Vraag & Antwoord

76 antwoorden

Naar aanleiding van mijn ander topic
http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880
deze logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:49, on 17-11-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3T61C75\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://willibrord.orionelo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111113150322.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 13863 bytes

Anoniem 17 november 2011 15:54

Hoi, je log toont feitelijk niets bijzonders.

[b:f9de499291]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f9de499291]

Anoniem 17 november 2011 17:31

TDSS log

21:39:27.0487 1156 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
21:39:29.0134 1156 ============================================================
21:39:29.0135 1156 Current date / time: 2011/11/17 21:39:29.0134
21:39:29.0135 1156 SystemInfo:
21:39:29.0135 1156
21:39:29.0135 1156 OS Version: 6.1.7601 ServicePack: 1.0
21:39:29.0135 1156 Product type: Workstation
21:39:29.0135 1156 ComputerName: NICO-LAPTOP
21:39:29.0135 1156 UserName: Nico
21:39:29.0135 1156 Windows directory: C:\Windows
21:39:29.0135 1156 System windows directory: C:\Windows
21:39:29.0135 1156 Running under WOW64
21:39:29.0135 1156 Processor architecture: Intel x64
21:39:29.0135 1156 Number of processors: 4
21:39:29.0135 1156 Page size: 0x1000
21:39:29.0135 1156 Boot type: Normal boot
21:39:29.0135 1156 ============================================================
21:39:29.0741 1156 Initialize success
21:39:32.0043 7980 ============================================================
21:39:32.0043 7980 Scan started
21:39:32.0043 7980 Mode: Manual;
21:39:32.0043 7980 ============================================================
21:39:34.0148 7980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:39:34.0191 7980 1394ohci - ok
21:39:34.0234 7980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:39:34.0236 7980 ACPI - ok
21:39:34.0327 7980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:39:34.0364 7980 AcpiPmi - ok
21:39:34.0428 7980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:34.0445 7980 adp94xx - ok
21:39:34.0574 7980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:39:34.0583 7980 adpahci - ok
21:39:34.0617 7980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:39:34.0624 7980 adpu320 - ok
21:39:34.0892 7980 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:39:34.0942 7980 AFD - ok
21:39:35.0130 7980 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
21:39:35.0155 7980 AgereSoftModem - ok
21:39:35.0257 7980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:39:35.0263 7980 agp440 - ok
21:39:35.0311 7980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:39:35.0316 7980 aliide - ok
21:39:35.0420 7980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:39:35.0423 7980 amdide - ok
21:39:35.0465 7980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:39:35.0469 7980 AmdK8 - ok
21:39:35.0705 7980 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:35.0971 7980 amdkmdag - ok
21:39:36.0085 7980 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys
21:39:36.0131 7980 amdkmdap - ok
21:39:36.0156 7980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:39:36.0159 7980 AmdPPM - ok
21:39:36.0279 7980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:39:36.0333 7980 amdsata - ok
21:39:36.0370 7980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:36.0378 7980 amdsbs - ok
21:39:36.0491 7980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:39:36.0559 7980 amdxata - ok
21:39:36.0636 7980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:39:36.0673 7980 AppID - ok
21:39:36.0780 7980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:39:36.0785 7980 arc - ok
21:39:36.0795 7980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:39:36.0807 7980 arcsas - ok
21:39:36.0837 7980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:36.0843 7980 AsyncMac - ok
21:39:36.0938 7980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:39:36.0942 7980 atapi - ok
21:39:37.0116 7980 atikmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:37.0147 7980 atikmdag - ok
21:39:37.0273 7980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:39:37.0284 7980 b06bdrv - ok
21:39:37.0396 7980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:39:37.0403 7980 b57nd60a - ok
21:39:37.0435 7980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:39:37.0439 7980 Beep - ok
21:39:37.0568 7980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:37.0578 7980 blbdrive - ok
21:39:37.0615 7980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:39:37.0665 7980 bowser - ok
21:39:37.0758 7980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:37.0767 7980 BrFiltLo - ok
21:39:37.0778 7980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:37.0786 7980 BrFiltUp - ok
21:39:37.0810 7980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:39:37.0819 7980 Brserid - ok
21:39:37.0847 7980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:37.0852 7980 BrSerWdm - ok
21:39:37.0931 7980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:37.0935 7980 BrUsbMdm - ok
21:39:37.0942 7980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:37.0946 7980 BrUsbSer - ok
21:39:37.0964 7980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:37.0967 7980 BTHMODEM - ok
21:39:37.0998 7980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:38.0003 7980 cdfs - ok
21:39:38.0107 7980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:39:38.0164 7980 cdrom - ok
21:39:38.0290 7980 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
21:39:38.0331 7980 cfwids - ok
21:39:38.0426 7980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:39:38.0429 7980 circlass - ok
21:39:38.0476 7980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:39:38.0487 7980 CLFS - ok
21:39:38.0657 7980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:38.0663 7980 CmBatt - ok
21:39:38.0707 7980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:39:38.0710 7980 cmdide - ok
21:39:38.0807 7980 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:39:38.0864 7980 CNG - ok
21:39:38.0979 7980 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys
21:39:39.0030 7980 CnxtHdAudService - ok
21:39:39.0192 7980 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys
21:39:39.0256 7980 CnxtHdmiAudService - ok
21:39:39.0365 7980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:39:39.0370 7980 Compbatt - ok
21:39:39.0412 7980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:39:39.0472 7980 CompositeBus - ok
21:39:39.0576 7980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:39.0580 7980 crcdisk - ok
21:39:39.0665 7980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:39:39.0740 7980 DfsC - ok
21:39:39.0833 7980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:39:39.0837 7980 discache - ok
21:39:39.0867 7980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:39:39.0873 7980 Disk - ok
21:39:39.0986 7980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:39:39.0995 7980 drmkaud - ok
21:39:40.0103 7980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:40.0166 7980 DXGKrnl - ok
21:39:40.0323 7980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:39:40.0428 7980 ebdrv - ok
21:39:40.0535 7980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:39:40.0545 7980 elxstor - ok
21:39:40.0598 7980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:39:40.0602 7980 ErrDev - ok
21:39:40.0693 7980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:39:40.0705 7980 exfat - ok
21:39:40.0739 7980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:39:40.0747 7980 fastfat - ok
21:39:40.0830 7980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:39:40.0836 7980 fdc - ok
21:39:40.0887 7980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:39:40.0892 7980 FileInfo - ok
21:39:40.0903 7980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:39:40.0908 7980 Filetrace - ok
21:39:40.0929 7980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:40.0934 7980 flpydisk - ok
21:39:41.0032 7980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:39:41.0080 7980 FltMgr - ok
21:39:41.0119 7980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:39:41.0123 7980 FsDepends - ok
21:39:41.0177 7980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:41.0181 7980 Fs_Rec - ok
21:39:41.0241 7980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:39:41.0299 7980 fvevol - ok
21:39:41.0403 7980 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
21:39:41.0442 7980 FwLnk - ok
21:39:41.0477 7980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:41.0482 7980 gagp30kx - ok
21:39:41.0497 7980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:39:41.0501 7980 hcw85cir - ok
21:39:41.0594 7980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:39:41.0652 7980 HdAudAddService - ok
21:39:41.0677 7980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:39:41.0678 7980 HDAudBus - ok
21:39:41.0704 7980 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:39:41.0740 7980 HECIx64 - ok
21:39:41.0832 7980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:41.0837 7980 HidBatt - ok
21:39:41.0850 7980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:39:41.0856 7980 HidBth - ok
21:39:41.0888 7980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:39:41.0894 7980 HidIr - ok
21:39:41.0985 7980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:42.0042 7980 HidUsb - ok
21:39:42.0119 7980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:39:42.0164 7980 HpSAMD - ok
21:39:42.0247 7980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:39:42.0308 7980 HTTP - ok
21:39:42.0398 7980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:39:42.0439 7980 hwpolicy - ok
21:39:42.0474 7980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:39:42.0481 7980 i8042prt - ok
21:39:42.0520 7980 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
21:39:42.0524 7980 iaStor - ok
21:39:42.0627 7980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:39:42.0722 7980 iaStorV - ok
21:39:42.0754 7980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:39:42.0759 7980 iirsp - ok
21:39:42.0879 7980 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
21:39:42.0945 7980 Impcd - ok
21:39:42.0981 7980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:39:42.0984 7980 intelide - ok
21:39:43.0015 7980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:39:43.0016 7980 intelppm - ok
21:39:43.0110 7980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:43.0157 7980 IpFilterDriver - ok
21:39:43.0201 7980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:39:43.0244 7980 IPMIDRV - ok
21:39:43.0331 7980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:39:43.0333 7980 IPNAT - ok
21:39:43.0363 7980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:39:43.0368 7980 IRENUM - ok
21:39:43.0407 7980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:39:43.0412 7980 isapnp - ok
21:39:43.0496 7980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:39:43.0560 7980 iScsiPrt - ok
21:39:43.0586 7980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:39:43.0591 7980 kbdclass - ok
21:39:43.0695 7980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:39:43.0752 7980 kbdhid - ok
21:39:43.0835 7980 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:39:43.0878 7980 KSecDD - ok
21:39:43.0982 7980 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:39:44.0026 7980 KSecPkg - ok
21:39:44.0077 7980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:39:44.0081 7980 ksthunk - ok
21:39:44.0194 7980 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:39:44.0253 7980 L1C - ok
21:39:44.0298 7980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:44.0303 7980 lltdio - ok
21:39:44.0409 7980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:44.0416 7980 LSI_FC - ok
21:39:44.0429 7980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:44.0433 7980 LSI_SAS - ok
21:39:44.0441 7980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:44.0445 7980 LSI_SAS2 - ok
21:39:44.0455 7980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:44.0460 7980 LSI_SCSI - ok
21:39:44.0489 7980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:39:44.0492 7980 luafv - ok
21:39:44.0654 7980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:39:44.0660 7980 megasas - ok
21:39:44.0686 7980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:44.0695 7980 MegaSR - ok
21:39:44.0763 7980 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
21:39:44.0765 7980 mfeapfk - ok
21:39:44.0849 7980 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
21:39:44.0910 7980 mfeavfk - ok
21:39:45.0016 7980 mfeavfk01 - ok
21:39:45.0082 7980 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
21:39:45.0141 7980 mfefirek - ok
21:39:45.0268 7980 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
21:39:45.0321 7980 mfehidk - ok
21:39:45.0413 7980 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:39:45.0454 7980 mfenlfk - ok
21:39:45.0500 7980 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
21:39:45.0548 7980 mferkdet - ok
21:39:45.0636 7980 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
21:39:45.0696 7980 mfewfpk - ok
21:39:45.0749 7980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:39:45.0752 7980 Modem - ok
21:39:45.0848 7980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:39:45.0849 7980 monitor - ok
21:39:45.0899 7980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:45.0903 7980 mouclass - ok
21:39:46.0015 7980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:46.0019 7980 mouhid - ok
21:39:46.0077 7980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:39:46.0126 7980 mountmgr - ok
21:39:46.0232 7980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:39:46.0324 7980 mpio - ok
21:39:46.0360 7980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:39:46.0366 7980 mpsdrv - ok
21:39:46.0464 7980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:39:46.0514 7980 MRxDAV - ok
21:39:46.0554 7980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:46.0628 7980 mrxsmb - ok
21:39:46.0725 7980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:46.0773 7980 mrxsmb10 - ok
21:39:46.0793 7980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:46.0831 7980 mrxsmb20 - ok
21:39:46.0871 7980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:39:46.0929 7980 msahci - ok
21:39:47.0030 7980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:39:47.0084 7980 msdsm - ok
21:39:47.0127 7980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:39:47.0150 7980 Msfs - ok
21:39:47.0177 7980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:47.0183 7980 mshidkmdf - ok
21:39:47.0274 7980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:39:47.0278 7980 msisadrv - ok
21:39:47.0312 7980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:47.0319 7980 MSKSSRV - ok
21:39:47.0350 7980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:47.0355 7980 MSPCLOCK - ok
21:39:47.0439 7980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:39:47.0442 7980 MSPQM - ok
21:39:47.0503 7980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:39:47.0537 7980 MsRPC - ok
21:39:47.0573 7980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:39:47.0573 7980 mssmbios - ok
21:39:47.0662 7980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:39:47.0668 7980 MSTEE - ok
21:39:47.0677 7980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:47.0685 7980 MTConfig - ok
21:39:47.0706 7980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:39:47.0711 7980 Mup - ok
21:39:47.0729 7980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:47.0737 7980 NativeWifiP - ok
21:39:47.0795 7980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:39:47.0801 7980 NDIS - ok
21:39:47.0888 7980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:47.0897 7980 NdisCap - ok
21:39:47.0961 7980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:47.0963 7980 NdisTapi - ok
21:39:48.0015 7980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:48.0087 7980 Ndisuio - ok
21:39:48.0192 7980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:48.0253 7980 NdisWan - ok
21:39:48.0289 7980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:39:48.0331 7980 NDProxy - ok
21:39:48.0418 7980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:39:48.0425 7980 NetBIOS - ok
21:39:48.0472 7980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:39:48.0524 7980 NetBT - ok
21:39:48.0636 7980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:48.0640 7980 nfrd960 - ok
21:39:48.0662 7980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:39:48.0666 7980 Npfs - ok
21:39:48.0675 7980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:39:48.0679 7980 nsiproxy - ok
21:39:48.0737 7980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:39:48.0791 7980 Ntfs - ok
21:39:48.0882 7980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:39:48.0887 7980 Null - ok
21:39:48.0918 7980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:39:48.0960 7980 nvraid - ok
21:39:48.0978 7980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:39:49.0015 7980 nvstor - ok
21:39:49.0111 7980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:39:49.0132 7980 nv_agp - ok
21:39:49.0163 7980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:39:49.0169 7980 ohci1394 - ok
21:39:49.0291 7980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:39:49.0299 7980 Parport - ok
21:39:49.0343 7980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:39:49.0409 7980 partmgr - ok
21:39:49.0516 7980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:39:49.0519 7980 pci - ok
21:39:49.0554 7980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:39:49.0561 7980 pciide - ok
21:39:49.0655 7980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:49.0663 7980 pcmcia - ok
21:39:49.0683 7980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:39:49.0688 7980 pcw - ok
21:39:49.0707 7980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:39:49.0725 7980 PEAUTH - ok
21:39:49.0830 7980 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
21:39:49.0900 7980 PGEffect - ok
21:39:50.0020 7980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:50.0066 7980 PptpMiniport - ok
21:39:50.0087 7980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:39:50.0091 7980 Processor - ok
21:39:50.0179 7980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:39:50.0180 7980 Psched - ok
21:39:50.0302 7980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:39:50.0323 7980 ql2300 - ok
21:39:50.0417 7980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:50.0421 7980 ql40xx - ok
21:39:50.0442 7980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:39:50.0446 7980 QWAVEdrv - ok
21:39:50.0455 7980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:50.0459 7980 RasAcd - ok
21:39:50.0511 7980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:50.0514 7980 RasAgileVpn - ok
21:39:50.0610 7980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:50.0652 7980 Rasl2tp - ok
21:39:50.0695 7980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:50.0701 7980 RasPppoe - ok
21:39:50.0772 7980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:50.0778 7980 RasSstp - ok
21:39:50.0816 7980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:50.0870 7980 rdbss - ok
21:39:50.0904 7980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:50.0909 7980 rdpbus - ok
21:39:51.0009 7980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:51.0013 7980 RDPCDD - ok
21:39:51.0035 7980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:39:51.0040 7980 RDPENCDD - ok
21:39:51.0064 7980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:39:51.0067 7980 RDPREFMP - ok
21:39:51.0102 7980 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:39:51.0149 7980 RDPWD - ok
21:39:51.0252 7980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:39:51.0301 7980 rdyboost - ok
21:39:51.0341 7980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:51.0345 7980 rspndr - ok
21:39:51.0396 7980 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
21:39:51.0399 7980 RSUSBSTOR - ok
21:39:51.0512 7980 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
21:39:51.0568 7980 rtl8192se - ok
21:39:51.0638 7980 SbieDrv (742112ce7abb11dc17a561b4291be9c6) C:\Program Files\Sandboxie\SbieDrv.sys
21:39:51.0700 7980 SbieDrv - ok
21:39:51.0791 7980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:39:51.0876 7980 sbp2port - ok
21:39:51.0911 7980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:51.0953 7980 scfilter - ok
21:39:51.0986 7980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:39:51.0989 7980 secdrv - ok
21:39:52.0070 7980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:39:52.0074 7980 Serenum - ok
21:39:52.0086 7980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:39:52.0090 7980 Serial - ok
21:39:52.0118 7980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:52.0122 7980 sermouse - ok
21:39:52.0164 7980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:39:52.0187 7980 sffdisk - ok
21:39:52.0279 7980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:39:52.0286 7980 sffp_mmc - ok
21:39:52.0301 7980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:39:52.0360 7980 sffp_sd - ok
21:39:52.0407 7980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:52.0411 7980 sfloppy - ok
21:39:52.0503 7980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:52.0511 7980 SiSRaid2 - ok
21:39:52.0521 7980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:52.0529 7980 SiSRaid4 - ok
21:39:52.0550 7980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:39:52.0556 7980 Smb - ok
21:39:52.0586 7980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:39:52.0590 7980 spldr - ok
21:39:52.0627 7980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:39:52.0668 7980 srv - ok
21:39:52.0765 7980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:39:52.0820 7980 srv2 - ok
21:39:52.0834 7980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:52.0892 7980 srvnet - ok
21:39:52.0995 7980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:53.0001 7980 stexstor - ok
21:39:53.0053 7980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:39:53.0059 7980 swenum - ok
21:39:53.0180 7980 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
21:39:53.0226 7980 SynTP - ok
21:39:53.0323 7980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:39:53.0380 7980 Tcpip - ok
21:39:53.0531 7980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:53.0548 7980 TCPIP6 - ok
21:39:53.0635 7980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:39:53.0710 7980 tcpipreg - ok
21:39:53.0755 7980 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:39:53.0794 7980 tdcmdpst - ok
21:39:53.0882 7980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:39:53.0888 7980 TDPIPE - ok
21:39:53.0897 7980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:39:53.0901 7980 TDTCP - ok
21:39:53.0945 7980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:39:53.0987 7980 tdx - ok
21:39:54.0101 7980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:39:54.0133 7980 TermDD - ok
21:39:54.0269 7980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:54.0317 7980 tssecsrv - ok
21:39:54.0385 7980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:39:54.0441 7980 TsUsbFlt - ok
21:39:54.0562 7980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:54.0564 7980 tunnel - ok
21:39:54.0603 7980 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:39:54.0662 7980 TVALZ - ok
21:39:54.0754 7980 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
21:39:54.0808 7980 TVALZFL - ok
21:39:54.0837 7980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:54.0841 7980 uagp35 - ok
21:39:54.0936 7980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:39:54.0981 7980 udfs - ok
21:39:55.0036 7980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:39:55.0040 7980 uliagpkx - ok
21:39:55.0149 7980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:39:55.0194 7980 umbus - ok
21:39:55.0226 7980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:39:55.0229 7980 UmPass - ok
21:39:55.0331 7980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:55.0386 7980 usbccgp - ok
21:39:55.0423 7980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:39:55.0428 7980 usbcir - ok
21:39:55.0455 7980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:39:55.0511 7980 usbehci - ok
21:39:55.0628 7980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:55.0681 7980 usbhub - ok
21:39:55.0699 7980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:39:55.0759 7980 usbohci - ok
21:39:55.0801 7980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:55.0805 7980 usbprint - ok
21:39:55.0909 7980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:55.0966 7980 USBSTOR - ok
21:39:55.0995 7980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:39:56.0035 7980 usbuhci - ok
21:39:56.0102 7980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:39:56.0141 7980 usbvideo - ok
21:39:56.0259 7980 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:39:56.0321 7980 VBoxDrv - ok
21:39:56.0422 7980 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:39:56.0478 7980 VBoxNetAdp - ok
21:39:56.0503 7980 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:39:56.0544 7980 VBoxNetFlt - ok
21:39:56.0585 7980 VBoxUSB (ceb09d7c50f047aa457212188d28fc28) C:\Windows\system32\Drivers\VBoxUSB.sys
21:39:56.0626 7980 VBoxUSB - ok
21:39:56.0750 7980 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:39:56.0803 7980 VBoxUSBMon - ok
21:39:56.0852 7980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:39:56.0857 7980 vdrvroot - ok
21:39:56.0968 7980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:56.0973 7980 vga - ok
21:39:56.0994 7980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:39:57.0001 7980 VgaSave - ok
21:39:57.0047 7980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:39:57.0106 7980 vhdmp - ok
21:39:57.0178 7980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:39:57.0185 7980 viaide - ok
21:39:57.0214 7980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:39:57.0259 7980 volmgr - ok
21:39:57.0294 7980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:39:57.0340 7980 volmgrx - ok
21:39:57.0374 7980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:39:57.0414 7980 volsnap - ok
21:39:57.0524 7980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:57.0536 7980 vsmraid - ok
21:39:57.0585 7980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:57.0588 7980 vwifibus - ok
21:39:57.0696 7980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:57.0704 7980 vwififlt - ok
21:39:57.0724 7980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:39:57.0731 7980 vwifimp - ok
21:39:57.0790 7980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:57.0798 7980 WacomPen - ok
21:39:57.0939 7980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:57.0985 7980 WANARP - ok
21:39:58.0002 7980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:58.0003 7980 Wanarpv6 - ok
21:39:58.0099 7980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:39:58.0109 7980 Wd - ok
21:39:58.0137 7980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:39:58.0152 7980 Wdf01000 - ok
21:39:58.0260 7980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:58.0263 7980 WfpLwf - ok
21:39:58.0281 7980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:39:58.0284 7980 WIMMount - ok
21:39:58.0408 7980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:39:58.0413 7980 WmiAcpi - ok
21:39:58.0456 7980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:58.0456 7980 ws2ifsl - ok
21:39:58.0496 7980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:39:58.0542 7980 WudfPf - ok
21:39:58.0642 7980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:58.0694 7980 WUDFRd - ok
21:39:58.0752 7980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:39:58.0768 7980 \Device\Harddisk0\DR0 - ok
21:39:58.0786 7980 Boot (0x1200) (04740ece94bd3eca8ab715fb831edd5a) \Device\Harddisk0\DR0\Partition0
21:39:58.0787 7980 \Device\Harddisk0\DR0\Partition0 - ok
21:39:58.0806 7980 Boot (0x1200) (94fa0d90c10f2c47b3524e6dab3948a5) \Device\Harddisk0\DR0\Partition1
21:39:58.0807 7980 \Device\Harddisk0\DR0\Partition1 - ok
21:39:58.0808 7980 ============================================================
21:39:58.0808 7980 Scan finished
21:39:58.0808 7980 ============================================================
21:39:58.0820 3384 Detected object count: 0
21:39:58.0820 3384 Actual detected object count: 0

Combofix Log

ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00]
Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden
c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden
c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden
c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden
c:\windows\SysWow64\odbcad32.exe
.
—– File Replicators —–
.
c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe
c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe
c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe
c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe
c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe
c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe
c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe
c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe
c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe
c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe
c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe
c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe
c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe
c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe
c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe
c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe
c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe
c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe
c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe
c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe
c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe
c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe
c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe
c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe
c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe
c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe
c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe
c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe
c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe
c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe
c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe
c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe
c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 21:11 . 2011-11-17 21:11 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-11-17 15:51 . 2011-11-17 15:51 388096 —-a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-16 13:57 . 2011-11-16 13:57 ——– d—–w- c:\users\Nico\AppData\Roaming\Malwarebytes
2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\programdata\Malwarebytes
2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-16 13:56 . 2011-08-31 16:00 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 15:39 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll
2011-11-09 18:30 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:30 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:30 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:30 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
2011-11-09 17:44 . 2011-11-17 19:33 ——– d—–w- c:\users\Nico\AppData\Local\PokerStars
2011-11-09 17:43 . 2011-11-09 17:53 ——– d—–w- c:\program files (x86)\PokerStars
2011-10-23 12:30 . 2011-10-23 12:30 8192 —-a-w- c:\windows\SysWow64\srvany.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 13:32 . 2011-08-27 13:31 161168 —-a-w- c:\windows\system32\mfevtps.exe
2011-10-15 12:16 . 2011-08-27 13:32 10248 —-a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 12:16 . 2011-08-27 13:31 75808 —-a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 65264 —-a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 12:16 . 2011-08-27 13:31 647080 —-a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16 . 2011-08-27 13:31 481768 —-a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 12:16 . 2011-08-27 13:31 284648 —-a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 12:16 . 2011-08-27 13:31 229528 —-a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 160280 —-a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 100912 —-a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 10:54 . 2011-09-12 13:53 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24 . 2011-10-13 20:59 2309120 —-a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 20:59 1389056 —-a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 20:59 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 20:59 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-28 11:22 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2011-08-28 11:22 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2011-08-27 13:28 . 2011-08-27 13:28 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
2011-08-27 13:28 . 2011-08-27 13:28 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-27 13:28 . 2011-08-27 13:28 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2011-08-27 13:28 . 2011-08-27 13:28 367104 —-a-w- c:\windows\SysWow64\html.iec
2011-08-27 13:28 . 2011-08-27 13:28 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
2011-08-27 13:28 . 2011-08-27 13:28 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-27 13:28 . 2011-08-27 13:28 161792 —-a-w- c:\windows\SysWow64\msls31.dll
2011-08-27 13:28 . 2011-08-27 13:28 152064 —-a-w- c:\windows\SysWow64\wextract.exe
2011-08-27 13:28 . 2011-08-27 13:28 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
2011-08-27 13:28 . 2011-08-27 13:28 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-27 13:28 . 2011-08-27 13:28 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-27 13:28 . 2011-08-27 13:28 11776 —-a-w- c:\windows\SysWow64\mshta.exe
2011-08-27 13:28 . 2011-08-27 13:28 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-27 13:28 . 2011-08-27 13:28 101888 —-a-w- c:\windows\SysWow64\admparse.dll
2011-08-27 13:28 . 2011-08-27 13:28 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-27 13:28 . 2011-08-27 13:28 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-27 13:28 . 2011-08-27 13:28 85504 —-a-w- c:\windows\system32\iesetup.dll
2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\system32\tdc.ocx
2011-08-27 13:28 . 2011-08-27 13:28 603648 —-a-w- c:\windows\system32\vbscript.dll
2011-08-27 13:28 . 2011-08-27 13:28 49664 —-a-w- c:\windows\system32\imgutil.dll
2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-08-27 13:28 . 2011-08-27 13:28 448512 —-a-w- c:\windows\system32\html.iec
2011-08-27 13:28 . 2011-08-27 13:28 30720 —-a-w- c:\windows\system32\licmgr10.dll
2011-08-27 13:28 . 2011-08-27 13:28 222208 —-a-w- c:\windows\system32\msls31.dll
2011-08-27 13:28 . 2011-08-27 13:28 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2011-08-27 13:28 . 2011-08-27 13:28 165888 —-a-w- c:\windows\system32\iexpress.exe
2011-08-27 13:28 . 2011-08-27 13:28 160256 —-a-w- c:\windows\system32\wextract.exe
2011-08-27 13:28 . 2011-08-27 13:28 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
2011-08-27 13:28 . 2011-08-27 13:28 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-08-27 13:28 . 2011-08-27 13:28 12288 —-a-w- c:\windows\system32\mshta.exe
2011-08-27 13:28 . 2011-08-27 13:28 114176 —-a-w- c:\windows\system32\admparse.dll
2011-08-27 13:28 . 2011-08-27 13:28 111616 —-a-w- c:\windows\system32\iesysprep.dll
2011-08-27 05:37 . 2011-10-13 05:49 861696 —-a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 05:49 331776 —-a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 05:49 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 05:49 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job
- c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job
- c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nederland.fm/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3]
"0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65,
6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=&quo

Anoniem 17 november 2011 21:24

Het ComboFix-log is niet compleet - schijnbaar is het laatse ervan ergens blijven hangen!

Je kan het terugvinden in C:\combofix.txt

Anoniem 17 november 2011 22:17

ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00]
Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden
c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden
c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden
c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden
c:\windows\SysWow64\odbcad32.exe
.
—– File Replicators —–
.
c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe
c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe
c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe
c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe
c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe
c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe
c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe
c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe
c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe
c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe
c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe
c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe
c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe
c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe
c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe
c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe
c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe
c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe
c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe
c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe
c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe
c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe
c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe
c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe
c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe
c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe
c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe
c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe
c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe
c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe
c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe
c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe
c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 21:11 . 2011-11-17 21:11 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-11-17 15:51 . 2011-11-17 15:51 388096 —-a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-16 13:57 . 2011-11-16 13:57 ——– d—–w- c:\users\Nico\AppData\Roaming\Malwarebytes
2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\programdata\Malwarebytes
2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-16 13:56 . 2011-08-31 16:00 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 15:39 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll
2011-11-09 18:30 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:30 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:30 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:30 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
2011-11-09 17:44 . 2011-11-17 19:33 ——– d—–w- c:\users\Nico\AppData\Local\PokerStars
2011-11-09 17:43 . 2011-11-09 17:53 ——– d—–w- c:\program files (x86)\PokerStars
2011-10-23 12:30 . 2011-10-23 12:30 8192 —-a-w- c:\windows\SysWow64\srvany.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 13:32 . 2011-08-27 13:31 161168 —-a-w- c:\windows\system32\mfevtps.exe
2011-10-15 12:16 . 2011-08-27 13:32 10248 —-a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 12:16 . 2011-08-27 13:31 75808 —-a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 65264 —-a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 12:16 . 2011-08-27 13:31 647080 —-a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16 . 2011-08-27 13:31 481768 —-a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 12:16 . 2011-08-27 13:31 284648 —-a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 12:16 . 2011-08-27 13:31 229528 —-a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 160280 —-a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 12:16 . 2011-08-27 13:31 100912 —-a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 10:54 . 2011-09-12 13:53 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24 . 2011-10-13 20:59 2309120 —-a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 20:59 1389056 —-a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 20:59 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 20:59 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-28 11:22 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2011-08-28 11:22 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2011-08-27 13:28 . 2011-08-27 13:28 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
2011-08-27 13:28 . 2011-08-27 13:28 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-27 13:28 . 2011-08-27 13:28 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2011-08-27 13:28 . 2011-08-27 13:28 367104 —-a-w- c:\windows\SysWow64\html.iec
2011-08-27 13:28 . 2011-08-27 13:28 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
2011-08-27 13:28 . 2011-08-27 13:28 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-27 13:28 . 2011-08-27 13:28 161792 —-a-w- c:\windows\SysWow64\msls31.dll
2011-08-27 13:28 . 2011-08-27 13:28 152064 —-a-w- c:\windows\SysWow64\wextract.exe
2011-08-27 13:28 . 2011-08-27 13:28 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
2011-08-27 13:28 . 2011-08-27 13:28 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-27 13:28 . 2011-08-27 13:28 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-27 13:28 . 2011-08-27 13:28 11776 —-a-w- c:\windows\SysWow64\mshta.exe
2011-08-27 13:28 . 2011-08-27 13:28 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-27 13:28 . 2011-08-27 13:28 101888 —-a-w- c:\windows\SysWow64\admparse.dll
2011-08-27 13:28 . 2011-08-27 13:28 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-27 13:28 . 2011-08-27 13:28 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-27 13:28 . 2011-08-27 13:28 85504 —-a-w- c:\windows\system32\iesetup.dll
2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\system32\tdc.ocx
2011-08-27 13:28 . 2011-08-27 13:28 603648 —-a-w- c:\windows\system32\vbscript.dll
2011-08-27 13:28 . 2011-08-27 13:28 49664 —-a-w- c:\windows\system32\imgutil.dll
2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-08-27 13:28 . 2011-08-27 13:28 448512 —-a-w- c:\windows\system32\html.iec
2011-08-27 13:28 . 2011-08-27 13:28 30720 —-a-w- c:\windows\system32\licmgr10.dll
2011-08-27 13:28 . 2011-08-27 13:28 222208 —-a-w- c:\windows\system32\msls31.dll
2011-08-27 13:28 . 2011-08-27 13:28 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2011-08-27 13:28 . 2011-08-27 13:28 165888 —-a-w- c:\windows\system32\iexpress.exe
2011-08-27 13:28 . 2011-08-27 13:28 160256 —-a-w- c:\windows\system32\wextract.exe
2011-08-27 13:28 . 2011-08-27 13:28 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
2011-08-27 13:28 . 2011-08-27 13:28 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-08-27 13:28 . 2011-08-27 13:28 12288 —-a-w- c:\windows\system32\mshta.exe
2011-08-27 13:28 . 2011-08-27 13:28 114176 —-a-w- c:\windows\system32\admparse.dll
2011-08-27 13:28 . 2011-08-27 13:28 111616 —-a-w- c:\windows\system32\iesysprep.dll
2011-08-27 05:37 . 2011-10-13 05:49 861696 —-a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 05:49 331776 —-a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 05:49 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 05:49 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job
- c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job
- c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nederland.fm/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3]
"0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65,
6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Voltooingstijd: 2011-11-17 22:19:19 - machine werd herstart
ComboFix-quarantined-files.txt 2011-11-17 21:19
.
Pre-Run: 114.978.451.456 bytes beschikbaar
Post-Run: 117.780.062.208 bytes beschikbaar
.
- - End Of File - - 82BF197FE724904E2C82CDD90B32116C

Anoniem 18 november 2011 14:46

Vertel hoe jouw Windows momenteel draait en waarom je een Hijack This begonnen bent?

Anoniem 19 november 2011 07:34

Nu draait hij naar mijn doen wel goed. Sinds dat ik in mijn vorig topic werd verzocht malware scan uit te voeren, en 2 bestanden te verwijderen, heb ik geen last meer van vastlopingen van windows of iets dergelijks.

Mijn aanleiding van dit topic staat hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880

Aanleiding van dit bericht:
Tirm
Ouwe rot

Geregistreerd op: 27-6-2009
Berichten: 783

Geplaatst: do nov 17, 2011 1:30 am Onderwerp:
——————————————————————————–
Plaats toch nog maar een hijackthis-log in de rubriek Beveiliging en privacy…

Windows liep meerdere malen in korte tijd vast zowel bij afsluiten als bij actieve processen. Verder bleek McAfee toen uitgeschakeld te zijn als ik weer wou opstarten.

Maar zoals ik begrijp is er aan deze logs niets te zien?

Anoniem 19 november 2011 10:47

Ik zet alleen vraagtekens bij de vele vermeldingen in het log van ComboFix van
[b:c6ddbaad47]ARPPRODUCTICON.exe [/b:c6ddbaad47]

Het lijkt erop dat dit bestand vele malen vernieuwd is geworden!

Anoniem 19 november 2011 12:05

Wat wil dat zeggen als iets vaak vernieuwd wordt dan?

Anoniem 19 november 2011 13:33

Als je ARPPRODUCTICON.exe even in Google mikt, zie je info die doorgaans geruststellend klinkt, bijv. hier http://www.fixfiles.net/arpproducticon.exe.html

Ik heb even gekeken op mijn XP-tje in de Windows-map.
Bij mij zit ie in C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726} en hij is 10 kb en van 21-8-2011. Op die datum heb ik Adobe Shockwave 11.6 geïnstalleerd of ge-updated, daar heeft het vermoedelijk mee te maken.

Resultaat op Virustotal.com

MD5: 6e42cf0d47af25dea4cecdbe093d521c
Date first seen: 2009-02-11 13:31:45 (UTC)
Date last seen: 2011-11-19 15:33:24 (UTC)
Detection ratio: 0/42

Check die van jou ook even op Virustotal.com. Een registerscan zou ik nooit doen. Daar word je mee doodgegooid op al dat soort websites. Er worden dan 5867 of zo fouten gevonden plus een betaald progje om het op te lossen….

Anoniem 19 november 2011 22:06

Arpproduction is inderdaad gelieerd aan software welke geïnstalleerd wordt.
Niet alleen Adobe werkt er mee, maar andere andere softwaremakers ook.
Het is inderdaad geen spyware!

Anoniem 20 november 2011 06:40

Onlangs heb ik weer ongeveer hetzelfde probleem gehad…

De computer reageerde ineens heeeeel erg traag en alles begon vast te lopen. Het leek wel alsof iemand op mijn computer zat vanuit een andere computer.. Ik wou op start en opnieuw opstarten drukken maar dat lukte zelfs niet en toen even later kreeg ik zwart scherm, heb hem maar meteen van stroom afgehaald…

Anoniem 20 november 2011 15:49

Het betreft weer de PC uit dit topic?

Anoniem 20 november 2011 16:04

[quote:c995854fa1="Abraham54"]Het betreft weer de PC uit dit topic?[/quote:c995854fa1]

Ja…

Anoniem 20 november 2011 17:02

Doe dan maar het volgende:

Download de [b:8b96eba4b7][/b:8b96eba4b7] naar het bureaublad en pak het [b:8b96eba4b7]ZIP[/b:8b96eba4b7] bestand uit.
[list:8b96eba4b7]
[*:8b96eba4b7] Open de map "[b:8b96eba4b7]EmsisoftEmergencyKit[/b:8b96eba4b7]" en dubbelklik op "[b:8b96eba4b7]Start.exe[/b:8b96eba4b7]"
[*:8b96eba4b7] Klik nu op "[b:8b96eba4b7]Emergency Kit Scanner[/b:8b96eba4b7]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]"
[img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8b96eba4b7]
[*:8b96eba4b7] Als de update gereed is en de melding "[b:8b96eba4b7]Update process is succesvol afgerond[/b:8b96eba4b7]" verschijnt klikt u op "[b:8b96eba4b7]menu[/b:8b96eba4b7]" en dan op "[b:8b96eba4b7]Scan PC[/b:8b96eba4b7]"
[*:8b96eba4b7] Selecteer de optie "[b:8b96eba4b7]Diep[/b:8b96eba4b7]" als deze niet standaard al zo is ingesteld.
[*:8b96eba4b7] Klik Nu op de knop "[b:8b96eba4b7]Scan[/b:8b96eba4b7]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
[*:8b96eba4b7] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
[*:8b96eba4b7] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8b96eba4b7]verwijder geselecteerde[/b:8b96eba4b7]" u zal nu de volgende melding krijgen maar klik hier op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]"
[img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8b96eba4b7]
[*:8b96eba4b7] Als het verwijderen gereed is klikt u op de knop "[b:8b96eba4b7]View report[/b:8b96eba4b7]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8b96eba4b7]a2scan_110730-111615.txt[/b:8b96eba4b7]
[*:8b96eba4b7] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
[*:8b96eba4b7] Herstart nu de computer.[/list:u:8b96eba4b7]

Hoe bne jij overigens verbomden met internet?
Gedraad of draadloos?

Anoniem 20 november 2011 17:19

Probleem… Ik had hem dus gescand maar had de optie Uitschakelen aangevinkt als scan klaar zou zijn. Ik kwam thuis en computer stond nog aan.. Er stond dat er 1 hoog risico was en dat was omschreven als virus. Ik kreeg melding risico en volgde de instructie op dat ik dat kon wegklikken. Toen wou ik bestanden verwijderen maar gaf hij ineens een registreerscherm weer. Ik druk op annuleren en het programma sluit zich af en de pc wordt uitgeschakeld…

Staan de scangegevens ergens opgeslagen of ben ik het nu kwijt en moet ik het opnieuw doen?…

Anoniem 22 november 2011 16:55

In de map (op je Bureaublad?) \EmsisoftEmergencyKit\Run\Reports zal je als het goed is een verslag vinden van de scan. Anders doe je het toch gewoon opnieuw?

Anoniem 23 november 2011 00:57

Waarom jij je ook niet aan de opdracht heb gehouden, maar een extra handeling uitvoerde, dat is mij niet geheel duidelijk….

Anoniem 23 november 2011 07:52

Ik was de hele dag niet thuis en vond het onnodig de computer aan te laten staan. Dus ik dacht ik vink aan dat ik de computer automatisch laat uitschakelen… Excuses hiervoor.. Ik heb hem vandaag weer gescand met als resultaat:

Emsisoft Emergency Kit - Versie 1.0
Laatste Update: N/A

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 23-11-2011 8:12:54

c:\program files (x86)\Free Offers from Freeze.com Ontdekt: Trace.Directory.Freeze!A2
c:\program files (x86)\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze!A2
c:\program files (x86)\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze!A2
c:\program files (x86)\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze!A2
Key: HKEY_LOCAL_MACHINE\software\Freeze.com\ Ontdekt: Trace.Registry.Freeze!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer –> id Ontdekt: Trace.Registry.EZ Game Cheats!A2
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
C:\Program Files (x86)\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze!A2
C:\Program Files (x86)\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze!A2

Gescand

Bestanden: 236361
Sporen: 401423
Cookies: 373
Processen: 81

Gevonden

Bestanden: 2
Sporen: 6
Cookies: 2
Processen: 0
Registersleutels: 0

Scan Geëindigd: 23-11-2011 9:41:42
Scantijd: 1:28:48

Het virus is gister dus al verwijderd automatisch, maar er is daar geen logfile van. Is er geen mogelijkheid om te achterhalen wat hij heeft verwijderd?…

En wat moet ik met deze gegevens doen, allemaal verwijderen? Ook al hebben ze laag/gemiddeld risico?

En ik maak gebruik van draadloze internet.

Anoniem 23 november 2011 13:15

Hoi, het is beter indien je een scanner niet kent, bij jouw computer te blijven dan datgene doen wat jij deed!

Doe de ComboFix scan nogmaals.

Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.

Krijg je dus zo'n melding, dan dit ook uitvoeren.

Post aansluitend de inhoud van het log.

Anoniem 23 november 2011 13:57

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

HijackThis log vanwege computerproblemen!

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!