Sinds een paar weken geeft mijn uploadmetertje om de paar seconden een uploadsnelheid van 5,0 kbps aan, soms een andere waarde. Ik vermoed dat dit ontstaan is na het openen van een fout email. Ik heb sindsdien reeds meerdere keren door AVG Anti-Virus, Lavasoft Ad-Aware en G Data Antivirus mijn hele computer laten scannen, maar zonder resultaat. Hoe kan ik achterhalen welk programma deze upload veroorzaakt? En als het malware is, hoe kan ik dat dan verwijderen?

Mijn computer draait onder Windows 7 Home Premium, 64 bits.

Draai malwarebytes antimalware en laat alle gevonden besmettingen verwijderen. Daarna maak je een log met hijackthis aan, en plaatst deze hier tezamen met de log van mbam.

Hoi Hans, krijg ik het idee, dat het niet helemaal lukt bij jou?
Dan maar hieronder het hele verhaal.

[b:72ec96bfc3]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:72ec96bfc3]

Beste Abraham54,

Alle stappen, die je aangeeft, heb ik gisteren n.a.v. de reactie van Gerben reeds uitgevoerd. De resultaten daarvan heb ik via de knop (onder zijn bericht) "Stuur privé bericht" naar hem toegestuurd. Mogelijk is daar iets mis mee gegaan, daarom hieronder het bericht dat ik hem stuurde:


Gerben,

Ik heb je aanwijzingen opgevolgd, d.w.z:

= MBAM gedownload en geïnstalleerd en daarmee zowel een snelle scan als een volledige scan uitgevoerd. Beide hebben geen malware gevonden.

= HijackThis gedownload en geïnstalleerd en een systeemscan laten maken. Tijdens deze scan kwam er de melding: "For some reason your system denied write access to the Hostfile." (de volledige tekst van deze melding heb ik hieronder ingevoegd).

Ik weet niet hoe ik de logbestanden van MBAM en HijackThis als bijlage aan dit bericht kan voegen, daarom heb ik die tekst ook hieronder ingevoegd.

Ik hoop dat je me verder kan helpen en wacht je bericht af. Bij voorbaat dank.

Hans Klopper


———————————————————————————–
LOGBESTAND VAN SNELLE SCAN: mbam-log-2011-12-30 (15-05-52).txt
———————————————————————————–
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Databaseversie: v2011.12.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hans :: SONY-VAIO [administrator]

30-12-2011 15:05:52
mbam-log-2011-12-30 (15-05-52).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 195477
Verstreken tijd: 12 minuut/minuten, 58 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)


——————————————————————————–
LOGBESTAND VAN VOLLEDIGE SCAN: mbam-log-2011-12-30 (15-26-16).txt
——————————————————————————–
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Databaseversie: v2011.12.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hans :: SONY-VAIO [administrator]

30-12-2011 15:26:16
mbam-log-2011-12-30 (15-26-16).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 399862
Verstreken tijd: 1 uur/uren, 54 minuut/minuten, 16 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)


—————————————————————————-
MELDING VAN HIJACKTHIS TIJDES SYSTEEMSCAN
—————————————————————————-
For some reason your system denied write access to the Hostfile. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If this happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis repeorts and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: Simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.


—————————————————————————-
LOGBESTAND: hijackthis (30-12-2011).txt
—————————————————————————-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:54:29, on 30-12-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DU Meter\DUMeter.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Opslag\Programma's\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 13968 bytes

————————————————————————–

Hoi Hans, de logs geven enkel aanknooppunt.
Ik vemoed rootkitaktiviteiten.
Daarom nu twee diepe scantools:

Beste Abraham54,

Om te beginnen: De beste wensen voor 2012!!! Moge het een malware-vrij jaar worden……..

Ik heb je aanwijzingen uitgevoerd.

TDSSKiller verliep meteen soepeltjes. Dit programma vond twee threats, welke ik beide in quarantaine heb laten plaatsen. De inhoud van het logbestand heb ik hieronder ingevoegd.

ComboFix gaf even wat meer problemen. Na de vermelding "Voltooid Deel_4" bleef ComboFix hangen, mogelijk omdat ik toch de nog op mijn computer aanwezige testversie van G Data Antivirus niet goed had afgesloten. Daarom heb ik na herstarten van de computer eerst G Data geheel verwijderd en daarna ComboFix opnieuw opgestart. Dat verliep wel goed. De inhoud van het lograpport van ComboFix heb ik ook hieronder ingevoegd.

Uiteindelijk is het probleem nog niet opgelost, de onbekende uploads vinden nog steeds plaats. Ik wacht je verdere adviezen dus af.

Met vriendelijke groeten,

Hans Klopper


———————————————————————————-
LOGBESTAND: TDSSKiller.2.6.25.0_31.12.2011_12.11.35_log.txt
———————————————————————————-

12:11:35.0152 2320 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:11:35.0355 2320 ============================================================
12:11:35.0355 2320 Current date / time: 2011/12/31 12:11:35.0355
12:11:35.0355 2320 SystemInfo:
12:11:35.0355 2320
12:11:35.0355 2320 OS Version: 6.1.7601 ServicePack: 1.0
12:11:35.0355 2320 Product type: Workstation
12:11:35.0355 2320 ComputerName: SONY-VAIO
12:11:35.0355 2320 UserName: Hans
12:11:35.0355 2320 Windows directory: C:\Windows
12:11:35.0355 2320 System windows directory: C:\Windows
12:11:35.0355 2320 Running under WOW64
12:11:35.0355 2320 Processor architecture: Intel x64
12:11:35.0355 2320 Number of processors: 8
12:11:35.0355 2320 Page size: 0x1000
12:11:35.0355 2320 Boot type: Normal boot
12:11:35.0355 2320 ============================================================
12:11:35.0901 2320 Initialize success
12:14:43.0710 3552 ============================================================
12:14:43.0710 3552 Scan started
12:14:43.0710 3552 Mode: Manual; SigCheck; TDLFS;
12:14:43.0710 3552 ============================================================
12:14:44.0209 3552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:14:44.0786 3552 1394ohci - ok
12:14:44.0849 3552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:14:44.0880 3552 ACPI - ok
12:14:44.0911 3552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:14:44.0989 3552 AcpiPmi - ok
12:14:45.0364 3552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:14:45.0395 3552 adp94xx - ok
12:14:45.0488 3552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:14:45.0520 3552 adpahci - ok
12:14:45.0566 3552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:14:45.0598 3552 adpu320 - ok
12:14:45.0644 3552 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:14:45.0707 3552 AFD - ok
12:14:45.0738 3552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:14:45.0769 3552 agp440 - ok
12:14:45.0816 3552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:14:45.0832 3552 aliide - ok
12:14:45.0863 3552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:14:45.0878 3552 amdide - ok
12:14:45.0910 3552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:14:45.0956 3552 AmdK8 - ok
12:14:46.0003 3552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:14:46.0034 3552 AmdPPM - ok
12:14:46.0081 3552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:14:46.0112 3552 amdsata - ok
12:14:46.0175 3552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:14:46.0206 3552 amdsbs - ok
12:14:46.0237 3552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:14:46.0253 3552 amdxata - ok
12:14:46.0315 3552 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
12:14:46.0362 3552 ApfiltrService - ok
12:14:46.0424 3552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:14:46.0471 3552 AppID - ok
12:14:46.0518 3552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:14:46.0549 3552 arc - ok
12:14:46.0580 3552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:14:46.0612 3552 arcsas - ok
12:14:46.0643 3552 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:14:46.0658 3552 ArcSoftKsUFilter - ok
12:14:46.0690 3552 Aspi32 - ok
12:14:46.0721 3552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:14:46.0783 3552 AsyncMac - ok
12:14:46.0830 3552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:14:46.0861 3552 atapi - ok
12:14:46.0939 3552 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
12:14:47.0329 3552 athr - ok
12:14:47.0454 3552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:14:47.0516 3552 b06bdrv - ok
12:14:47.0579 3552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:14:47.0610 3552 b57nd60a - ok
12:14:47.0641 3552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:14:47.0672 3552 Beep - ok
12:14:47.0719 3552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:14:47.0766 3552 blbdrive - ok
12:14:47.0813 3552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:14:47.0860 3552 bowser - ok
12:14:47.0891 3552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:14:47.0938 3552 BrFiltLo - ok
12:14:47.0969 3552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:14:48.0000 3552 BrFiltUp - ok
12:14:48.0062 3552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:14:48.0125 3552 Brserid - ok
12:14:48.0172 3552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:14:48.0203 3552 BrSerWdm - ok
12:14:48.0234 3552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:14:48.0265 3552 BrUsbMdm - ok
12:14:48.0296 3552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:14:48.0343 3552 BrUsbSer - ok
12:14:48.0390 3552 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:14:48.0452 3552 BthEnum - ok
12:14:48.0484 3552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:14:48.0530 3552 BTHMODEM - ok
12:14:48.0562 3552 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:14:48.0593 3552 BthPan - ok
12:14:48.0624 3552 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:14:48.0702 3552 BTHPORT - ok
12:14:48.0749 3552 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:14:48.0796 3552 BTHUSB - ok
12:14:48.0858 3552 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
12:14:48.0889 3552 btwampfl - ok
12:14:48.0936 3552 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
12:14:48.0952 3552 btwaudio - ok
12:14:49.0186 3552 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
12:14:49.0217 3552 btwavdt - ok
12:14:49.0279 3552 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:14:49.0310 3552 btwl2cap - ok
12:14:49.0342 3552 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
12:14:49.0373 3552 btwrchid - ok
12:14:49.0420 3552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:14:49.0482 3552 cdfs - ok
12:14:49.0544 3552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:14:49.0576 3552 cdrom - ok
12:14:49.0638 3552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:14:49.0669 3552 circlass - ok
12:14:49.0732 3552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:14:49.0747 3552 CLFS - ok
12:14:49.0810 3552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:14:49.0856 3552 CmBatt - ok
12:14:49.0888 3552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:14:49.0919 3552 cmdide - ok
12:14:49.0966 3552 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:14:50.0012 3552 CNG - ok
12:14:50.0059 3552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:14:50.0075 3552 Compbatt - ok
12:14:50.0137 3552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:14:50.0168 3552 CompositeBus - ok
12:14:50.0200 3552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:14:50.0231 3552 crcdisk - ok
12:14:50.0246 3552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:14:50.0324 3552 DfsC - ok
12:14:50.0340 3552 DIRECTIO - ok
12:14:50.0387 3552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:14:50.0449 3552 discache - ok
12:14:50.0480 3552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:14:50.0496 3552 Disk - ok
12:14:50.0558 3552 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:14:50.0574 3552 Dot4 - ok
12:14:50.0621 3552 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
12:14:50.0652 3552 Dot4Print - ok
12:14:50.0668 3552 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:14:50.0714 3552 dot4usb - ok
12:14:50.0746 3552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:14:50.0777 3552 drmkaud - ok
12:14:50.0839 3552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:14:50.0886 3552 DXGKrnl - ok
12:14:50.0948 3552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:14:51.0307 3552 ebdrv - ok
12:14:51.0401 3552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:14:51.0448 3552 elxstor - ok
12:14:51.0479 3552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:14:51.0526 3552 ErrDev - ok
12:14:51.0588 3552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:14:51.0635 3552 exfat - ok
12:14:51.0666 3552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:14:51.0713 3552 fastfat - ok
12:14:51.0728 3552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:14:51.0760 3552 fdc - ok
12:14:51.0806 3552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:14:51.0822 3552 FileInfo - ok
12:14:51.0853 3552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:14:51.0900 3552 Filetrace - ok
12:14:51.0931 3552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:14:51.0962 3552 flpydisk - ok
12:14:51.0994 3552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:14:52.0025 3552 FltMgr - ok
12:14:52.0056 3552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:14:52.0072 3552 FsDepends - ok
12:14:52.0103 3552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:14:52.0118 3552 Fs_Rec - ok
12:14:52.0165 3552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:14:52.0196 3552 fvevol - ok
12:14:52.0228 3552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:14:52.0259 3552 gagp30kx - ok
12:14:52.0290 3552 GDBehave (70f2b7c787602c857525fd1939ef680a) C:\Windows\system32\drivers\GDBehave.sys
12:14:52.0306 3552 GDBehave - ok
12:14:52.0337 3552 GDMnIcpt (185b4958bf8ccc6ffa0eea5c0e7f65f6) C:\Windows\system32\drivers\MiniIcpt.sys
12:14:52.0352 3552 GDMnIcpt - ok
12:14:52.0384 3552 GdNetMon (6ed8137eb1767a9e4c94db894793b37d) C:\Windows\system32\drivers\GdNetMon64.sys
12:14:52.0415 3552 GdNetMon - ok
12:14:52.0446 3552 GDPkIcpt (a7dbc5e8767e70dbf59114f826d4b1b6) C:\Windows\system32\drivers\PktIcpt.sys
12:14:52.0462 3552 GDPkIcpt - ok
12:14:52.0508 3552 gdwfpcd (a59e3e53fa5ba6355a300b31782d2e34) C:\Windows\system32\drivers\gdwfpcd64.sys
12:14:52.0524 3552 gdwfpcd - ok
12:14:52.0586 3552 GRD (c86f45014c5d096d0e40e098d5e6947e) C:\Windows\system32\drivers\GRD.sys
12:14:52.0618 3552 GRD - ok
12:14:52.0680 3552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:14:52.0742 3552 hcw85cir - ok
12:14:52.0774 3552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:14:52.0836 3552 HdAudAddService - ok
12:14:52.0883 3552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:14:52.0914 3552 HDAudBus - ok
12:14:52.0961 3552 HH10Help.sys (62fb29642745dd290910bfd79537fce0) C:\Windows\system32\drivers\HH10Help.sys
12:14:53.0054 3552 HH10Help.sys - ok
12:14:53.0148 3552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:14:53.0195 3552 HidBatt - ok
12:14:53.0242 3552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:14:53.0288 3552 HidBth - ok
12:14:53.0320 3552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:14:53.0366 3552 HidIr - ok
12:14:53.0413 3552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:14:53.0460 3552 HidUsb - ok
12:14:53.0507 3552 HookCentre (3bcb98418bf3cffb152109d3b10b1c85) C:\Windows\system32\drivers\HookCentre.sys
12:14:53.0522 3552 HookCentre - ok
12:14:53.0569 3552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:14:53.0600 3552 HpSAMD - ok
12:14:53.0663 3552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:14:53.0725 3552 HTTP - ok
12:14:53.0756 3552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:14:53.0772 3552 hwpolicy - ok
12:14:53.0803 3552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:14:53.0834 3552 i8042prt - ok
12:14:53.0866 3552 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
12:14:53.0897 3552 iaStor - ok
12:14:53.0928 3552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:14:53.0975 3552 iaStorV - ok
12:14:54.0022 3552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:14:54.0037 3552 iirsp - ok
12:14:54.0100 3552 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
12:14:54.0162 3552 Impcd - ok
12:14:54.0240 3552 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
12:14:54.0318 3552 IntcAzAudAddService - ok
12:14:54.0349 3552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:14:54.0365 3552 intelide - ok
12:14:54.0412 3552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:14:54.0443 3552 intelppm - ok
12:14:54.0505 3552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:14:54.0568 3552 IpFilterDriver - ok
12:14:54.0599 3552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:14:54.0630 3552 IPMIDRV - ok
12:14:54.0661 3552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:14:54.0724 3552 IPNAT - ok
12:14:54.0755 3552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:14:54.0802 3552 IRENUM - ok
12:14:54.0848 3552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:14:54.0880 3552 isapnp - ok
12:14:54.0895 3552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:14:54.0926 3552 iScsiPrt - ok
12:14:55.0051 3552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:14:55.0082 3552 kbdclass - ok
12:14:55.0238 3552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:14:55.0285 3552 kbdhid - ok
12:14:55.0332 3552 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:14:55.0363 3552 KSecDD - ok
12:14:55.0410 3552 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:14:55.0441 3552 KSecPkg - ok
12:14:55.0488 3552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:14:55.0550 3552 ksthunk - ok
12:14:55.0597 3552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:14:55.0660 3552 lltdio - ok
12:14:55.0706 3552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:14:55.0738 3552 LSI_FC - ok
12:14:55.0784 3552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:14:55.0816 3552 LSI_SAS - ok
12:14:55.0847 3552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:14:55.0878 3552 LSI_SAS2 - ok
12:14:55.0909 3552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:14:55.0940 3552 LSI_SCSI - ok
12:14:55.0972 3552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:14:56.0034 3552 luafv - ok
12:14:56.0081 3552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:14:56.0096 3552 megasas - ok
12:14:56.0143 3552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:14:56.0174 3552 MegaSR - ok
12:14:56.0206 3552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:14:56.0252 3552 Modem - ok
12:14:56.0299 3552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:14:56.0330 3552 monitor - ok
12:14:56.0393 3552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:14:56.0408 3552 mouclass - ok
12:14:56.0455 3552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:14:56.0486 3552 mouhid - ok
12:14:56.0549 3552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:14:56.0580 3552 mountmgr - ok
12:14:56.0627 3552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:14:56.0658 3552 mpio - ok
12:14:56.0689 3552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:14:56.0736 3552 mpsdrv - ok
12:14:56.0798 3552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:14:56.0830 3552 MRxDAV - ok
12:14:56.0876 3552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:14:56.0923 3552 mrxsmb - ok
12:14:57.0001 3552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:14:57.0079 3552 mrxsmb10 - ok
12:14:57.0235 3552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:14:57.0282 3552 mrxsmb20 - ok
12:14:57.0329 3552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:14:57.0360 3552 msahci - ok
12:14:57.0422 3552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:14:57.0438 3552 msdsm - ok
12:14:57.0500 3552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:14:57.0547 3552 Msfs - ok
12:14:57.0578 3552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:14:57.0625 3552 mshidkmdf - ok
12:14:57.0656 3552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:14:57.0688 3552 msisadrv - ok
12:14:57.0734 3552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:14:57.0781 3552 MSKSSRV - ok
12:14:57.0828 3552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:14:57.0875 3552 MSPCLOCK - ok
12:14:57.0906 3552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:14:57.0968 3552 MSPQM - ok
12:14:58.0015 3552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:14:58.0046 3552 MsRPC - ok
12:14:58.0078 3552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:14:58.0109 3552 mssmbios - ok
12:14:58.0124 3552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:14:58.0187 3552 MSTEE - ok
12:14:58.0218 3552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:14:58.0249 3552 MTConfig - ok
12:14:58.0296 3552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:14:58.0327 3552 Mup - ok
12:14:58.0374 3552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:14:58.0421 3552 NativeWifiP - ok
12:14:58.0468 3552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:14:58.0499 3552 NDIS - ok
12:14:58.0530 3552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:14:58.0577 3552 NdisCap - ok
12:14:58.0624 3552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:14:58.0670 3552 NdisTapi - ok
12:14:58.0702 3552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:14:58.0748 3552 Ndisuio - ok
12:14:58.0795 3552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:14:58.0858 3552 NdisWan - ok
12:14:58.0889 3552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:14:58.0951 3552 NDProxy - ok
12:14:59.0092 3552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:14:59.0154 3552 NetBIOS - ok
12:14:59.0310 3552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:14:59.0341 3552 NetBT - ok
12:14:59.0528 3552 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:14:59.0825 3552 NETw5s64 - ok
12:14:59.0887 3552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:14:59.0903 3552 nfrd960 - ok
12:14:59.0950 3552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:14:59.0996 3552 Npfs - ok
12:15:00.0012 3552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:15:00.0059 3552 nsiproxy - ok
12:15:00.0121 3552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:15:00.0230 3552 Ntfs - ok
12:15:00.0246 3552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:15:00.0293 3552 Null - ok
12:15:00.0340 3552 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:15:00.0371 3552 nusb3hub - ok
12:15:00.0402 3552 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys
12:15:00.0418 3552 nusb3xhc - ok
12:15:00.0464 3552 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers\nvhda64v.sys
12:15:00.0480 3552 NVHDA - ok
12:15:00.0683 3552 nvlddmkm (b4402e1d61a3015fc29bef94bb1c81fd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:15:00.0854 3552 nvlddmkm - ok
12:15:00.0901 3552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:15:00.0932 3552 nvraid - ok
12:15:00.0948 3552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:15:01.0010 3552 nvstor - ok
12:15:01.0182 3552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:15:01.0213 3552 nv_agp - ok
12:15:01.0260 3552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:15:01.0307 3552 ohci1394 - ok
12:15:01.0354 3552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:15:01.0385 3552 Parport - ok
12:15:01.0416 3552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:15:01.0432 3552 partmgr - ok
12:15:01.0478 3552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:15:01.0510 3552 pci - ok
12:15:01.0525 3552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:15:01.0541 3552 pciide - ok
12:15:01.0588 3552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:15:01.0619 3552 pcmcia - ok
12:15:01.0634 3552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:15:01.0666 3552 pcw - ok
12:15:01.0697 3552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:15:01.0790 3552 PEAUTH - ok
12:15:01.0884 3552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:15:01.0946 3552 PptpMiniport - ok
12:15:01.0978 3552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:15:02.0009 3552 Processor - ok
12:15:02.0056 3552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:15:02.0087 3552 Psched - ok
12:15:02.0134 3552 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
12:15:02.0165 3552 PxHlpa64 - ok
12:15:02.0212 3552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:15:02.0305 3552 ql2300 - ok
12:15:02.0321 3552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:15:02.0352 3552 ql40xx - ok
12:15:02.0383 3552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:15:02.0430 3552 QWAVEdrv - ok
12:15:02.0461 3552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:15:02.0524 3552 RasAcd - ok
12:15:02.0555 3552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:15:02.0602 3552 RasAgileVpn - ok
12:15:02.0648 3552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:15:02.0695 3552 Rasl2tp - ok
12:15:02.0726 3552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:15:02.0773 3552 RasPppoe - ok
12:15:02.0804 3552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:15:02.0851 3552 RasSstp - ok
12:15:02.0898 3552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:15:03.0007 3552 rdbss - ok
12:15:03.0038 3552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:15:03.0085 3552 rdpbus - ok
12:15:03.0132 3552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:15:03.0194 3552 RDPCDD - ok
12:15:03.0272 3552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:15:03.0319 3552 RDPENCDD - ok
12:15:03.0350 3552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:15:03.0397 3552 RDPREFMP - ok
12:15:03.0444 3552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:15:03.0491 3552 RDPWD - ok
12:15:03.0538 3552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:15:03.0569 3552 rdyboost - ok
12:15:03.0600 3552 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
12:15:03.0616 3552 regi - ok
12:15:03.0662 3552 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:15:03.0709 3552 RFCOMM - ok
12:15:03.0772 3552 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
12:15:03.0818 3552 rimspci - ok
12:15:03.0865 3552 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
12:15:03.0912 3552 risdsnpe - ok
12:15:03.0943 3552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:15:03.0990 3552 rspndr - ok
12:15:04.0021 3552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:15:04.0037 3552 sbp2port - ok
12:15:04.0068 3552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:15:04.0115 3552 scfilter - ok
12:15:04.0177 3552 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:15:04.0208 3552 sdbus - ok
12:15:04.0255 3552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:15:04.0302 3552 secdrv - ok
12:15:04.0364 3552 Ser2pl (ef7b5ec21e7c0f6e4237424a41fa720e) C:\Windows\system32\DRIVERS\ser2pl64.sys
12:15:04.0427 3552 Ser2pl - ok
12:15:04.0458 3552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:15:04.0489 3552 Serenum - ok
12:15:04.0505 3552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:15:04.0536 3552 Serial - ok
12:15:04.0583 3552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:15:04.0614 3552 sermouse - ok
12:15:04.0661 3552 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
12:15:04.0708 3552 SFEP - ok
12:15:04.0754 3552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:15:04.0817 3552 sffdisk - ok
12:15:04.0832 3552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:15:04.0864 3552 sffp_mmc - ok
12:15:04.0879 3552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:15:04.0910 3552 sffp_sd - ok
12:15:04.0942 3552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:15:04.0957 3552 sfloppy - ok
12:15:05.0004 3552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:15:05.0035 3552 SiSRaid2 - ok
12:15:05.0051 3552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:15:05.0082 3552 SiSRaid4 - ok
12:15:05.0113 3552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:15:05.0160 3552 Smb - ok
12:15:05.0207 3552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:15:05.0222 3552 spldr - ok
12:15:05.0269 3552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:15:05.0332 3552 srv - ok
12:15:05.0363 3552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:15:05.0425 3552 srv2 - ok
12:15:05.0456 3552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:15:05.0503 3552 srvnet - ok
12:15:05.0534 3552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:15:05.0566 3552 stexstor - ok
12:15:05.0612 3552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:15:05.0644 3552 swenum - ok
12:15:05.0706 3552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:15:05.0846 3552 Tcpip - ok
12:15:05.0909 3552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:15:05.0940 3552 TCPIP6 - ok
12:15:05.0987 3552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:15:06.0034 3552 tcpipreg - ok
12:15:06.0080 3552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:15:06.0127 3552 TDPIPE - ok
12:15:06.0143 3552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:15:06.0190 3552 TDTCP - ok
12:15:06.0221 3552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:15:06.0268 3552 tdx - ok
12:15:06.0283 3552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:15:06.0314 3552 TermDD - ok
12:15:06.0361 3552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:15:06.0408 3552 tssecsrv - ok
12:15:06.0470 3552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:15:06.0517 3552 TsUsbFlt - ok
12:15:06.0548 3552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:15:06.0595 3552 tunnel - ok
12:15:06.0626 3552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:15:06.0658 3552 uagp35 - ok
12:15:06.0689 3552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:15:06.0751 3552 udfs - ok
12:15:06.0798 3552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:15:06.0829 3552 uliagpkx - ok
12:15:06.0860 3552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:15:06.0892 3552 umbus - ok
12:15:06.0923 3552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:15:06.0954 3552 UmPass - ok
12:15:07.0032 3552 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
12:15:07.0063 3552 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
12:15:07.0063 3552 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
12:15:07.0110 3552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:15:07.0141 3552 usbccgp - ok
12:15:07.0172 3552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:15:07.0219 3552 usbcir - ok
12:15:07.0250 3552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:15:07.0282 3552 usbehci - ok
12:15:07.0313 3552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:15:07.0360 3552 usbhub - ok
12:15:07.0406 3552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:15:07.0438 3552 usbohci - ok
12:15:07.0484 3552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:15:07.0500 3552 usbprint - ok
12:15:07.0531 3552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:15:07.0562 3552 usbscan - ok
12:15:07.0609 3552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
12:15:07.0640 3552 USBSTOR - ok
12:15:07.0656 3552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:15:07.0687 3552 usbuhci - ok
12:15:07.0734 3552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:15:07.0781 3552 usbvideo - ok
12:15:07.0828 3552 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
12:15:07.0843 3552 vcd10bus - ok
12:15:07.0843 3552 Suspicious service (NoAccess): vdrv1000
12:15:07.0874 3552 vdrv1000 (f0ecf990b3de8842e948279af31cc4e5) C:\Windows\system32\DRIVERS\vdrv1000.sys
12:15:07.0890 3552 vdrv1000 ( LockedService.Multi.Generic ) - warning
12:15:07.0890 3552 vdrv1000 - detected LockedService.Multi.Generic (1)
12:15:07.0952 3552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:15:07.0968 3552 vdrvroot - ok
12:15:08.0015 3552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:15:08.0046 3552 vga - ok
12:15:08.0077 3552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:15:08.0140 3552 VgaSave - ok
12:15:08.0186 3552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:15:08.0218 3552 vhdmp - ok
12:15:08.0264 3552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:15:08.0296 3552 viaide - ok
12:15:08.0327 3552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:15:08.0358 3552 volmgr - ok
12:15:08.0389 3552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:15:08.0420 3552 volmgrx - ok
12:15:08.0452 3552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:15:08.0483 3552 volsnap - ok
12:15:08.0530 3552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:15:08.0561 3552 vsmraid - ok
12:15:08.0576 3552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:15:08.0608 3552 vwifibus - ok
12:15:08.0639 3552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:15:08.0686 3552 vwififlt - ok
12:15:08.0717 3552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:15:08.0748 3552 vwifimp - ok
12:15:08.0779 3552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:15:08.0826 3552 WacomPen - ok
12:15:08.0857 3552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:08.0920 3552 WANARP - ok
12:15:08.0935 3552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:08.0966 3552 Wanarpv6 - ok
12:15:09.0029 3552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:15:09.0044 3552 Wd - ok
12:15:09.0076 3552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:15:09.0138 3552 Wdf01000 - ok
12:15:09.0185 3552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:15:09.0232 3552 WfpLwf - ok
12:15:09.0247 3552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:15:09.0278 3552 WIMMount - ok
12:15:09.0341 3552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:15:09.0372 3552 WmiAcpi - ok
12:15:09.0419 3552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:15:09.0466 3552 ws2ifsl - ok
12:15:09.0512 3552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:15:09.0559 3552 WudfPf - ok
12:15:09.0590 3552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:15:09.0637 3552 WUDFRd - ok
12:15:09.0684 3552 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
12:15:09.0715 3552 yukonw7 - ok
12:15:09.0746 3552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:15:10.0012 3552 \Device\Harddisk0\DR0 - ok
12:15:10.0027 3552 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR1
12:15:10.0199 3552 \Device\Harddisk1\DR1 - ok
12:15:10.0199 3552 Boot (0x1200) (8fb42c00be2d69241fc6ff414b3c5fc7) \Device\Harddisk0\DR0\Partition0
12:15:10.0199 3552 \Device\Harddisk0\DR0\Partition0 - ok
12:15:10.0230 3552 Boot (0x1200) (db8e38f36d053343003ee3999426d0e6) \Device\Harddisk0\DR0\Partition1
12:15:10.0230 3552 \Device\Harddisk0\DR0\Partition1 - ok
12:15:10.0246 3552 Boot (0x1200) (f3a43cd4c3d0fe44acfefd746ac905f5) \Device\Harddisk1\DR1\Partition0
12:15:10.0246 3552 \Device\Harddisk1\DR1\Partition0 - ok
12:15:10.0246 3552 ============================================================
12:15:10.0246 3552 Scan finished
12:15:10.0246 3552 ============================================================
12:15:10.0246 5460 Detected object count: 2
12:15:10.0246 5460 Actual detected object count: 2
12:20:53.0181 5460 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys - copied to quarantine
12:20:53.0197 5460 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:20:53.0353 5460 C:\Windows\system32\DRIVERS\vdrv1000.sys - copied to quarantine
12:20:53.0353 5460 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Quarantine
12:25:05.0589 3804 Deinitialize success


———————————————————————————-
LOGBESTAND: ComboFix (lograpport 1-1-2012, 13.53).txt
———————————————————————————-

ComboFix 11-12-31.02 - Hans 01-01-2012 13:53:31.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6125.4486 [GMT 1:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0413.exe
c:\windows\system32\java.exe
I:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_KXESCORE
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-01 to 2012-01-01 ))))))))))))))))))))))))))))))
.
.
2012-01-01 12:58 . 2012-01-01 12:58 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-12-31 14:15 . 2011-12-31 14:15 508647 —-a-w- c:\windows\SysWow64\sig.bin
2011-12-31 11:20 . 2011-12-31 11:20 ——– d—–w- C:\TDSSKiller_Quarantine
2011-12-30 16:35 . 2011-12-30 16:35 388096 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-30 16:35 . 2011-12-30 16:35 ——– d—–w- c:\program files (x86)\Trend Micro
2011-12-30 13:59 . 2011-12-30 13:59 ——– d—–w- c:\users\Hans\AppData\Roaming\Malwarebytes
2011-12-30 13:57 . 2011-12-30 13:57 ——– d—–w- c:\programdata\Malwarebytes
2011-12-30 13:57 . 2011-12-30 13:57 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 13:57 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 09:08 . 2011-11-30 01:21 8822856 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85CF38B6-542F-4783-BADA-89B8186E26F3}\mpengine.dll
2011-12-29 14:30 . 2011-12-29 14:30 106488 —-a-w- c:\windows\system32\drivers\GRD.sys
2011-12-29 14:04 . 2011-12-29 14:26 59256 —-a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-12-29 14:03 . 2011-12-29 14:26 50552 —-a-w- c:\windows\system32\drivers\GDBehave.sys
2011-12-29 14:03 . 2011-12-29 14:26 111992 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-12-29 14:03 . 2011-12-29 14:26 65912 —-a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2011-12-29 14:03 . 2012-01-01 12:09 ——– d—–w- c:\programdata\G DATA
2011-12-29 14:03 . 2012-01-01 12:09 ——– d—–w- c:\program files (x86)\Common Files\G Data
2011-12-29 14:03 . 2011-12-29 14:03 ——– d—–w- c:\program files (x86)\G Data
2011-12-29 13:57 . 2011-12-29 13:57 ——– d—–w- c:\users\Hans\AppData\Local\Downloaded Installations
2011-12-25 10:21 . 2011-12-25 10:21 ——– d—–w- c:\users\Hans\AppData\Roaming\dvdcss
2011-12-15 08:24 . 2011-10-26 05:21 43520 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:24 . 2011-11-24 04:52 3145216 —-a-w- c:\windows\system32\win32k.sys
2011-12-15 08:24 . 2011-10-15 06:31 723456 —-a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:24 . 2011-10-15 05:38 534528 —-a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 08:24 . 2011-11-05 05:32 2048 —-a-w- c:\windows\system32\tzres.dll
2011-12-15 08:24 . 2011-11-05 04:26 2048 —-a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 10:59 . 2011-07-19 19:44 1890 –sha-w- c:\programdata\KGyGaAvL.sys
2011-12-02 14:25 . 2011-11-01 10:44 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2011-07-18 09:15 270720 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2011-10-19 411976]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2004-08-25 1465856]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DIRECTIO;DIRECTIO;d:\burnintest\DirectIo.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-05-20 144712]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 —-a-w- c:\windows\System32\cmd.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:00]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:00]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"combofix"="c:\combofix\CF12071.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-G Data AntiVirus Tray Application - c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-De Nationale Stratengids - c:\windows\IsUn0413.exe
AddRemove-WN Wereld@tlas - c:\windows\IsUn0413.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{25A785AE-3892-CA84-EA9A006458EDF41F}\{C494D2DB-9D8B-1943-CDB4B7EB0238E0C7}\{76739E62-5E8B-35F4-1BE90E5C477012C5}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,48,9a,ae,
65,ac,f0,92,28,a7,ce,4d,e9,42,73,e6,ca,2e,d2,80,1d,39,a8,06,dd,9a,9f,9c,fe,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{4D36E769-B7A1-49B0-7FF57AC1710650DC}\{A2C50D74-0103-0472-B4B4032F319B5A49}\{CF55CBC2-03B6-AE3E-9F7994016B214C0B}*]
"DIT6ZOM5B14NHYLTYZ22F3XEBE1"=hex:01,00,01,00,00,00,00,00,5d,66,f6,5e,7f,dc,c5,
51,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
"ICNI5VY1JTL2UXKQCRTPNVJUTD1"=hex:01,00,01,00,00,00,00,00,f5,7a,de,ba,99,33,75,
a0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7DD3F40A-D355-6812-5F38C6DF25C81416}\{ABD6C561-23A4-DB1A-8071BFAD90F4BBA7}\{44979372-8107-77C6-62A4A40E954B2869}*]
"U4FYAKSJ5VM3GJXQTXJWACGIRB1"=hex:01,00,01,00,00,00,00,00,e3,ea,75,7b,b7,8d,ae,
78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}*]
"C1DOCMZEVQCFRZOX1JFAECQ4JG1"=hex:01,00,01,00,00,00,00,00,d2,ea,71,f8,77,b8,d3,
8a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A31F0760-3CAF-40FF-C311EB15E667F290}\{E2D01E6A-D52B-9055-85F4CB9FDFA44017}\{62A48FA1-2175-E3E4-19BA4655EA387446}*]
"CE4J2XQRGMR1PZTVDBUFMHVOGA1"=hex:01,00,01,00,00,00,00,00,cc,fe,5c,3b,ff,b3,38,
11,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4A5C981-2676-291A-32EFD4032EA8E33A}\{919E04ED-9AED-1E96-6948A9B454B0D1AB}\{B9D741B0-7F58-31BD-F6CE842C649F7BA8}*]
"IA4KYCR425UAONYGOGVOJRXUKE1"=hex:01,00,01,00,00,00,00,00,c9,ed,d6,8a,32,72,87,
59,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-01 14:07:08 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-01 13:07
.
Pre-Run: 322.774.462.464 bytes beschikbaar
Post-Run: 324.671.623.168 bytes beschikbaar
.
- - End Of File - - FEB9F5D827F00E07343FB966F5EFC0F9

Hallo Hans, ook voor jou de beste wensen natuurlijk.
Ik ben alleen bang dat het wat malware betreft voor Windows nog weer een slechter jaar gaat worden.

Hoe heeft jouw Windows gereageerd op de fixes?

Welk tool gebruik jij trouwens om up- en download gegevens te verkrijgen?
Ik gebruik zelf [b:f28c9b2ee3]NetSpeedMonitor[/b:f28c9b2ee3], dat als werkbalk in de taakbalk continu de gegevens over up- en download geeft.

Info en download: http://www.floriangilles.com/software/netspeedmonitor

Abraham54,

Nadat ik vanmiddag jou geïnformeerd had over de toepassingen van TDSSKiller en ComboFix, heb ik eerst weer AVG en Ad-Aware geïnstalleerd, zodat ik weer (zo veel mogelijk) veilig ben. Windows heeft dit allemaal prima verwerkt. Ik heb nog geen gekke dingen ervaren na de fixes. En zoals ik al mededeelde, is de onbekende upload ook nog steeds aanwezig.

Ik gebruik al jaren (sinds 2004?) het programmaatje DU Meter (van Hagel Technologies; versie 3.07, build 192). Zowel op mijn Sony-laptop (waar de onbekende uploads optreden) als op een Samsung-netbook (waarop ik géén problemen met de onbekende upload heb).

Hans

In diverse firewalls kun je wel zien welke processen er precies verbinding maken en hoeveel data ze versturen. Verder kun je eens nagaan, of je verschillende software geïnstalleerd hebt op beide computers. Dan per verschil nagaan, of de betrokken processen voor dataverkeer zorgen. Er zijn diverse programma's die feedback sturen naar de makers ervan. Je zou dat per geïnstalleerd programma eens kunnen afchecken.

Een verse installatie overschrijft de gehele schijf, inclusief de bootsector. Als je helemaal 100% zeker wilt zijn, kun je de schijf nog wissen met killdisk.

KillDisk is een oplossing maar overschrijft de MBR niet, zover ik weet.

Veilig is ook bij herinstallatie via de setup de systeemschijf eerst te verwijderen, dan opnieuw aan te maken en vervolgens te formatteren.
Dan heb je de zekerheid dat er een geheel nieuwe MBR is aangemaakt.

[quote:12aed22e90="hansklopper"]Abraham54,

Nadat ik vanmiddg jouw geïnformeerd had over de toepassingen van TDSSKiller en ComboFix, heb ik eerst weer AVG en Ad-Aware geïnstalleerd, zodat ik weer (zo veel mogelijk) veilig ben. Windows heeft dit allemaal prima verwerkt. Ik heb nog geen gekke dingen ervaren na de fixes. En zoals ik al mededeelde, is de onbekende upload ook nog steeds aanwezig.

Ik gebruik al jaren (sinds 2004?) het programmatje DU Meter (van Hagel Technologies; versie 3.07, build 192). Zowel op mijn Sony-laptop (waar de onbekende uploads optreden) als op een Samsung-netbook (waarop ik géén problemen met de onbekende upload heb).

Hans[/quote:12aed22e90]


Ik wil je wel vertellen dat behalve aan extra services je vrij weinig tot niks aan Lavasofts AdAware hebt.
Daarvoor is de virusherkenning van dit tool te gering!


Je mag van mij nu het volgende doen:

[b:12aed22e90]Doe de ESET online scan (Klik).[/b:12aed22e90]
[list:12aed22e90]
[*:12aed22e90]Klik op de knop [b:12aed22e90]ESET Online Scanner[/b:12aed22e90]
[*:12aed22e90]Zet een vinkje bij [b:12aed22e90]YES, I accept the Terms of Use[/b:12aed22e90]
[*:12aed22e90]Klik op [b:12aed22e90]Start[/b:12aed22e90]
[*:12aed22e90]Sta het ActiveX control toe om te installeren.
[*:12aed22e90]Zet een vinkje bij de volgende opties:
[list:12aed22e90][*:12aed22e90][b:12aed22e90]Remove found threats[/b:12aed22e90]
[*:12aed22e90][b:12aed22e90]Scan archives[/b:12aed22e90][/list:u:12aed22e90]
[*:12aed22e90]Klik vervolgens op [b:12aed22e90]

Beste Abraham54 en Gerben,

Ik heb de ESET Online Scanner z'n werk laten doen. Deze scanner vond blijkbaar bedreigingen in de installatiebestanden van PrimoPDF en Unlocker. Zie onderstaand logbestand. Blijkbaar kun je deze programma's ook al niet vertrouwen! Helaas werd echter de veroorzaker van mijn probleem niet gevonden.

Inmiddels heb ik nu met 8 verschillende malwarescanners mijn computer laten scannen, helaas zonder resultaat voor mijn probleem. Zitten we wel op het goede spoor?

Op Wikipedia (http://nl.wikipedia.org/wiki/Rootkit) wordt t.a.v. rootkits vermeld: "[i:ffc517d259]Soms wanneer de rootkit verwijderd wordt, blijven de aangebrachte wijzigingen intact en meestal ondetecteerbaar. De enige wijze om er geheel zeker van te zijn dat een rootkit verwijderd is, is dan ook het formatteren en herinstalleren van het hele systeem[/i:ffc517d259]."

Ik denk daarom dat het niet zinvol is om nog meer malwarescanners uit te proberen. Ik kan wellicht beter accepteren, dat ik mijn computer opnieuw moet formatteren en herinstalleren? Dat is weliswaar een paar dagen werk, maar dan ben ik ook van het probleem af.

Mijn vraag aan jullie is dan wel: Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen? In het verleden heb ik n.l. ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Welke maatregrelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?


Met vriendelijke groeten,

Hans Klopper


———————————————————————–
LOGBESTAND: ESET Online Scan (scanresults 1-1-2012).txt
———————————————————————–
C:\Opslag\Programma's\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined
C:\Opslag\Programma's\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined
I:\Backup Sony\Backup Opslag\Programma's\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined
I:\Backup Sony\Backup Opslag\Programma's\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined

——————————————————————————

Hmm, indien jij die twee setups hetzij via CNET of via Softonic hebt gedownload, dan is het duidelijk waarom Eset spyware heeft gevonden!

Beste Abraham54,

Dus CNET en/of Softonic en/of Eset is niet te vertrouwen?

Overigens zou ik graag nog een antwoord van je krijgen op twee vragen in miin bericht d.d. 3-1-2012 m.b.t. volledig formatteren en herinstalleren, te weten:
# Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen?
# In het verleden heb ik ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Zo ja, welke maatregelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?

Ik hoop dat je die twee vragen nog wilt beantwoorden, dan kan ik verder. Bij voorbaat dank.

Met vriendelijke groeten,

Hans Klopper

Beste Gerben,

Ik zou graag nog een antwoord van je krijgen op de vraag in miin bericht d.d. 3-1-2012 m.b.t. volledig formatteren en herinstalleren, te weten:

# Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen?
# In het verleden heb ik ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Zo ja, welke maatregelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?

Ik hoop dat je die twee vragen nog wilt beantwoorden, dan kan ik verder. Bij voorbaat dank.

Met vriendelijke groeten,

Hans Klopper

hansklopper ik zie dat het om een Sony Vaio computer gaat.
Een aantal onderdelen worden ook genoemd in je HyackThis logfile.
De vraag is of jij er na formatering een nieuw W7 systeem op wil zetten d.m.v. een Windows 7 Home schijf of met een zelf gemaakte herstelschijf toen je pc nog nieuw was of de op de D partitie staande recovery?
Let op dat Sony op jouw pc een aantal zaken heeft geïnstalleerd die niet standaard in W7 zitten en dan denk ik ook aan drivers e.d.
Ben je in de mogelijkheid om eerst nog een image te maken dan kun je die altijd nog terug zetten als het eventueel fout gaat.
Vaio Care en Vaio update zouden wel een het proces kunnen zijn die op de achtergrond contact zoeken om te kijken of er aanvullingen zijn.
Zelf heb ik een Sony Vaio VPCF11M1E laptop dus spreek uit ervaring.
Succes.