Vraag & Antwoord

Beveiliging & privacy

Laptop erg traag

26 antwoorden
  • Mijn laptop is de laatste tijd erg traag, maar er ziz een vrij recente installatie van Windows 7 Home op (circa vier maanden). Zou iemand eens naar mijn Hijack log kunnen kijken of er wat verkeerd is? Bij voorbaat dank, Sjouke Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:41:41, on 05.08.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sjouke Hoving\Desktop\Maintenance\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Google Update] "C:\Users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2310585955-207485757-2205469552-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12389 bytes
  • Vertel eens: gebruik jij Eset soms met een fix? Download [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner[/url] by Xplode naar het bureaublad. [list:4902f102bb][*:4902f102bb]Sluit alle openstaande vensters [*:4902f102bb]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren... [*:4902f102bb]Klik vervolgens op Delete [*:4902f102bb]Klik bij AdwCleaner – Information op OK [*:4902f102bb]Klik bij AdwCleaner – Restart Required op OK[/list:u:4902f102bb] Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post aansluitend de inhoud van dit log in je volgende bericht.
  • Dank voor de hulp. Ik heb een licentie voor ESET ( al enkele jaren, hoezo?). Bijgaand is de log file van de AdwCleaner. Ik hoop, dat je er iets mee kunt. MfG, Sjouke # AdwCleaner v1.800 - Logfile created 08/05/2012 at 16:06:59 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sjouke Hoving - SJOUKEHOVING-PC # Running from : C:\Users\Sjouke Hoving\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\boost_interprocess ***** [Registry] ***** ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v21.0.1180.60 File : C:\Users\Sjouke Hoving\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "description": "The fastest way to search the web.", ************************* AdwCleaner[S1].txt - [896 octets] - [05/08/2012 16:06:59] ########## EOF - C:\AdwCleaner[S1].txt - [1023 octets] ##########
  • Er draait maar één service van Eset. Welke versie gebruik jij ervan? En doe het volgende: [b:5563103c52]Welk programma[/b:5563103c52]: [color=#008000:5563103c52][b:5563103c52]ComboFix[/b:5563103c52][/color:5563103c52] [b:5563103c52]Waarvoor/waarom[/b:5563103c52]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:5563103c52]Moeilijkheidsgraad[/b:5563103c52]: Lees alles eerst goed vanwege de voorbereidingsfase. [b:5563103c52]Downloadlokatie[/b:5563103c52]: Dit programma absoluut naar het bureaublad downloaden! [b:5563103c52]Download ComboFix via één van deze locaties[/b:5563103c52]: [list:5563103c52][*:5563103c52][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:5563103c52]Bleepingcomputer[/b:5563103c52][/url] [*:5563103c52][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:5563103c52]ForoSpyware[/b:5563103c52][/url] [*:5563103c52][url=http://subs.geekstogo.com/ComboFix.exe][b:5563103c52]Geekstogo[/b:5563103c52][/url][/list:u:5563103c52] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:5563103c52]Hier[/b:5563103c52][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:5563103c52][color=#0000FF:5563103c52]Hier[/color:5563103c52][/b:5563103c52][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:5563103c52][b:5563103c52]hier[/b:5563103c52][/color:5563103c52][/url] kan je lezen hoe je dat doet. [b:5563103c52]Opmerkingen[/b:5563103c52]: [list:5563103c52][*:5563103c52][b:5563103c52]Voor alle duidelijkheid nogmaals[/b:5563103c52]: ComboFix dient vanaf het bureaublad gestart te worden. [*:5563103c52] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:5563103c52]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:5563103c52]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:5563103c52] [b:5563103c52]ComboFix is opgestart[/b:5563103c52]: [list:5563103c52][*:5563103c52]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:5563103c52]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:5563103c52]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:5563103c52]Wanneer ComboFix gereed is, zal het een logbestand voor je maken. [*:5563103c52]Post de inhoud van dit logbestand in je volgende bericht. [*:5563103c52]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:5563103c52] [b:5563103c52]Belangrijke opmerking[/b:5563103c52]: [list:5563103c52][*:5563103c52][b:5563103c52][color=#0000FF:5563103c52]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:5563103c52][/b:5563103c52] [*:5563103c52][b:5563103c52][color=#FF0000:5563103c52]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:5563103c52][/b:5563103c52] [*:5563103c52][b:5563103c52][color=#008000:5563103c52]Start dan de computer opnieuw op.[/color:5563103c52][/b:5563103c52][/list:u:5563103c52]
  • Dit is mijn ESET versie: [img:4e8ba10043]http://i15.photobucket.com/albums/a389/hovinsj1/th_ESET-1.jpg[/img:4e8ba10043] Hier is de log van de ComboFix: ComboFix 12-08-05.02 - Sjouke Hoving 06.08.2012 8:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.8086.5924 [GMT 2:00] ausgeführt von:: c:\users\Sjouke Hoving\Desktop\ComboFix.exe AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Sjouke Hoving\AppData\Local\assembly\tmp . . ((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 )))))))))))))))))))))))))))))) . . 2012-08-06 06:30 . 2012-08-06 06:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-06 06:30 . 2012-08-06 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\users\Sjouke Hoving\AppData\Roaming\Malwarebytes 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\programdata\Malwarebytes 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-05 06:09 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-03 18:38 . 2012-08-03 18:38 -------- d-----w- c:\program files\ESET 2012-08-03 18:18 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50351CE-15C6-40F4-93B5-47C979D14B55}\mpengine.dll 2012-07-10 17:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 17:13 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-07-10 17:13 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 17:15 . 2012-03-23 18:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-26 21:21 . 2012-06-26 21:21 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax 2012-06-18 05:20 . 2012-06-18 05:20 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:20 . 2012-04-03 20:04 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-02 22:19 . 2012-06-21 17:24 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 17:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 17:24 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 17:24 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 17:24 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 17:24 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 17:24 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 17:24 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 17:24 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2012-03-23 18:13 279656 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-02-17 103936] S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-02-17 12800] S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-02-17 61440] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000Core.job - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000UA.job - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-31 4500128] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-25 6611560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-02-17 2364928] "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-02-17 2351104] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.ch/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-08-06 08:32:32 ComboFix-quarantined-files.txt 2012-08-06 06:32 . Vor Suchlauf: 36'131'868'672 bytes free Nach Suchlauf: 35'839'565'824 bytes free . - - End Of File - - EC64FF1F664F105E6B7E0C6B20DB9B3A
  • De ESET versie is deze: http://i15.photobucket.com/albums/a389/hovinsj1/ESET.jpg Dank voor de hulp zover. Kun je bijzondere dingen vinden?
  • Hoe gaat het nu met jouw Windows? En het is misschien een goed idee Eset opnieuw te installeren (met administratorrechten via rechtsklik). Verrassend overigens dat jij een een Duitse Windows 7 gebruikt.
  • Bedankt voor de hulp. Ik heb het idee, dat het wel weer wat sneller draait. Ik heb ESET opnieuw geinstalleerd (alles is groen). Ik draai een engelstalige windows, maar omdat ik in Basel (CH) ben, staat de locatie op Swiss-German. Daarom zijn bepaalde zaken in het Duits aangegeven, denk ik. MfG, Sjouke
  • Aha en mooi zo; toch wil ik nog wat controleren: [b:c51f3ea643]Welk programma[/b:c51f3ea643]: [color=#008000:c51f3ea643][b:c51f3ea643]TDSSStarter .exe[/b:c51f3ea643][/color:c51f3ea643] [b:c51f3ea643]Waarvoor/waarom[/b:c51f3ea643]: Rootkitscanner [b:c51f3ea643]Moeilijkheidsgraad[/b:c51f3ea643]: geen Download [b:c51f3ea643][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter [/url][/b:c51f3ea643] naar het bureaublad. [b:c51f3ea643]"TDSSSStarter.exe" gebruiken[/b:c51f3ea643]: [list:c51f3ea643][*:c51f3ea643] [b:c51f3ea643][color=#0000FF:c51f3ea643]Sluit nu eerst alle nog openstaande programmavensters![/color:c51f3ea643][/b:c51f3ea643] [list:c51f3ea643][*:c51f3ea643][b:c51f3ea643][color=#0000FF:c51f3ea643]Windows 2000[/color:c51f3ea643][/b:c51f3ea643] en [color=#0000FF:c51f3ea643][b:c51f3ea643]Windows XP[/b:c51f3ea643][/color:c51f3ea643]: start "[b:c51f3ea643] TDSSStarter .exe[/b:c51f3ea643]" middels dubbelklikken er op . [*:c51f3ea643][color=#0000FF:c51f3ea643][b:c51f3ea643]Windows Vista[/b:c51f3ea643][/color:c51f3ea643] en [color=#0000FF:c51f3ea643][b:c51f3ea643]Windows 7[/b:c51f3ea643][/color:c51f3ea643]: start "[b:c51f3ea643] TDSSStarter .exe[/b:c51f3ea643]" middels rechtsklik en kies dan voor [b:c51f3ea643]Als Administrator uitvoeren[/b:c51f3ea643].[/list:u:c51f3ea643] [*:c51f3ea643]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:c51f3ea643]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:c51f3ea643]
  • Hier is de log inhoud (het is voor mij allemaal een beetje black box hoor, wat er allemaal getest wordt): 11:49:51.0159 2304 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 11:49:51.0159 2304 ============================================================ 11:49:51.0159 2304 Current date / time: 2012/08/06 11:49:51.0159 11:49:51.0159 2304 SystemInfo: 11:49:51.0159 2304 11:49:51.0159 2304 OS Version: 6.1.7601 ServicePack: 1.0 11:49:51.0159 2304 Product type: Workstation 11:49:51.0159 2304 ComputerName: SJOUKEHOVING-PC 11:49:51.0159 2304 UserName: Sjouke Hoving 11:49:51.0159 2304 Windows directory: C:\Windows 11:49:51.0159 2304 System windows directory: C:\Windows 11:49:51.0159 2304 Running under WOW64 11:49:51.0159 2304 Processor architecture: Intel x64 11:49:51.0159 2304 Number of processors: 4 11:49:51.0159 2304 Page size: 0x1000 11:49:51.0159 2304 Boot type: Normal boot 11:49:51.0159 2304 ============================================================ 11:49:51.0674 2304 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:49:51.0690 2304 ============================================================ 11:49:51.0690 2304 \Device\Harddisk0\DR0: 11:49:51.0690 2304 MBR partitions: 11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000 11:49:51.0690 2304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x4B1F5000 11:49:51.0690 2304 ============================================================ 11:49:51.0721 2304 C: <-> \Device\Harddisk0\DR0\Partition1 11:49:51.0737 2304 D: <-> \Device\Harddisk0\DR0\Partition2 11:49:51.0737 2304 ============================================================ 11:49:51.0737 2304 Initialize success 11:49:51.0737 2304 ============================================================ 11:49:51.0830 1100 ============================================================ 11:49:51.0830 1100 Scan started 11:49:51.0830 1100 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 11:49:51.0830 1100 ============================================================ 11:49:54.0217 1100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:49:54.0342 1100 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys 11:49:54.0389 1100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:49:54.0420 1100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:49:54.0545 1100 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 11:49:54.0623 1100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:49:54.0716 1100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:49:54.0872 1100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:49:55.0028 1100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:49:55.0184 1100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:49:55.0356 1100 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 11:49:55.0449 1100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:49:55.0543 1100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:49:55.0637 1100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:49:55.0730 1100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:49:55.0808 1100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:49:55.0871 1100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:49:55.0964 1100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:49:56.0058 1100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:49:56.0167 1100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:49:56.0214 1100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:49:56.0292 1100 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys 11:49:56.0401 1100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:49:56.0526 1100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:49:56.0604 1100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:49:56.0729 1100 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:49:56.0807 1100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:49:56.0885 1100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:49:56.0947 1100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:49:57.0041 1100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:49:57.0134 1100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:49:57.0259 1100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:49:57.0368 1100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:49:57.0477 1100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:49:57.0587 1100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:49:57.0743 1100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:49:57.0805 1100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:49:57.0961 1100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:49:58.0304 1100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 11:49:58.0445 1100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:49:58.0647 1100 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 11:49:58.0694 1100 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:49:58.0694 1100 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1) 11:49:58.0757 1100 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 11:49:58.0819 1100 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:49:58.0819 1100 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1) 11:49:58.0881 1100 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 11:49:58.0913 1100 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:49:58.0913 1100 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1) 11:49:58.0991 1100 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:49:59.0225 1100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:49:59.0365 1100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:49:59.0412 1100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:49:59.0490 1100 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:49:59.0646 1100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:49:59.0755 1100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:49:59.0817 1100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:49:59.0880 1100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:49:59.0927 1100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:49:59.0989 1100 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 11:50:00.0083 1100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:50:00.0176 1100 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:50:00.0285 1100 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 11:50:00.0426 1100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:50:00.0519 1100 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 11:50:00.0597 1100 btmaudio (8652c1572157bfa7e86ee41cb729eb46) C:\Windows\system32\drivers\btmaud.sys 11:50:00.0691 1100 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys 11:50:00.0769 1100 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys 11:50:00.0894 1100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:50:01.0019 1100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 11:50:01.0128 1100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:50:01.0237 1100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:50:01.0346 1100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:50:01.0533 1100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:50:01.0674 1100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:50:01.0783 1100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:50:01.0861 1100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:50:01.0908 1100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:50:02.0017 1100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:50:02.0142 1100 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 11:50:02.0251 1100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:50:02.0282 1100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:50:02.0360 1100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:50:02.0438 1100 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 11:50:02.0563 1100 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 11:50:02.0688 1100 cyhid (8486e8160981ed6a4b796debbbd37d47) C:\Windows\system32\DRIVERS\cyhid.sys 11:50:02.0766 1100 cykbfltrService (3ccf3355ad4888bba1d29d6d51a6c6df) C:\Windows\system32\DRIVERS\cykbfltr.sys 11:50:02.0844 1100 cymfltrService (af1d103bdf6dad8e680f3a268e1d370f) C:\Windows\system32\DRIVERS\cymfltr.sys 11:50:03.0015 1100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:50:03.0156 1100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:50:03.0281 1100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:50:03.0421 1100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:50:03.0530 1100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:50:03.0639 1100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:50:03.0702 1100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:50:03.0811 1100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:50:03.0998 1100 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 11:50:04.0123 1100 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 11:50:04.0217 1100 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 11:50:04.0373 1100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:50:04.0513 1100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:50:04.0685 1100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:50:04.0809 1100 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys 11:50:04.0872 1100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:50:07.0337 1100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:50:07.0680 1100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:50:07.0820 1100 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys 11:50:08.0507 1100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:50:08.0616 1100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:50:09.0224 1100 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe 11:50:09.0723 1100 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 11:50:09.0848 1100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:50:10.0004 1100 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys 11:50:10.0082 1100 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys 11:50:10.0207 1100 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys 11:50:10.0254 1100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:50:10.0379 1100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:50:10.0956 1100 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 11:50:11.0268 1100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:50:11.0424 1100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:50:11.0549 1100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:50:11.0627 1100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:50:11.0720 1100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:50:11.0783 1100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:50:11.0845 1100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:50:11.0876 1100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:50:11.0954 1100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:50:12.0001 1100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:50:12.0110 1100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:50:12.0251 1100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:50:12.0297 1100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:50:12.0375 1100 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:50:12.0438 1100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:50:12.0500 1100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:50:12.0625 1100 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:50:12.0719 1100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:50:12.0890 1100 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:50:12.0953 1100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:50:13.0046 1100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:50:13.0155 1100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:50:13.0233 1100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:50:13.0343 1100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:50:13.0436 1100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:50:13.0530 1100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:50:13.0639 1100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:50:13.0701 1100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:50:13.0811 1100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:50:13.0904 1100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:50:14.0060 1100 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 11:50:14.0091 1100 hpqcxs08 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:50:14.0091 1100 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 11:50:14.0123 1100 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 11:50:14.0138 1100 hpqddsvc ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:50:14.0138 1100 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 11:50:14.0169 1100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:50:14.0263 1100 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 11:50:14.0325 1100 HPSLPSVC ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:50:14.0325 1100 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 11:50:14.0388 1100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:50:14.0513 1100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:50:14.0575 1100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 11:50:14.0700 1100 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys 11:50:14.0778 1100 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 11:50:14.0871 1100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:50:15.0012 1100 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys 11:50:15.0137 1100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:50:15.0651 1100 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:50:16.0073 1100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:50:16.0166 1100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:50:16.0416 1100 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys 11:50:16.0634 1100 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 11:50:16.0775 1100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:50:16.0837 1100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:50:16.0915 1100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:50:17.0040 1100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:50:17.0211 1100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:50:17.0352 1100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:50:17.0414 1100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:50:17.0617 1100 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 11:50:17.0726 1100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:50:17.0804 1100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:50:17.0898 1100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:50:18.0038 1100 JMCR (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys 11:50:18.0132 1100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 11:50:18.0179 1100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 11:50:18.0241 1100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:50:18.0288 1100 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 11:50:18.0350 1100 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 11:50:18.0413 1100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:50:18.0584 1100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:50:18.0740 1100 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys 11:50:18.0849 1100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 11:50:18.0974 1100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:50:19.0099 1100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:50:19.0239 1100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:50:19.0349 1100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:50:19.0473 1100 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11:50:19.0536 1100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:50:19.0614 1100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:50:19.0676 1100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:50:19.0739 1100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:50:19.0785 1100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:50:19.0910 1100 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 11:50:19.0988 1100 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:50:20.0082 1100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:50:20.0160 1100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:50:20.0253 1100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:50:20.0331 1100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 11:50:20.0425 1100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:50:20.0534 1100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:50:20.0643 1100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:50:20.0737 1100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:50:20.0784 1100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:50:20.0877 1100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:50:20.0924 1100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:50:21.0002 1100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:50:21.0158 1100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:50:21.0314 1100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:50:21.0392 1100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:50:21.0470 1100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:50:21.0611 1100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:50:21.0704 1100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:50:21.0782 1100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:50:21.0845 1100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:50:21.0923 1100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:50:22.0001 1100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:50:22.0063 1100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:50:22.0110 1100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:50:22.0157 1100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:50:22.0235 1100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:50:22.0297 1100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:50:22.0391 1100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:50:22.0437 1100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:50:22.0484 1100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:50:22.0578 1100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:50:22.0625 1100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:50:22.0703 1100 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 11:50:22.0812 1100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:50:22.0968 1100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:50:23.0139 1100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:50:23.0233 1100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:50:23.0327 1100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:50:23.0405 1100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:50:23.0498 1100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:50:23.0639 1100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:50:23.0779 1100 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 11:50:23.0795 1100 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:50:23.0795 1100 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 11:50:23.0841 1100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:50:23.0997 1100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:50:24.0107 1100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:50:24.0169 1100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:50:24.0309 1100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:50:24.0450 1100 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:50:24.0824 1100 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys 11:50:25.0214 1100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:50:25.0339 1100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:50:25.0479 1100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:50:25.0557 1100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:50:25.0667 1100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:50:25.0807 1100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:50:26.0057 1100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:50:26.0197 1100 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys 11:50:26.0259 1100 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys 11:50:26.0759 1100 nvlddmkm (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:50:26.0993 1100 nvpciflt (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS\nvpciflt.sys 11:50:27.0055 1100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:50:27.0149 1100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:50:27.0258 1100 NVSvc (e0978d69d66403beb006bed61b27b883) C:\Windows\system32\nvvsvc.exe 11:50:27.0461 1100 nvUpdatusService (dc49ec481397457aea7d094383c0e1b6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 11:50:27.0617 1100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:50:27.0695 1100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:50:27.0851 1100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:50:28.0147 1100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:50:28.0365 1100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:50:28.0490 1100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:50:28.0584 1100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:50:28.0677 1100 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:50:28.0771 1100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:50:28.0849 1100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:50:28.0943 1100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:50:29.0021 1100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:50:29.0083 1100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:50:29.0161 1100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:50:29.0379 1100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:50:29.0520 1100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:50:29.0723 1100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:50:29.0847 1100 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 11:50:29.0879 1100 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - [b:ebbddea245][color=red:ebbddea245]warning[/color:ebbddea245][/b:ebbddea245] 11:50:29.0879 1100 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 11:50:29.0894 1100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:50:29.0988 1100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:50:30.0081 1100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:50:30.0222 1100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:50:30.0331 1100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:50:30.0440 1100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:50:30.0534 1100 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 11:50:30.0596 1100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:50:30.0674 1100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:50:30.0799 1100 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 11:50:30.0939 1100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:50:31.0173 1100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:50:31.0251 1100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:50:31.0329 1100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:50:31.0376 1100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:50:31.0470 1100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:50:31.0595 1100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:50:31.0704 1100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:50:31.0813 1100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:50:31.0907 1100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:50:32.0016 1100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:50:32.0141 1100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:50:32.0265 1100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:50:32.0343 1100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:50:32.0453 1100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:50:32.0531 1100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:50:32.0609 1100 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 11:50:32.0702 1100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:50:32.0858 1100 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 11:50:32.0952 1100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:50:33.0077 1100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:50:33.0186 1100 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:50:33.0451 1100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:50:33.0576 1100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:50:33.0669 1100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:50:33.0794 1100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:50:33.0919 1100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:50:33.0966 1100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:50:34.0059 1100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:50:34.0184 1100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:50:34.0340 1100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:50:34.0512 1100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:50:34.0574 1100 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 11:50:34.0621 1100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:50:34.0683 1100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:50:34.0777 1100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:50:34.0855 1100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 11:50:34.0949 1100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:50:34.0980 1100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:50:35.0058 1100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:50:35.0214 1100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:50:35.0276 1100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:50:35.0339 1100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 11:50:35.0385 1100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:50:35.0448 1100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys 11:50:35.0510 1100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:50:35.0619 1100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:50:35.0760 1100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:50:35.0900 1100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:50:35.0978 1100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:50:36.0009 1100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:50:36.0087 1100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:50:36.0150 1100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:50:36.0228 1100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:50:36.0493 1100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:50:36.0758 1100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:50:36.0914 1100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:50:37.0023 1100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:50:37.0101 1100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:50:37.0179 1100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:50:37.0242 1100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:50:37.0304 1100 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys 11:50:37.0413 1100 Stereo Service (39d9ca03cc9ff883f8e36d95e7bfd193) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 11:50:37.0476 1100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:50:37.0569 1100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:50:37.0679 1100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:50:37.0772 1100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:50:37.0991 1100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:50:38.0178 1100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:50:38.0256 1100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:50:38.0365 1100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:50:38.0583 1100 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:50:38.0849 1100 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:50:38.0958 1100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:50:39.0067 1100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:50:39.0161 1100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:50:39.0254 1100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:50:39.0379 1100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:50:39.0457 1100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:50:39.0582 1100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:50:39.0660 1100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:50:39.0769 1100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:50:39.0878 1100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:50:40.0003 1100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:50:40.0112 1100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:50:40.0221 1100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:50:40.0331 1100 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 11:50:40.0424 1100 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 11:50:40.0487 1100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:50:40.0580 1100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:50:40.0721 1100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:50:40.0767 1100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:50:40.0861 1100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 11:50:40.0939 1100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:50:41.0173 1100 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 11:50:41.0329 1100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:50:41.0485 1100 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:50:41.0579 1100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:50:41.0672 1100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:50:41.0719 1100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 11:50:41.0781 1100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:50:41.0875 1100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:50:41.0937 1100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:50:42.0047 1100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 11:50:42.0125 1100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:50:42.0203 1100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:50:42.0249 1100 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 11:50:42.0327 1100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:50:42.0390 1100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:50:42.0421 1100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:50:42.0515 1100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:50:42.0639 1100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:50:42.0686 1100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:50:42.0842 1100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:50:42.0889 1100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:50:42.0951 1100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:50:43.0061 1100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:50:43.0170 1100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:50:43.0248 1100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:50:43.0419 1100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:50:43.0685 1100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:50:43.0778 1100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:50:43.0856 1100 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 11:50:43.0950 1100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:50:44.0059 1100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:50:44.0121 1100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:50:44.0231 1100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:50:44.0371 1100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:50:44.0558 1100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:50:44.0792 1100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:50:44.0886 1100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:50:44.0979 1100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:50:45.0042 1100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:50:45.0104 1100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:50:45.0198 1100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:50:45.0260 1100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:50:45.0323 1100 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys 11:50:45.0401 1100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:50:45.0510 1100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:50:45.0572 1100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:50:45.0650 1100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:50:45.0744 1100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:50:45.0822 1100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:50:45.0931 1100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:50:46.0118 1100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:50:46.0399 1100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 11:50:46.0539 1100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:50:46.0649 1100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:50:46.0758 1100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:50:46.0867 1100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:50:46.0945 1100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:50:46.0992 1100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:50:47.0085 1100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 11:50:47.0241 1100 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 11:50:47.0475 1100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:50:47.0600 1100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:50:47.0709 1100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:50:47.0772 1100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:50:47.0881 1100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:50:48.0209 1100 Boot (0x1200) (b08c413a16b5dc65d95d7606affc75bf) \Device\Harddisk0\DR0\Partition0 11:50:48.0240 1100 Boot (0x1200) (37a5830ccc60e96035d3e9ef785a4b0b) \Device\Harddisk0\DR0\Partition1 11:50:48.0255 1100 Boot (0x1200) (5d97023ea84ea2924761e39d9d77fa62) \Device\Harddisk0\DR0\Partition2 11:50:48.0255 1100 ============================================================ 11:50:48.0255 1100 Scan finished 11:50:48.0255 1100 ============================================================ 11:50:48.0817 2008 Deinitialize success . ============================================== System Restore Point Check: . TDSSKiller Starter Restore Point Created Succesfully ============================================== Registry Export . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ============================================== EOF
  • Maak je geen zorgen, ik gebruik enkel legitieme tools en aan het einde ruimen we alles weer op. [b:917707e756]Welk programma[/b:917707e756]: [color=#008000:917707e756][b:917707e756]Emsisoft Emergency Kit 1.0[/b:917707e756][/color:917707e756] [b:917707e756]Waarvoor/waarom[/b:917707e756]: Detecteert en verwijdert malware [b:917707e756]Moeilijkheidsgraad[/b:917707e756]: geen. Download: [b:917707e756][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:917707e756]Emsisoft Emergency Kit[/color:917707e756][/url][/b:917707e756] [b:917707e756]Opmerkingen[/b:917707e756]:[list:917707e756][*:917707e756]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:917707e756]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:917707e756] [b:917707e756]Emsisoft Emergency Kit opstarten[/b:917707e756] door de map "[b:917707e756]EmsisoftEmergencyKit[/b:917707e756]" te openen [list:917707e756][list:917707e756][*:917707e756][b:917707e756][color=#0000FF:917707e756]Windows 2000[/color:917707e756][/b:917707e756] en [color=#0000FF:917707e756][b:917707e756]Windows XP[/b:917707e756][/color:917707e756]: dubbelklik op "Start.exe". [*:917707e756][color=#0000FF:917707e756][b:917707e756]Windows Vista[/b:917707e756][/color:917707e756] en [color=#0000FF:917707e756][b:917707e756]Windows 7[/b:917707e756][/color:917707e756]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:917707e756][/list:u:917707e756] [b:917707e756]Scannen[/b:917707e756]: [list:917707e756][*:917707e756] Klik nu in het keuzescherm op "[b:917707e756]Emergency Kit Scanner[/b:917707e756]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:917707e756]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:917707e756] [*:917707e756]Doe dit dan ook door te klikken op "[b:917707e756]Ja[/b:917707e756]" [*:917707e756]Wanneer het updaten gereed is volgt de melding "[b:917707e756]Update proces is succesvol afgerond[/b:917707e756]" [*:917707e756]Klik nu op"[b:917707e756]Menu[/b:917707e756]" en dan op "[b:917707e756]Scan PC[/b:917707e756]" [*:917707e756] Selecteer de optie "[b:917707e756]Diep[/b:917707e756]" als deze niet standaard al zo is ingesteld. [*:917707e756] Klik aansluitend op de knop "[b:917707e756]Scan[/b:917707e756]" [list:917707e756][*:917707e756]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:917707e756] [*:917707e756] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:917707e756] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:917707e756]Verwijder geselecteerde[/b:917707e756]" - dan zal de volgende melding komen: [img:917707e756]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:917707e756] [*:917707e756]Klik aansluitend dus op "[b:917707e756]Ja[/b:917707e756]" [*:917707e756] Wanneer het verwijderen klaar is, klik dan op de knop "[b:917707e756]View report[/b:917707e756]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:917707e756]a2scan_110730-111615.txt[/b:917707e756] [*:917707e756] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:917707e756] [color=#008000:917707e756][b:917707e756]Notabene:[/b:917707e756][/color:917707e756] Herstart nu de computer.
  • Hier is de log. Niet alle files konden verwijderd worden... Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 06.08.2012 18:19:35 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 06.08.2012 18:21:31 c:\program files (x86)\ares\data Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\osthemes Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\chatconf.txt Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\chanlistfilter.txt Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\blocked.txt.sample Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\buttonsbitmap.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\chat.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\emotic.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\libbig.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\logo.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\mimesmall.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\mshareset.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\prefs.txt Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\searchpnl.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\searchstars.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\tabssmall.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\gui\general\transfer.bmp Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\homepage.url Ontdekt: Trace.File.ares!E1 c:\program files (x86)\ares\data\p2pfilter.txt Ontdekt: Trace.File.ares!E1 Value: hkey_classes_root\arlnk --> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1 Value: hkey_current_user\software\ares\columns\transfers --> download Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\columns\transfers --> queue Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\columns\transfers --> upload Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\classes\arlnk --> url protocol Ontdekt: Trace.Registry.ares galaxy p2p plus!E1 Value: hkey_current_user\software\ares\positions\transfers --> download Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\positions\transfers --> queue Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\positions\transfers --> upload Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> extra.showactivecaption Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\bounds --> main.maximized Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.hookbittorrentext Ontdekt: Trace.Registry.ares!E1 Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.autostartup Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\data --> ji.aresnet1 Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.language Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.lastlibrarymode Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastpmbrowse Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastchatroombrowse Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> hashing.priority Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.msnsongnotif Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> personal.guid Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> playlist.previousm3uapp Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> network.dhtid Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastsearch Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> privatemessage.awaymessage Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cavgtime Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> privatemessage.allowbrowse Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastlibrary Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> playlist.previouswaxapp Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cdnspeed Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cfrtime Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cttuptime Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cupspeed Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.haslqca Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> transfer.serverport Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.lstcaqueryint Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> displayname Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> displayversion Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> publisher Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> torrents.previousapp Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> urlinfoabout Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> uninstallstring Ontdekt: Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.lstcaquery Ontdekt: Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> urlupdateinfo Ontdekt: Trace.Registry.ares!E1 Gescand 726862 Gevonden 66 Scan geëindigd: 06.08.2012 19:26:12 Scantijd: 1:04:41 Value: hkey_current_user\software\ares\columns\transfers --> download Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\columns\transfers --> queue Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\columns\transfers --> upload Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\positions\transfers --> download Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\positions\transfers --> queue Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\positions\transfers --> upload Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> extra.showactivecaption Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\bounds --> main.maximized Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.hookbittorrentext Verwijderd Trace.Registry.ares!E1 Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.autostartup Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares\data --> ji.aresnet1 Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.language Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.lastlibrarymode Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastpmbrowse Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastchatroombrowse Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> hashing.priority Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> general.msnsongnotif Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> personal.guid Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> playlist.previousm3uapp Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> network.dhtid Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastsearch Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> privatemessage.awaymessage Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cavgtime Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> privatemessage.allowbrowse Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> gui.lastlibrary Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> playlist.previouswaxapp Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cdnspeed Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cfrtime Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cttuptime Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.cupspeed Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.haslqca Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> transfer.serverport Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.lstcaqueryint Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> displayname Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> displayversion Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> publisher Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> torrents.previousapp Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> urlinfoabout Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> uninstallstring Verwijderd Trace.Registry.ares!E1 Value: hkey_current_user\software\ares --> stats.lstcaquery Verwijderd Trace.Registry.ares!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ares --> urlupdateinfo Verwijderd Trace.Registry.ares!E1 Value: hkey_classes_root\arlnk --> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1 Value: hkey_local_machine\software\classes\arlnk --> url protocol Verwijderd Trace.Registry.ares galaxy p2p plus!E1 c:\program files (x86)\ares\data Verwijderd Trace.File.ares!E1 Verwijderd 46
  • Had je mogelijk toch programma- dan wel webvensters openstaan tijdens de scan?
  • Nee, ik had alles precies zo gedaan als beschreven in de instrukties. Ziet het er nu goed uit? MvG, Sjouke
  • Hallo Sjouke, helemaal tevreden ben ik nog niet. [b:cf0e646bfa]Welk programma[/b:cf0e646bfa]: [color=#008000:cf0e646bfa][b:cf0e646bfa]Malwarebytes MBAM[/b:cf0e646bfa][/color:cf0e646bfa] [b:cf0e646bfa]Waarvoor/waarom[/b:cf0e646bfa]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:cf0e646bfa]Moeilijkheidsgraad[/b:cf0e646bfa]: geen. [b:cf0e646bfa]Download Malwarebytes MBAM via één van deze locaties[/b:cf0e646bfa]: [list:cf0e646bfa][*:cf0e646bfa][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:cf0e646bfa]Softpedia.com[/b:cf0e646bfa][/url][*:cf0e646bfa][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:cf0e646bfa]Majorgeeks.com[/b:cf0e646bfa][/url][/list:u:cf0e646bfa] [b:cf0e646bfa]Allereerst[/b:cf0e646bfa]:[list:cf0e646bfa][*:cf0e646bfa] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:cf0e646bfa] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:cf0e646bfa] [b:cf0e646bfa]Malwarebytes MBAM opstarten[/b:cf0e646bfa]: [list:cf0e646bfa][*:cf0e646bfa] [b:cf0e646bfa][color=#0000FF:cf0e646bfa]Sluit nu eerst alle nog openstaande programmavensters![/color:cf0e646bfa][/b:cf0e646bfa] [list:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa][color=#0000FF:cf0e646bfa]Windows 2000[/color:cf0e646bfa][/b:cf0e646bfa] en [color=#0000FF:cf0e646bfa][b:cf0e646bfa]Windows XP[/b:cf0e646bfa][/color:cf0e646bfa]: dubbelklik op de MBAM -snelkoppeling. [*:cf0e646bfa][color=#0000FF:cf0e646bfa][b:cf0e646bfa]Windows Vista[/b:cf0e646bfa][/color:cf0e646bfa] en [color=#0000FF:cf0e646bfa][b:cf0e646bfa]Windows 7[/b:cf0e646bfa][/color:cf0e646bfa]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:cf0e646bfa][/list:u:cf0e646bfa] [list:cf0e646bfa][*:cf0e646bfa][b:cf0e646bfa]Let op:[/b:cf0e646bfa] [list:cf0e646bfa][*:cf0e646bfa]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:cf0e646bfa]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken. [*:cf0e646bfa]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen. [*:cf0e646bfa]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:cf0e646bfa] [img:cf0e646bfa]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:cf0e646bfa] [*:cf0e646bfa][b:cf0e646bfa]Doe ook nog het volgende:[/b:cf0e646bfa] [list:cf0e646bfa][*:cf0e646bfa]Zodra het programma gestart is, ga dan naar het tabblad "[b:cf0e646bfa]Instellingen[/b:cf0e646bfa]". [*:cf0e646bfa]Vink hier aan: "[b:cf0e646bfa]Sluit Internet Explorer tijdens verwijdering van malware[/b:cf0e646bfa]".[/list:u:cf0e646bfa][/list:u:cf0e646bfa] [b:cf0e646bfa]Scannen[/b:cf0e646bfa]: [list:cf0e646bfa][*:cf0e646bfa] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:cf0e646bfa]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:cf0e646bfa]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:cf0e646bfa] [b:cf0e646bfa]Infecties gevonden[/b:cf0e646bfa]: [list:cf0e646bfa][*:cf0e646bfa]Klik nu eerst op OK om de melding weg te klikken [*:cf0e646bfa]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:cf0e646bfa]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:cf0e646bfa]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:cf0e646bfa]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:cf0e646bfa]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:cf0e646bfa] [b:cf0e646bfa]MBAM-Log[/b:cf0e646bfa]: [list:cf0e646bfa][*:cf0e646bfa] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:cf0e646bfa] [color=#008000:cf0e646bfa][b:cf0e646bfa]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:cf0e646bfa][/color:cf0e646bfa]
  • En hier is het logje: Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300 www.malwarebytes.org Databaseversie: v2012.08.07.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sjouke Hoving :: SJOUKEHOVING-PC [administrator] Realtime bescherming: Ingeschakeld 07.08.2012 23:43:59 mbam-log-2012-08-07 (23-43-59).txt Scantype: Volledige scan (C:\|D:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 433369 Verstreken tijd: 49 minuut/minuten, 7 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  • Nog een scan te doen: [b:3b177b22c5]Welk programma[/b:3b177b22c5]: [color=#008000:3b177b22c5][b:3b177b22c5]ComboFix[/b:3b177b22c5][/color:3b177b22c5] [b:3b177b22c5]Waarvoor/waarom[/b:3b177b22c5]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:3b177b22c5]Moeilijkheidsgraad[/b:3b177b22c5]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:3b177b22c5]Downloadlokatie[/b:3b177b22c5]: Dit programma absoluut naar het bureaublad downloaden! [b:3b177b22c5]Download ComboFix via één van deze locaties[/b:3b177b22c5]: [list:3b177b22c5][*:3b177b22c5][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:3b177b22c5]Bleepingcomputer[/b:3b177b22c5][/url] [*:3b177b22c5][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:3b177b22c5]ForoSpyware[/b:3b177b22c5][/url] [*:3b177b22c5][url=http://subs.geekstogo.com/ComboFix.exe][b:3b177b22c5]Geekstogo[/b:3b177b22c5][/url][/list:u:3b177b22c5] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:3b177b22c5][color=#0000FF:3b177b22c5]Hier[/color:3b177b22c5][/b:3b177b22c5][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:3b177b22c5][color=#0000FF:3b177b22c5]Hier[/color:3b177b22c5][/b:3b177b22c5][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php? f=86&t=32607][b:3b177b22c5][color=#0000FF:3b177b22c5]hier[/color:3b177b22c5][/b:3b177b22c5][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:3b177b22c5]Opmerkingen[/b:3b177b22c5]: [list:3b177b22c5][*:3b177b22c5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:3b177b22c5]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3b177b22c5] [b:3b177b22c5]ComboFix opstarten[/b:3b177b22c5]: [list:3b177b22c5][*:3b177b22c5][b:3b177b22c5][color=#0000FF:3b177b22c5]Windows 2000[/color:3b177b22c5][/b:3b177b22c5] en [color=#0000FF:3b177b22c5][b:3b177b22c5]Windows XP[/b:3b177b22c5][/color:3b177b22c5]: dubbelklik op ComboFix.exe. [*:3b177b22c5][color=#0000FF:3b177b22c5][b:3b177b22c5]Windows Vista[/b:3b177b22c5][/color:3b177b22c5] en [color=#0000FF:3b177b22c5][b:3b177b22c5]Windows 7[/b:3b177b22c5][/color:3b177b22c5]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:3b177b22c5] [b:3b177b22c5]ComboFix is opgestart[/b:3b177b22c5]: [list:3b177b22c5][*:3b177b22c5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:3b177b22c5]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:3b177b22c5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:3b177b22c5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:3b177b22c5]Post de inhoud van dit logbestand in je volgende bericht. [*:3b177b22c5]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3b177b22c5] [b:3b177b22c5]Belangrijke opmerking[/b:3b177b22c5]: [list:3b177b22c5][*:3b177b22c5][b:3b177b22c5][color=#0000FF:3b177b22c5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3b177b22c5][/b:3b177b22c5] [*:3b177b22c5][b:3b177b22c5][color=#FF0000:3b177b22c5]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:3b177b22c5][/b:3b177b22c5] [*:3b177b22c5][b:3b177b22c5][color=#008000:3b177b22c5]Start dan de computer opnieuw op.[/color:3b177b22c5][/b:3b177b22c5][/list:u:3b177b22c5]
  • Combofix heeft toch al een keer gedraaid??? MvG, Sjouke
  • Desalniettemin het nogmaals doen!
  • Een beetje verlaat, maar hier is het logje: ComboFix 12-08-05.02 - Sjouke Hoving 09.08.2012 20:41:22.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.8086.6253 [GMT 2:00] ausgeführt von:: c:\users\Sjouke Hoving\Desktop\ComboFix.exe AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-07-09 bis 2012-08-09 )))))))))))))))))))))))))))))) . . 2012-08-09 18:44 . 2012-08-09 18:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-09 18:44 . 2012-08-09 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 15:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1736563D-BA0E-46B4-BDE4-FE0FC6EB21D2}\mpengine.dll 2012-08-06 09:49 . 2012-08-06 09:50 -------- d-----w- C:\TDSSStarter 2012-08-06 08:25 . 2012-08-06 08:25 -------- d-----w- c:\program files\ESET 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\users\Sjouke Hoving\AppData\Roaming\Malwarebytes 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\programdata\Malwarebytes 2012-08-05 06:09 . 2012-08-05 06:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-05 06:09 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 17:15 . 2012-03-23 18:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-26 21:21 . 2012-06-26 21:21 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax 2012-06-18 05:20 . 2012-06-18 05:20 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:20 . 2012-04-03 20:04 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-12 03:08 . 2012-07-10 17:20 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-10 17:12 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 17:12 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 17:12 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 17:12 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 17:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 17:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 17:12 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-21 17:24 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 17:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 17:24 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 17:24 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 17:24 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 17:24 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 17:24 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 17:24 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 17:24 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-10 17:13 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-10 17:13 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-10 17:14 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-10 17:14 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-10 17:14 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-10 17:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-10 17:14 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-10 17:14 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-10 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-10 17:14 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-10 17:14 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-10 17:14 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-10 17:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-10 17:14 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-10 17:14 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-10 17:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-10 17:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-10 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-10 17:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-10 17:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 17:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-10 17:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-10 17:12 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 17:12 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 17:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 17:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 17:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 17:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2012-03-23 18:13 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-06_06.30.45 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-24 17:44 . 2012-08-09 18:21 30433 c:\windows\SysWOW64\config\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam\scdns.bin + 2012-03-23 17:28 . 2012-08-08 05:11 40438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-08 05:11 29332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:30 . 2012-08-03 18:38 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-08-06 08:25 86016 c:\windows\system32\DriverStore\infpub.dat - 2012-03-23 17:02 . 2012-08-05 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-23 17:02 . 2012-08-07 04:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-23 17:02 . 2012-08-05 15:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-03-23 17:02 . 2012-08-07 04:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-05 15:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-07 04:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-06 08:25 . 2012-08-06 08:25 10134 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\callmsi.exe - 2012-08-03 18:38 . 2012-08-03 18:38 10134 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\callmsi.exe + 2012-03-23 17:13 . 2012-08-08 05:11 8930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2310585955-207485757-2205469552-1000_UserData.bin - 2012-03-23 17:01 . 2012-08-05 14:07 1557 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-03-23 17:01 . 2012-08-08 05:01 1557 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-08-08 05:02 . 2012-08-08 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-05 14:08 . 2012-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-05 14:08 . 2012-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-08 05:02 . 2012-08-08 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-24 12:51 . 2012-08-09 18:19 298042 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-08-05 14:12 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-08 05:06 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-08 05:06 106388 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-05 14:12 106388 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-08-06 08:25 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-03 18:38 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-03 18:38 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-08-06 08:25 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:01 . 2012-08-05 14:07 389376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-08 05:01 389376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-08-03 18:38 . 2012-08-03 18:38 105624 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\egui.exe + 2012-08-06 08:25 . 2012-08-06 08:25 105624 c:\windows\Installer\{F7274D82-C857-4C20-AB1A-D701D64BFD90}\egui.exe + 2012-03-23 19:30 . 2012-08-07 05:32 3523200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310585955-207485757-2205469552-1000-8192.dat - 2012-03-23 19:30 . 2012-08-05 14:07 3523200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2310585955-207485757-2205469552-1000-8192.dat + 2012-08-06 08:09 . 2012-08-06 08:09 62664192 c:\windows\Installer\23249.msi . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Sjouke Hoving\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-08-06 23208] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-02-17 103936] S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-02-17 12800] S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-02-17 61440] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000Core.job - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310585955-207485757-2205469552-1000UA.job - c:\users\Sjouke Hoving\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 07:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sjouke Hoving\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-25 6611560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-02-17 2364928] "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-02-17 2351104] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.ch/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-08-09 20:45:30 ComboFix-quarantined-files.txt 2012-08-09 18:45 . Vor Suchlauf: 35'516'620'800 bytes free Nach Suchlauf: 35'316'162'560 bytes free . - - End Of File - - 24E349882ED0E135C849EC87F509C700

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.