.0061 1100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:50:43.0170 1100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:50:43.0248 1100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:50:43.0419 1100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    11:50:43.0685 1100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:50:43.0778 1100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:50:43.0856 1100 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:50:43.0950 1100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    11:50:44.0059 1100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:50:44.0121 1100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:50:44.0231 1100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:50:44.0371 1100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    11:50:44.0558 1100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    11:50:44.0792 1100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    11:50:44.0886 1100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    11:50:44.0979 1100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    11:50:45.0042 1100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:50:45.0104 1100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:50:45.0198 1100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:50:45.0260 1100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:50:45.0323 1100 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
    11:50:45.0401 1100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    11:50:45.0510 1100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    11:50:45.0572 1100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    11:50:45.0650 1100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    11:50:45.0744 1100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:50:45.0822 1100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:50:45.0931 1100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    11:50:46.0118 1100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    11:50:46.0399 1100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:50:46.0539 1100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    11:50:46.0649 1100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:50:46.0758 1100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    11:50:46.0867 1100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    11:50:46.0945 1100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    11:50:46.0992 1100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:50:47.0085 1100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    11:50:47.0241 1100 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    11:50:47.0475 1100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:50:47.0600 1100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:50:47.0709 1100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    11:50:47.0772 1100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    11:50:47.0881 1100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:50:48.0209 1100 Boot (0x1200) (b08c413a16b5dc65d95d7606affc75bf) \Device\Harddisk0\DR0\Partition0
    11:50:48.0240 1100 Boot (0x1200) (37a5830ccc60e96035d3e9ef785a4b0b) \Device\Harddisk0\DR0\Partition1
    11:50:48.0255 1100 Boot (0x1200) (5d97023ea84ea2924761e39d9d77fa62) \Device\Harddisk0\DR0\Partition2
    11:50:48.0255 1100 ============================================================
    11:50:48.0255 1100 Scan finished
    11:50:48.0255 1100 ============================================================
    11:50:48.0817 2008 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Maak je geen zorgen, ik gebruik enkel legitieme tools en aan het einde ruimen we alles weer op.

    [b:917707e756]Welk programma[/b:917707e756]: [b:917707e756]Emsisoft Emergency Kit 1.0[/b:917707e756][/color:917707e756]
    [b:917707e756]Waarvoor/waarom[/b:917707e756]: Detecteert en verwijdert malware
    [b:917707e756]Moeilijkheidsgraad[/b:917707e756]: geen.
    Download: [b:917707e756]Emsisoft Emergency Kit[/color:917707e756][/b:917707e756]

    [b:917707e756]Opmerkingen[/b:917707e756]:[list:917707e756][*:917707e756]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:917707e756]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:917707e756]

    [b:917707e756]Emsisoft Emergency Kit opstarten[/b:917707e756] door de map "[b:917707e756]EmsisoftEmergencyKit[/b:917707e756]" te openen
    [list:917707e756][list:917707e756][*:917707e756][b:917707e756]Windows 2000[/color:917707e756][/b:917707e756] en [b:917707e756]Windows XP[/b:917707e756][/color:917707e756]: dubbelklik op "Start.exe".
    [*:917707e756][b:917707e756]Windows Vista[/b:917707e756][/color:917707e756] en [b:917707e756]Windows 7[/b:917707e756][/color:917707e756]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:917707e756][/list:u:917707e756]

    [b:917707e756]Scannen[/b:917707e756]:
    [list:917707e756][*:917707e756] Klik nu in het keuzescherm op "[b:917707e756]Emergency Kit Scanner[/b:917707e756]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:917707e756]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:917707e756]


    [*:917707e756]Doe dit dan ook door te klikken op "[b:917707e756]Ja[/b:917707e756]"
    [*:917707e756]Wanneer het updaten gereed is volgt de melding "[b:917707e756]Update proces is succesvol afgerond[/b:917707e756]"
    [*:917707e756]Klik nu op"[b:917707e756]Menu[/b:917707e756]" en dan op "[b:917707e756]Scan PC[/b:917707e756]"
    [*:917707e756] Selecteer de optie "[b:917707e756]Diep[/b:917707e756]" als deze niet standaard al zo is ingesteld.
    [*:917707e756] Klik aansluitend op de knop "[b:917707e756]Scan[/b:917707e756]"
    [list:917707e756][*:917707e756]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:917707e756]
    [*:917707e756] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.


    [*:917707e756] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:917707e756]Verwijder geselecteerde[/b:917707e756]" - dan zal de volgende melding komen:

    [img:917707e756]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:917707e756]


    [*:917707e756]Klik aansluitend dus op "[b:917707e756]Ja[/b:917707e756]"
    [*:917707e756] Wanneer het verwijderen klaar is, klik dan op de knop "[b:917707e756]View report[/b:917707e756]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:917707e756]a2scan_110730-111615.txt[/b:917707e756]
    [*:917707e756] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:917707e756]
    [b:917707e756]Notabene:[/b:917707e756][/color:917707e756] Herstart nu de computer.
  • Hier is de log. Niet alle files konden verwijderd worden…


    Emsisoft Emergency Kit - Versie 2.0
    Laatste Update: 06.08.2012 18:19:35

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
    Scan archieven: Aan
    ADS Scan: Aan

    Scan gestart: 06.08.2012 18:21:31

    c:\program files (x86)\ares\data Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\osthemes Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\chatconf.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\chanlistfilter.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\blocked.txt.sample Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\buttonsbitmap.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\chat.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\emotic.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\libbig.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\logo.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\mimesmall.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\mshareset.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\prefs.txt Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\searchpnl.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\searchstars.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\tabssmall.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\gui\general\transfer.bmp Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\homepage.url Ontdekt: Trace.File.ares!E1
    c:\program files (x86)\ares\data\p2pfilter.txt Ontdekt: Trace.File.ares!E1
    Value: hkey_classes_root\arlnk –> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_current_user\software\ares\columns\transfers –> download Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> queue Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> upload Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_current_user\software\ares\positions\transfers –> download Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> queue Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> upload Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> extra.showactivecaption Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\bounds –> main.maximized Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.hookbittorrentext Ontdekt: Trace.Registry.ares!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.autostartup Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\data –> ji.aresnet1 Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.language Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.lastlibrarymode Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastpmbrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastchatroombrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> hashing.priority Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.msnsongnotif Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> personal.guid Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previousm3uapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> network.dhtid Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastsearch Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.awaymessage Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cavgtime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.allowbrowse Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastlibrary Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previouswaxapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cdnspeed Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cfrtime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cttuptime Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cupspeed Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.haslqca Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> transfer.serverport Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaqueryint Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayname Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayversion Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> publisher Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> torrents.previousapp Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlinfoabout Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> uninstallstring Ontdekt: Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaquery Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlupdateinfo Ontdekt: Trace.Registry.ares!E1

    Gescand 726862
    Gevonden 66

    Scan geëindigd: 06.08.2012 19:26:12
    Scantijd: 1:04:41

    Value: hkey_current_user\software\ares\columns\transfers –> download Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> queue Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\columns\transfers –> upload Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> download Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> queue Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\positions\transfers –> upload Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> extra.showactivecaption Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\bounds –> main.maximized Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.hookbittorrentext Verwijderd Trace.Registry.ares!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.autostartup Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares\data –> ji.aresnet1 Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.language Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.lastlibrarymode Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastpmbrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastchatroombrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> hashing.priority Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> general.msnsongnotif Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> personal.guid Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previousm3uapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> network.dhtid Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastsearch Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.awaymessage Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cavgtime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> privatemessage.allowbrowse Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> gui.lastlibrary Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> playlist.previouswaxapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cdnspeed Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cfrtime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cttuptime Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.cupspeed Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.haslqca Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> transfer.serverport Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaqueryint Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayname Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> displayversion Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> publisher Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> torrents.previousapp Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlinfoabout Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> uninstallstring Verwijderd Trace.Registry.ares!E1
    Value: hkey_current_user\software\ares –> stats.lstcaquery Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares –> urlupdateinfo Verwijderd Trace.Registry.ares!E1
    Value: hkey_classes_root\arlnk –> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1
    c:\program files (x86)\ares\data Verwijderd Trace.File.ares!E1

    Verwijderd 46
  • Had je mogelijk toch programma- dan wel webvensters openstaan tijdens de scan?
  • Nee, ik had alles precies zo gedaan als beschreven in de instrukties.

    Ziet het er nu goed uit?

    MvG, Sjouke
  • Hallo Sjouke, helemaal tevreden ben ik nog niet.

    [b:cf0e646bfa]Welk programma[/b:cf0e646bfa]: [b:cf0e646bfa]Malwarebytes MBAM[/b:cf0e646bfa][/color:cf0e646bfa]
    [b:cf0e646bfa]Waarvoor/waarom[/b:cf0e646bfa]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:cf0e646bfa]Moeilijkheidsgraad[/b:cf0e646bfa]: geen.

    [b:cf0e646bfa]Download Malwarebytes MBAM via één van deze locaties[/b:cf0e646bfa]:
    [list:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa]Softpedia.com[/b:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa]Majorgeeks.com[/b:cf0e646bfa][/list:u:cf0e646bfa]
    [b:cf0e646bfa]Allereerst[/b:cf0e646bfa]:[list:cf0e646bfa][*:cf0e646bfa] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:cf0e646bfa] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:cf0e646bfa]
    [b:cf0e646bfa]Malwarebytes MBAM opstarten[/b:cf0e646bfa]:
    [list:cf0e646bfa][*:cf0e646bfa] [b:cf0e646bfa]Sluit nu eerst alle nog openstaande programmavensters![/color:cf0e646bfa][/b:cf0e646bfa]
    [list:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa]Windows 2000[/color:cf0e646bfa][/b:cf0e646bfa] en [b:cf0e646bfa]Windows XP[/b:cf0e646bfa][/color:cf0e646bfa]: dubbelklik op de MBAM -snelkoppeling.
    [*:cf0e646bfa][b:cf0e646bfa]Windows Vista[/b:cf0e646bfa][/color:cf0e646bfa] en [b:cf0e646bfa]Windows 7[/b:cf0e646bfa][/color:cf0e646bfa]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:cf0e646bfa][/list:u:cf0e646bfa]
    [list:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa]Let op:[/b:cf0e646bfa]
    [list:cf0e646bfa][*:cf0e646bfa]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:cf0e646bfa]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken.
    [*:cf0e646bfa]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen.
    [*:cf0e646bfa]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:cf0e646bfa]
    [img:cf0e646bfa]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:cf0e646bfa]

    [*:cf0e646bfa][b:cf0e646bfa]Doe ook nog het volgende:[/b:cf0e646bfa]
    [list:cf0e646bfa][*:cf0e646bfa]Zodra het programma gestart is, ga dan naar het tabblad "[b:cf0e646bfa]Instellingen[/b:cf0e646bfa]".
    [*:cf0e646bfa]Vink hier aan: "[b:cf0e646bfa]Sluit Internet Explorer tijdens verwijdering van malware[/b:cf0e646bfa]".[/list:u:cf0e646bfa][/list:u:cf0e646bfa]

    [b:cf0e646bfa]Scannen[/b:cf0e646bfa]:
    [list:cf0e646bfa][*:cf0e646bfa] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:cf0e646bfa]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:cf0e646bfa]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:cf0e646bfa]
    [b:cf0e646bfa]Infecties gevonden[/b:cf0e646bfa]:
    [list:cf0e646bfa][*:cf0e646bfa]Klik nu eerst op OK om de melding weg te klikken
    [*:cf0e646bfa]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:cf0e646bfa]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:cf0e646bfa]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:cf0e646bfa]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:cf0e646bfa]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:cf0e646bfa]
    [b:cf0e646bfa]MBAM-Log[/b:cf0e646bfa]:
    [list:cf0e646bfa][*:cf0e646bfa] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:cf0e646bfa]
    [b:cf0e646bfa]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:cf0e646bfa][/color:cf0e646bfa]
  • En hier is het logje:


    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.07.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sjouke Hoving :: SJOUKEHOVING-PC [administrator]

    Realtime bescherming: Ingeschakeld

    07.08.2012 23:43:59
    mbam-log-2012-08-07 (23-43-59).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 433369
    Verstreken tijd: 49 minuut/minuten, 7 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Nog een scan te doen:

    [b:3b177b22c5]Welk programma[/b:3b177b22c5]: [b:3b177b22c5]ComboFix[/b:3b177b22c5][/color:3b177b22c5]
    [b:3b177b22c5]Waarvoor/waarom[/b:3b177b22c5]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:3b177b22c5]Moeilijkheidsgraad[/b:3b177b22c5]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:3b177b22c5]Downloadlokatie[/b:3b177b22c5]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3b177b22c5]Download ComboFix via één van deze locaties[/b:3b177b22c5]:
    [list:3b177b22c5][*:3b177b22c5][b:3b177b22c5]Bleepingcomputer[/b:3b177b22c5]
    [*:3b177b22c5][b:3b177b22c5]ForoSpyware[/b:3b177b22c5]
    [*:3b177b22c5][b:3b177b22c5]Geekstogo[/b:3b177b22c5][/list:u:3b177b22c5]
    [b:3b177b22c5]Hier[/color:3b177b22c5][/b:3b177b22c5] zie je hoe je ComboFix

    moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:3b177b22c5]Hier[/color:3b177b22c5][/b:3b177b22c5] en [url=http://www.hijackthis.nl/forum/viewtopic.php?

    f=86&t=32607][b:3b177b22c5]hier[/color:3b177b22c5][/b:3b177b22c5] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:3b177b22c5]Opmerkingen[/b:3b177b22c5]:
    [list:3b177b22c5][*:3b177b22c5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:3b177b22c5]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3b177b22c5]
    [b:3b177b22c5]ComboFix opstarten[/b:3b177b22c5]:
    [list:3b177b22c5][*:3b177b22c5][b:3b177b22c5]Windows 2000[/color:3b177b22c5][/b:3b177b22c5] en [b:3b177b22c5]Windows XP[/b:3b177b22c5][/color:3b177b22c5]: dubbelklik op ComboFix.exe.
    [*:3b177b22c5][b:3b177b22c5]Windows Vista[/b:3b177b22c5][/color:3b177b22c5] en [b:3b177b22c5]Windows 7[/b:3b177b22c5][/color:3b177b22c5]: via rechtsklik op ComboFix.exe en kies voor "Als

    Administrator uitvoeren".[/list:u:3b177b22c5]
    [b:3b177b22c5]ComboFix is opgestart[/b:3b177b22c5]:
    [list:3b177b22c5][*:3b177b22c5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:3b177b22c5]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:3b177b22c5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:3b177b22c5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:3b177b22c5]Post de inhoud van dit logbestand in je volgende bericht.
    [*:3b177b22c5]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3b177b22c5]
    [b:3b177b22c5]Belangrijke opmerking[/b:3b177b22c5]:
    [list:3b177b22c5][*:3b177b22c5][b:3b177b22c5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3b177b22c5][/b:3b177b22c5]
    [*:3b177b22c5][b:3b177b22c5]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:3b177b22c5][/b:3b177b22c5]
    [*:3b177b22c5][b:3b177b22c5]Start dan de computer opnieuw op.[/color:3b177b22c5][/b:3b177b22c5][/list:u:3b177b22c5]
  • Combofix heeft toch al een keer gedraaid???

    MvG, Sjouke
  • Desalniettemin het nogmaals doen!
  • Een beetje verlaat, maar hier is het logje:


    ComboFix 12-08-05.02 - Sjouke Hoving 09.08.2012 20:41:22.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.8086.6253 [GMT 2:00]
    ausgeführt von:: c:\users\Sjouke Hoving\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-07-09 bis 2012-08-09 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-09 18:44 . 2012-08-09 18:44 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-09 18:44 . 2012-08-09 18:44 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-08-07 15:52 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1736563D-BA0E-46B4-BDE4-FE0FC6EB21D2}\mpengine.dll
    2012-08-06 09:49 . 2012-08-06 09:50 ——– d—–w- C:\TDSSStarter
    2012-08-06 08:25 . 2012-08-06 08:25 ——– d—–w- c:\program files\ESET
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\users\Sjouke Hoving\AppData\Roaming\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\programdata\Malwarebytes
    2012-08-05 06:09 . 2012-08-05 06:09 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 06:09 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-10 17:15 . 2012-03-23 18:26 59701280 —-a-w- c:\windows\system32\MRT.exe
    2012-06-26 21:21 . 2012-06-26 21:21 255352 —-a-w- c:\windows\SysWow64\awrdscdc.ax
    2012-06-18 05:20 . 2012-06-18 05:20 476936 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-06-18 05:20 . 2012-04-03 20:04 472840 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-12 03:08 . 2012-07-10 17:20 3148800 —-a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-10 17:12 14172672 —-a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-10 17:12 2004480 —-a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-10 17:12 1881600 —-a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-10 17:12 1133568 —-a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-10 17:12 1390080 —-a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 17:12 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 17:12 805376 —-a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 17:24 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:24 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:24 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:24 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:24 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:24 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:24 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-21 17:24 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-21 17:24 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-06-02 12:49 . 2012-07-10 17:13 17807360 —-a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-10 17:13 10924032 —-a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-10 17:14 2311680 —-a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-10 17:14 1346048 —-a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-10 17:14 1392128 —-a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-10 17:14 1494528 —-a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-10 17:14 237056 —-a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-10 17:14 85504 —-a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-10 17:14 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-10 17:14 818688 —-a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-10 17:14 2144768 —-a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-10 17:14 96768 —-a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-10 17:14 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-10 17:14 248320 —-a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-10 17:14 1800192 —-a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-10 17:14 1129472 —-a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-10 17:14 1427968 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-10 17:14 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-10 17:14 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-10 17:12 458704 —-a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-10 17:12 151920 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:48 . 2012-07-10 17:12 95600 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:45 . 2012-07-10 17:12 340992 —-a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-10 17:12 307200 —-a-w- c:\windows\system32
    crypt.dll
    2012-06-02 04:40 . 2012-07-10 17:12 22016 —-a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-10 17:12 225280 —-a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-10 17:12 219136 —-a-w- c:\windows\SysWow64
    crypt.dll
    2012-06-02 04:34 . 2012-07-10 17:12 96768 —-a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-31 10:25 . 2012-03-23 18:13 279656 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-06_06.30.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-24 17:44 . 2012-08-09 18:21 30433 c:\windows\SysWOW64\config\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam\scdns.bin
    + 2012-03-23 17:28 . 2012-08-08 05:11 40438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-08 05:11 29332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:30 . 2012-08-03 18:38 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-08-06 08:25 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2012-03-23 17:02 . 2012-08-05 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-23 17:02 . 2012-08-07 04:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-23 17:02 . 2012-08-05 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-23 17:02 . 2012-08-07 04:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-05 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-07 04:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-06 08:25 . 2012-08-06 08:25 10134 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\callmsi.exe
    - 2012-08-03 18:38 . 2012-08-03 18:38 10134 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\callmsi.exe
    + 2012-03-23 17:13 . 2012-08-08 05:11 8930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2310585955-207485757-2205469552-1000_UserData.bin
    - 2012-03-23 17:01 . 2012-08-05 14:07 1557 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-03-23 17:01 . 2012-08-08 05:01 1557 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-08-08 05:02 . 2012-08-08 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-05 14:08 . 2012-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-05 14:08 . 2012-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-08 05:02 . 2012-08-08 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-24 12:51 . 2012-08-09 18:19 298042 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 02:36 . 2012-08-05 14:12 616008 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-08 05:06 616008 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-08 05:06 106388 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-08-05 14:12 106388 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:30 . 2012-08-06 08:25 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-08-03 18:38 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-08-03 18:38 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2012-08-06 08:25 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:01 . 2012-08-05 14:07 389376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-08 05:01 389376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-08-03 18:38 . 2012-08-03 18:38 105624 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\egui.exe
    + 2012-08-06 08:25 . 2012-08-06 08:25 105624 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\egui.exe
    + 2012-03-23 19:30 . 2012-08-07 05:32 3523200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310585955-207485757-2205469552-1000-8192.dat
    - 2012-03-23 19:30 . 2012-08-05 14:07 3523200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310585955-207485757-2205469552-1000-8192.dat
    + 2012-08-06 08:09 . 2012-08-06 08:09 62664192 c:\windows\Installer\23249.msi
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application
    usb3mon.exe" [2010-11-17 113288]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64
    vinit.dll
    .
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
    R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS
    vpciflt.sys [2010-12-24 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Sjouke Hoving\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-08-06 23208]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2010-12-23 378984]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-02-17 103936]
    S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-02-17 12800]
    S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-02-17 61440]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [2010-11-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS
    usb3xhc.sys [2010-11-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000Core.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000UA.job
    - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 —-a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
    "NVHotkey"="c:\windows\system32
    vHotkey.dll" [2010-12-23 312936]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-25 6611560]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-02-17 2364928]
    "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-02-17 2351104]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32
    vinitx.dll
    .
    ——- Zusätzlicher Suchlauf ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ch/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
    .
    .
    ——————— Gesperrte Registrierungsschluessel ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2012-08-09 20:45:30
    ComboFix-quarantined-files.txt 2012-08-09 18:45
    .
    Vor Suchlauf: 35'516'620'800 bytes free
    Nach Suchlauf: 35'316'162'560 bytes free
    .
    - - End Of File - - 24E349882ED0E135C849EC87F509C700

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.