Vraag & Antwoord
laptop is traag aan het worden
26 antwoorden
- Hallo,
sinds enige tijd begint mijn laptop trager te worden.
kan iemand is kijke of er iets mis is?
hieronder vind u het hijackthislogje
alvast bedankt!
thomas
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:38, on 2012/01/4
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Visual studio 2010\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-40R7I.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDriveforWindows] "C:\Program Files (x86)\IDriveWindows\idwindows_501.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe (file missing)
O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12679 bytes - Hallo Thomas, lees alles eerst goed.
[b:3557df073e]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:3557df073e] - Malwarebytes heeft niets gevonden.
Ik heb geen idee wat die IDriveWindows is. Maar er staan een 20tal bestanden in die map. Vooral activeX bestanden en enkele .dll, ook enkele .ini bestanden.
Doe ik deze ook weg met hijackthis of laat ik deze staan?
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Databaseversie: v2012.01.05.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas De Sterck :: THOMASDESTERCK [administrator]
Realtime bescherming: Ingeschakeld
2012/01/5 10:20:49
mbam-log-2012-01-05 (20-20-49).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 192212
Verstreken tijd: 6 minuut/minuten, 34 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde) - Hallo, nee, niet fixen met Hijack This.
Ik wacht nu eerst de resultaten van de twee nieuwe scans af! - Dit is het logje van TDSS
ik ga nu combofix doen
13:36:52.0739 4064 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:36:52.0953 4064 ============================================================
13:36:52.0953 4064 Current date / time: 2012/01/05 13:36:52.0953
13:36:52.0953 4064 SystemInfo:
13:36:52.0953 4064
13:36:52.0953 4064 OS Version: 6.1.7601 ServicePack: 1.0
13:36:52.0953 4064 Product type: Workstation
13:36:52.0954 4064 ComputerName: THOMASDESTERCK
13:36:52.0954 4064 UserName: Thomas De Sterck
13:36:52.0954 4064 Windows directory: C:\Windows
13:36:52.0954 4064 System windows directory: C:\Windows
13:36:52.0954 4064 Running under WOW64
13:36:52.0954 4064 Processor architecture: Intel x64
13:36:52.0954 4064 Number of processors: 4
13:36:52.0954 4064 Page size: 0x1000
13:36:52.0954 4064 Boot type: Normal boot
13:36:52.0954 4064 ============================================================
13:36:54.0737 4064 Initialize success
13:37:10.0544 5492 ============================================================
13:37:10.0544 5492 Scan started
13:37:10.0544 5492 Mode: Manual;
13:37:10.0544 5492 ============================================================
13:37:16.0549 5492 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:37:16.0572 5492 1394ohci - ok
13:37:16.0624 5492 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:37:16.0647 5492 ACPI - ok
13:37:16.0691 5492 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:37:16.0706 5492 AcpiPmi - ok
13:37:16.0773 5492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:37:16.0796 5492 adp94xx - ok
13:37:16.0838 5492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:37:16.0848 5492 adpahci - ok
13:37:16.0873 5492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:37:16.0883 5492 adpu320 - ok
13:37:16.0966 5492 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:37:16.0989 5492 AFD - ok
13:37:17.0031 5492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:37:17.0044 5492 agp440 - ok
13:37:17.0089 5492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:37:17.0102 5492 aliide - ok
13:37:17.0167 5492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:37:17.0179 5492 amdide - ok
13:37:17.0227 5492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:37:17.0233 5492 AmdK8 - ok
13:37:17.0382 5492 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
13:37:17.0516 5492 amdkmdag - ok
13:37:17.0564 5492 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
13:37:17.0572 5492 amdkmdap - ok
13:37:17.0613 5492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:37:17.0621 5492 AmdPPM - ok
13:37:17.0666 5492 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:37:17.0696 5492 amdsata - ok
13:37:17.0743 5492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:37:17.0752 5492 amdsbs - ok
13:37:17.0790 5492 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:37:17.0813 5492 amdxata - ok
13:37:17.0869 5492 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:37:17.0876 5492 AppID - ok
13:37:17.0993 5492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:37:17.0999 5492 arc - ok
13:37:18.0035 5492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:37:18.0041 5492 arcsas - ok
13:37:18.0066 5492 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
13:37:18.0071 5492 AsDsm - ok
13:37:18.0155 5492 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:37:18.0165 5492 ASMMAP64 - ok
13:37:18.0281 5492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:18.0286 5492 AsyncMac - ok
13:37:18.0341 5492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:37:18.0353 5492 atapi - ok
13:37:18.0402 5492 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
13:37:18.0469 5492 athr - ok
13:37:18.0551 5492 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:37:18.0585 5492 AtiHdmiService - ok
13:37:18.0743 5492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:37:18.0755 5492 b06bdrv - ok
13:37:18.0817 5492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:37:18.0826 5492 b57nd60a - ok
13:37:18.0981 5492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:37:18.0987 5492 Beep - ok
13:37:19.0052 5492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:37:19.0058 5492 blbdrive - ok
13:37:19.0103 5492 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:37:19.0126 5492 bowser - ok
13:37:19.0209 5492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:37:19.0215 5492 BrFiltLo - ok
13:37:19.0265 5492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:37:19.0270 5492 BrFiltUp - ok
13:37:19.0331 5492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:37:19.0342 5492 Brserid - ok
13:37:19.0372 5492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:37:19.0377 5492 BrSerWdm - ok
13:37:19.0411 5492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:37:19.0416 5492 BrUsbMdm - ok
13:37:19.0454 5492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:37:19.0459 5492 BrUsbSer - ok
13:37:19.0497 5492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:37:19.0503 5492 BTHMODEM - ok
13:37:19.0550 5492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:19.0556 5492 cdfs - ok
13:37:19.0624 5492 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:19.0646 5492 cdrom - ok
13:37:19.0738 5492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:37:19.0744 5492 circlass - ok
13:37:19.0791 5492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:37:19.0865 5492 CLFS - ok
13:37:20.0014 5492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:37:20.0019 5492 CmBatt - ok
13:37:20.0058 5492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:37:20.0070 5492 cmdide - ok
13:37:20.0124 5492 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:37:20.0136 5492 CNG - ok
13:37:20.0238 5492 CnxtHdAudService (f7ca3accf5aa0e2182546c5be42b2e96) C:\Windows\system32\drivers\CHDRT64.sys
13:37:20.0283 5492 CnxtHdAudService - ok
13:37:20.0354 5492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:37:20.0360 5492 Compbatt - ok
13:37:20.0412 5492 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:37:20.0425 5492 CompositeBus - ok
13:37:20.0462 5492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:37:20.0467 5492 crcdisk - ok
13:37:20.0542 5492 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:37:20.0548 5492 DfsC - ok
13:37:20.0592 5492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:37:20.0596 5492 discache - ok
13:37:20.0627 5492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:37:20.0632 5492 Disk - ok
13:37:20.0676 5492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:37:20.0681 5492 drmkaud - ok
13:37:20.0727 5492 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:20.0762 5492 DXGKrnl - ok
13:37:20.0844 5492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:37:20.0933 5492 ebdrv - ok
13:37:21.0080 5492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:37:21.0103 5492 elxstor - ok
13:37:21.0147 5492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:37:21.0159 5492 ErrDev - ok
13:37:21.0223 5492 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
13:37:21.0256 5492 ETD - ok
13:37:21.0330 5492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:37:21.0338 5492 exfat - ok
13:37:21.0371 5492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:37:21.0379 5492 fastfat - ok
13:37:21.0424 5492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:37:21.0430 5492 fdc - ok
13:37:21.0480 5492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:37:21.0486 5492 FileInfo - ok
13:37:21.0505 5492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:37:21.0511 5492 Filetrace - ok
13:37:21.0545 5492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:37:21.0551 5492 flpydisk - ok
13:37:21.0584 5492 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:37:21.0594 5492 FltMgr - ok
13:37:21.0623 5492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:37:21.0629 5492 FsDepends - ok
13:37:21.0695 5492 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
13:37:21.0704 5492 fssfltr - ok
13:37:21.0742 5492 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:21.0748 5492 Fs_Rec - ok
13:37:21.0807 5492 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:37:21.0815 5492 fvevol - ok
13:37:21.0838 5492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:37:21.0844 5492 gagp30kx - ok
13:37:21.0890 5492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:37:21.0896 5492 hcw85cir - ok
13:37:21.0952 5492 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:37:21.0982 5492 HdAudAddService - ok
13:37:22.0049 5492 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:37:22.0071 5492 HDAudBus - ok
13:37:22.0109 5492 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:37:22.0115 5492 HECIx64 - ok
13:37:22.0143 5492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:37:22.0148 5492 HidBatt - ok
13:37:22.0162 5492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:37:22.0168 5492 HidBth - ok
13:37:22.0214 5492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:37:22.0220 5492 HidIr - ok
13:37:22.0263 5492 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:22.0276 5492 HidUsb - ok
13:37:22.0321 5492 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:37:22.0335 5492 HpSAMD - ok
13:37:22.0392 5492 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:37:22.0416 5492 HTTP - ok
13:37:22.0444 5492 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:37:22.0449 5492 hwpolicy - ok
13:37:22.0519 5492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:37:22.0542 5492 i8042prt - ok
13:37:22.0586 5492 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
13:37:22.0589 5492 iaStor - ok
13:37:22.0638 5492 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:37:22.0672 5492 iaStorV - ok
13:37:22.0715 5492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:37:22.0721 5492 iirsp - ok
13:37:22.0800 5492 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
13:37:22.0833 5492 Impcd - ok
13:37:22.0874 5492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:37:22.0886 5492 intelide - ok
13:37:22.0931 5492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:37:22.0937 5492 intelppm - ok
13:37:22.0984 5492 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:22.0990 5492 IpFilterDriver - ok
13:37:23.0055 5492 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:37:23.0070 5492 IPMIDRV - ok
13:37:23.0129 5492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:37:23.0136 5492 IPNAT - ok
13:37:23.0177 5492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:37:23.0183 5492 IRENUM - ok
13:37:23.0244 5492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:37:23.0257 5492 isapnp - ok
13:37:23.0313 5492 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:37:23.0343 5492 iScsiPrt - ok
13:37:23.0395 5492 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
13:37:23.0428 5492 JMCR - ok
13:37:23.0518 5492 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
13:37:23.0542 5492 JME - ok
13:37:23.0589 5492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:23.0601 5492 kbdclass - ok
13:37:23.0633 5492 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:23.0646 5492 kbdhid - ok
13:37:23.0677 5492 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:37:23.0698 5492 kbfiltr - ok
13:37:23.0768 5492 KL1 (524503240d2ba280d97e2297102151ce) C:\Windows\system32\DRIVERS\kl1.sys
13:37:23.0802 5492 KL1 - ok
13:37:23.0868 5492 kl2 (85caea93d1d3193d9d522a9162765b31) C:\Windows\system32\DRIVERS\kl2.sys
13:37:23.0897 5492 kl2 - ok
13:37:23.0963 5492 KLIF (d74d217b16c2bae6e6d1aa331a7b6e0b) C:\Windows\system32\DRIVERS\klif.sys
13:37:23.0997 5492 KLIF - ok
13:37:24.0111 5492 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
13:37:24.0123 5492 KLIM6 - ok
13:37:24.0160 5492 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
13:37:24.0172 5492 klmouflt - ok
13:37:24.0209 5492 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:37:24.0215 5492 KSecDD - ok
13:37:24.0250 5492 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:37:24.0257 5492 KSecPkg - ok
13:37:24.0299 5492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:37:24.0304 5492 ksthunk - ok
13:37:24.0434 5492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:24.0440 5492 lltdio - ok
13:37:24.0539 5492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:37:24.0545 5492 LSI_FC - ok
13:37:24.0589 5492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:37:24.0595 5492 LSI_SAS - ok
13:37:24.0629 5492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:37:24.0635 5492 LSI_SAS2 - ok
13:37:24.0678 5492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:37:24.0684 5492 LSI_SCSI - ok
13:37:24.0724 5492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:37:24.0730 5492 luafv - ok
13:37:24.0761 5492 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
13:37:24.0772 5492 lullaby - ok
13:37:24.0871 5492 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:37:24.0881 5492 MBAMProtector - ok
13:37:24.0980 5492 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:37:24.0990 5492 mcdbus - ok
13:37:25.0040 5492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:37:25.0046 5492 megasas - ok
13:37:25.0086 5492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:37:25.0096 5492 MegaSR - ok
13:37:25.0138 5492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:37:25.0143 5492 Modem - ok
13:37:25.0184 5492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:37:25.0190 5492 monitor - ok
13:37:25.0239 5492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:25.0252 5492 mouclass - ok
13:37:25.0289 5492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:25.0294 5492 mouhid - ok
13:37:25.0342 5492 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:37:25.0348 5492 mountmgr - ok
13:37:25.0385 5492 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:37:25.0408 5492 mpio - ok
13:37:25.0448 5492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:37:25.0454 5492 mpsdrv - ok
13:37:25.0484 5492 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:37:25.0491 5492 MRxDAV - ok
13:37:25.0533 5492 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:25.0541 5492 mrxsmb - ok
13:37:25.0581 5492 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:25.0615 5492 mrxsmb10 - ok
13:37:25.0642 5492 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:25.0649 5492 mrxsmb20 - ok
13:37:25.0672 5492 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:37:25.0683 5492 msahci - ok
13:37:25.0723 5492 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:37:25.0746 5492 msdsm - ok
13:37:25.0791 5492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:37:25.0797 5492 Msfs - ok
13:37:25.0828 5492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:37:25.0833 5492 mshidkmdf - ok
13:37:25.0858 5492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:37:25.0870 5492 msisadrv - ok
13:37:25.0931 5492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:25.0937 5492 MSKSSRV - ok
13:37:25.0964 5492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:25.0977 5492 MSPCLOCK - ok
13:37:25.0996 5492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:37:26.0001 5492 MSPQM - ok
13:37:26.0041 5492 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:37:26.0051 5492 MsRPC - ok
13:37:26.0083 5492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:37:26.0096 5492 mssmbios - ok
13:37:26.0143 5492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:37:26.0149 5492 MSTEE - ok
13:37:26.0188 5492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:37:26.0195 5492 MTConfig - ok
13:37:26.0244 5492 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:37:26.0256 5492 MTsensor - ok
13:37:26.0276 5492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:37:26.0282 5492 Mup - ok
13:37:26.0350 5492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
wifi.sys
13:37:26.0360 5492 NativeWifiP - ok
13:37:26.0447 5492 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
dis.sys
13:37:26.0481 5492 NDIS - ok
13:37:26.0544 5492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
discap.sys
13:37:26.0550 5492 NdisCap - ok
13:37:26.0598 5492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
distapi.sys
13:37:26.0604 5492 NdisTapi - ok
13:37:26.0646 5492 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
disuio.sys
13:37:26.0652 5492 Ndisuio - ok
13:37:26.0690 5492 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
diswan.sys
13:37:26.0698 5492 NdisWan - ok
13:37:26.0737 5492 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:37:26.0743 5492 NDProxy - ok
13:37:26.0783 5492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
etbios.sys
13:37:26.0789 5492 NetBIOS - ok
13:37:26.0828 5492 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
etbt.sys
13:37:26.0837 5492 NetBT - ok
13:37:26.0946 5492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
frd960.sys
13:37:26.0952 5492 nfrd960 - ok
13:37:26.0981 5492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:37:26.0987 5492 Npfs - ok
13:37:27.0007 5492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
siproxy.sys
13:37:27.0013 5492 nsiproxy - ok
13:37:27.0071 5492 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:37:27.0127 5492 Ntfs - ok
13:37:27.0146 5492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:37:27.0151 5492 Null - ok
13:37:27.0194 5492 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
vraid.sys
13:37:27.0226 5492 nvraid - ok
13:37:27.0256 5492 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
vstor.sys
13:37:27.0290 5492 nvstor - ok
13:37:27.0348 5492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
v_agp.sys
13:37:27.0371 5492 nv_agp - ok
13:37:27.0405 5492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:37:27.0428 5492 ohci1394 - ok
13:37:27.0529 5492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:37:27.0535 5492 Parport - ok
13:37:27.0585 5492 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:37:27.0591 5492 partmgr - ok
13:37:27.0623 5492 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:37:27.0626 5492 pci - ok
13:37:27.0642 5492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:37:27.0654 5492 pciide - ok
13:37:27.0710 5492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:37:27.0719 5492 pcmcia - ok
13:37:27.0733 5492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:37:27.0738 5492 pcw - ok
13:37:27.0790 5492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:37:27.0814 5492 PEAUTH - ok
13:37:27.0959 5492 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:27.0968 5492 PptpMiniport - ok
13:37:28.0010 5492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:37:28.0017 5492 Processor - ok
13:37:28.0074 5492 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:37:28.0083 5492 Psched - ok
13:37:28.0136 5492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:37:28.0183 5492 ql2300 - ok
13:37:28.0199 5492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:37:28.0206 5492 ql40xx - ok
13:37:28.0231 5492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:37:28.0237 5492 QWAVEdrv - ok
13:37:28.0251 5492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:28.0255 5492 RasAcd - ok
13:37:28.0337 5492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:37:28.0344 5492 RasAgileVpn - ok
13:37:28.0373 5492 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:28.0379 5492 Rasl2tp - ok
13:37:28.0419 5492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:28.0426 5492 RasPppoe - ok
13:37:28.0450 5492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:28.0459 5492 RasSstp - ok
13:37:28.0509 5492 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:28.0521 5492 rdbss - ok
13:37:28.0543 5492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:37:28.0550 5492 rdpbus - ok
13:37:28.0580 5492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:28.0587 5492 RDPCDD - ok
13:37:28.0605 5492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:37:28.0619 5492 RDPENCDD - ok
13:37:28.0648 5492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:37:28.0655 5492 RDPREFMP - ok
13:37:28.0690 5492 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:37:28.0702 5492 RDPWD - ok
13:37:28.0747 5492 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:37:28.0758 5492 rdyboost - ok
13:37:28.0822 5492 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:37:28.0855 5492 RsFx0103 - ok
13:37:28.0886 5492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:28.0895 5492 rspndr - ok
13:37:28.0932 5492 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:37:28.0948 5492 sbp2port - ok
13:37:29.0024 5492 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:37:29.0033 5492 scfilter - ok
13:37:29.0090 5492 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:37:29.0112 5492 sdbus - ok
13:37:29.0179 5492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:37:29.0187 5492 secdrv - ok
13:37:29.0225 5492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:37:29.0233 5492 Serenum - ok
13:37:29.0278 5492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:37:29.0286 5492 Serial - ok
13:37:29.0332 5492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:37:29.0345 5492 sermouse - ok
13:37:29.0386 5492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:37:29.0398 5492 sffdisk - ok
13:37:29.0416 5492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:29.0428 5492 sffp_mmc - ok
13:37:29.0452 5492 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:37:29.0464 5492 sffp_sd - ok
13:37:29.0493 5492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:37:29.0501 5492 sfloppy - ok
13:37:29.0529 5492 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:37:29.0536 5492 SiSGbeLH - ok
13:37:29.0560 5492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:37:29.0569 5492 SiSRaid2 - ok
13:37:29.0587 5492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:37:29.0594 5492 SiSRaid4 - ok
13:37:29.0643 5492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:37:29.0652 5492 Smb - ok
13:37:29.0812 5492 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:37:29.0903 5492 SNP2UVC - ok
13:37:29.0946 5492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:37:29.0954 5492 spldr - ok
13:37:30.0020 5492 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:37:30.0188 5492 srv - ok
13:37:30.0280 5492 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:37:30.0314 5492 srv2 - ok
13:37:30.0352 5492 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:30.0383 5492 srvnet - ok
13:37:30.0431 5492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:37:30.0439 5492 stexstor - ok
13:37:30.0493 5492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:37:30.0505 5492 swenum - ok
13:37:30.0597 5492 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:37:30.0677 5492 Tcpip - ok
13:37:30.0741 5492 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:30.0754 5492 TCPIP6 - ok
13:37:30.0783 5492 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:37:30.0791 5492 tcpipreg - ok
13:37:30.0836 5492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:37:30.0843 5492 TDPIPE - ok
13:37:30.0872 5492 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:37:30.0879 5492 TDTCP - ok
13:37:30.0915 5492 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:37:30.0923 5492 tdx - ok
13:37:30.0959 5492 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:37:30.0981 5492 TermDD - ok
13:37:31.0091 5492 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:31.0099 5492 tssecsrv - ok
13:37:31.0159 5492 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:37:31.0168 5492 TsUsbFlt - ok
13:37:31.0226 5492 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:31.0235 5492 tunnel - ok
13:37:31.0284 5492 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
13:37:31.0317 5492 TurboB - ok
13:37:31.0362 5492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:37:31.0370 5492 uagp35 - ok
13:37:31.0414 5492 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:37:31.0434 5492 udfs - ok
13:37:31.0483 5492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:37:31.0496 5492 uliagpkx - ok
13:37:31.0530 5492 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:37:31.0543 5492 umbus - ok
13:37:31.0570 5492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:37:31.0578 5492 UmPass - ok
13:37:31.0612 5492 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:31.0646 5492 usbccgp - ok
13:37:31.0680 5492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:37:31.0693 5492 usbcir - ok
13:37:31.0734 5492 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:37:31.0768 5492 usbehci - ok
13:37:31.0800 5492 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:31.0842 5492 usbhub - ok
13:37:31.0897 5492 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:37:31.0930 5492 usbohci - ok
13:37:31.0966 5492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:31.0974 5492 usbprint - ok
13:37:32.0012 5492 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:32.0043 5492 USBSTOR - ok
13:37:32.0068 5492 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:37:32.0101 5492 usbuhci - ok
13:37:32.0237 5492 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:37:32.0251 5492 usbvideo - ok
13:37:32.0392 5492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:37:32.0404 5492 vdrvroot - ok
13:37:32.0685 5492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:32.0694 5492 vga - ok
13:37:32.0903 5492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:37:32.0911 5492 VgaSave - ok
13:37:33.0008 5492 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:37:33.0024 5492 vhdmp - ok
13:37:33.0120 5492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:37:33.0132 5492 viaide - ok
13:37:33.0241 5492 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:37:33.0253 5492 volmgr - ok
13:37:33.0334 5492 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:37:33.0347 5492 volmgrx - ok
13:37:33.0441 5492 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:37:33.0471 5492 volsnap - ok
13:37:33.0574 5492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:37:33.0584 5492 vsmraid - ok
13:37:33.0636 5492 VSPerfDrv100 - ok
13:37:33.0726 5492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:37:33.0733 5492 vwifibus - ok
13:37:33.0763 5492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:37:33.0771 5492 vwififlt - ok
13:37:33.0827 5492 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:37:33.0835 5492 vwifimp - ok
13:37:33.0897 5492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:37:33.0904 5492 WacomPen - ok
13:37:33.0984 5492 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:33.0994 5492 WANARP - ok
13:37:33.0998 5492 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:34.0000 5492 Wanarpv6 - ok
13:37:34.0244 5492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:37:34.0252 5492 Wd - ok
13:37:34.0327 5492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:37:34.0373 5492 Wdf01000 - ok
13:37:34.0542 5492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:37:34.0549 5492 WfpLwf - ok
13:37:34.0585 5492 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:37:34.0608 5492 WimFltr - ok
13:37:34.0642 5492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:37:34.0650 5492 WIMMount - ok
13:37:34.0725 5492 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:37:34.0737 5492 WinUsb - ok
13:37:34.0773 5492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:37:34.0785 5492 WmiAcpi - ok
13:37:34.0845 5492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:34.0853 5492 ws2ifsl - ok
13:37:34.0895 5492 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:37:34.0903 5492 WSDPrintDevice - ok
13:37:34.0948 5492 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:37:34.0957 5492 WudfPf - ok
13:37:35.0024 5492 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:35.0034 5492 WUDFRd - ok
13:37:35.0069 5492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:37:35.0131 5492 \Device\Harddisk0\DR0 - ok
13:37:35.0134 5492 Boot (0x1200) (a9b6ae51f3a09658c0f1eb753a82f10b) \Device\Harddisk0\DR0\Partition0
13:37:35.0135 5492 \Device\Harddisk0\DR0\Partition0 - ok
13:37:35.0166 5492 Boot (0x1200) (b68c95ff65890f3f9f2c531cbdbcdfd4) \Device\Harddisk0\DR0\Partition1
13:37:35.0168 5492 \Device\Harddisk0\DR0\Partition1 - ok
13:37:35.0168 5492 ============================================================
13:37:35.0168 5492 Scan finished
13:37:35.0168 5492 ============================================================
13:37:35.0177 4492 Detected object count: 0
13:37:35.0177 4492 Actual detected object count: 0 - Dat is alvast prima, geen MBR-rootkits.
- hieronder het logje van comfix
ComboFix 12-01-05.01 - Thomas De Sterck 2012/01/05 13:46:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2989.1767 [GMT 1:00]
Gestart vanuit: c:\users\Thomas De Sterck\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas De Sterck\AppData\Local\assembly\tmp
c:\users\Thomas De Sterck\AppData\Roaming\Roaming
c:\users\Thomas De Sterck\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\isRS-000.tmp
c:\windows\system32\drivers\etc\hosts.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-05 to 2012-01-05 ))))))))))))))))))))))))))))))
.
.
2012-01-05 12:58 . 2012-01-05 12:59 ——– d—–w- c:\programdata\AutoKMS
2012-01-05 12:56 . 2012-01-05 12:56 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-05 12:56 . 2012-01-05 12:56 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-01-05 12:56 . 2012-01-05 12:56 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-05 12:56 . 2012-01-05 12:56 ——– d—–w- c:\users\AppData\AppData\Local\temp
2012-01-03 18:13 . 2012-01-03 18:13 ——– d—–w- c:\program files (x86)\Rockstar Games
2012-01-03 12:39 . 2012-01-03 12:39 ——– d—–w- c:\windows\SysWow64\xlive
2012-01-03 12:39 . 2012-01-03 12:39 ——– d—–w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-01-03 11:41 . 2012-01-05 13:01 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57198100-2820-46AA-9EA4-8F5A74AB690C}\offreg.dll
2012-01-03 11:41 . 2011-11-21 11:40 8822856 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57198100-2820-46AA-9EA4-8F5A74AB690C}\mpengine.dll
2011-12-26 19:18 . 2010-02-04 09:01 78680 —-a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-26 19:18 . 2010-02-04 09:01 74072 —-a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-12-26 19:18 . 2010-02-04 09:01 530776 —-a-w- c:\windows\system32\XAudio2_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 528216 —-a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 238936 —-a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 176984 —-a-w- c:\windows\system32\xactengine3_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 24920 —-a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-26 19:18 . 2010-02-04 09:01 22360 —-a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-12-21 19:28 . 2011-12-21 19:28 ——– d—–w- C:\IDrive
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- c:\program files (x86)\cygdrive
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- C:\IBCOMMON
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- c:\windows\SysWow64\IBCOMMON
2011-12-21 19:22 . 2011-12-21 19:29 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\IDrive
2011-12-21 19:22 . 2009-02-09 12:15 644400 —-a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2011-12-21 19:22 . 2009-02-09 12:15 140288 —-a-w- c:\windows\SysWow64\COMDLG32.OCX
2011-12-21 19:22 . 2011-12-21 19:33 ——– d—–w- c:\program files (x86)\IDriveWindows
2011-12-21 19:04 . 2011-12-21 19:04 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\Chromium
2011-12-21 19:00 . 2011-12-21 19:00 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\SKIDROW
2011-12-17 17:53 . 2011-12-17 17:55 ——– d—–w- c:\program files (x86)\Legoland
2011-12-17 12:36 . 1984-12-31 20:00 437008 —-a-w- c:\windows\D3DRM.DLL
2011-12-17 12:30 . 1998-10-29 15:45 306688 —-a-w- c:\windows\IsUninst.exe
2011-12-15 16:08 . 2011-10-26 05:21 43520 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-15 16:08 . 2011-11-24 04:52 3145216 —-a-w- c:\windows\system32\win32k.sys
2011-12-15 16:08 . 2011-10-15 06:31 723456 —-a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:08 . 2011-10-15 05:38 534528 —-a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 16:08 . 2011-11-05 05:32 2048 —-a-w- c:\windows\system32\tzres.dll
2011-12-15 16:08 . 2011-11-05 04:26 2048 —-a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 15:16 . 2011-04-17 07:35 45056 —-a-w- c:\windows\system32\acovcnt.exe
2011-12-10 14:24 . 2011-03-11 10:45 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 17:34 . 2011-05-17 15:27 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 20:25 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-15 20:25 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-15 20:17 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-04 18:52 . 2011-11-04 18:52 446258 —-a-w- c:\windows\AutoKMS.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 —-a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 —-a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 —-a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-03 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-3 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Visual studio 2010\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 —-a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Thomas De Sterck\AppData\Roaming\Mozilla\Firefox\Profiles\r7urnoa9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-IDriveforWindows - c:\program files (x86)\IDriveWindows\idwindows_501.exe
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-PokerStars.be - c:\program files (x86)\PokerStars.BE\PokerStarsUninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-3662699763-2461931660-4105734476-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f7,90,f8,ed,5b,5c,5b,6a,82,22,e8,ef,36,17,cc,c2,e8,b3,a2,74,b1,6e,ec,
c0,aa,b9,55,9b,bc,a5,31,74,3b,e3,f2,bb,58,c0,32,4d,b0,a9,a0,5a,c0,38,92,aa,\
"??"=hex:5d,19,5e,8c,bc,f4,26,6b,bd,57,03,06,9f,dd,34,69
.
[HKEY_USERS\S-1-5-21-3662699763-2461931660-4105734476-1001\Software\SecuROM\License information*]
"datasecu"=hex:d1,cd,59,12,53,aa,f3,4c,60,a2,09,6f,96,25,6c,02,7a,7a,81,c0,0e,
cc,01,d3,c2,68,7d,5b,17,61,95,30,5a,d8,56,c1,b1,07,7f,2c,b2,36,18,54,ac,a4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-05 17:12:44 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-05 16:12
.
Pre-Run: 6 675 025 920 bytes beschikbaar
Post-Run: 10 545 385 472 bytes beschikbaar
.
- - End Of File - - 593FCCA3315F066EAA6977B1607E8B5E - Hallo Thomas, wil jij nu eerst het volgende doen: een [b:192ae89804]Uninstall-lijst[/b:192ae89804] posten:
[list:192ae89804][*:192ae89804] start HijackThis,
[*:192ae89804] klik op de knop "Open the Misc Tools section",
[*:192ae89804] klik op de knop "Open Uninstall Manager",
[*:192ae89804] Klik op de knop "Save".[/list:u:192ae89804] - Hier is de lijst
18 Wheels of Steel - Across America
18 Wheels of Steel American Long Haul 1.00
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Assistant
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ATK Package
Bing Bar
Boingo Wi-Fi
Bookworm Deluxe
Catalyst Control Center - Branding
Choice Guard
CLEO v3.0.950
ControlDeck
Cooking Dash
Crystal Reports for Visual Studio
CyberLink LabelPrint
CyberLink LabelPrint
CyberLink Power2Go
CyberLink Power2Go
De Sims™ 3
De Sims™ 3 Ambities
De Sims™ 3 Beestenbende
De Sims™ 3 Na Middernacht
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Subtitle Displayer 4.54
Dotfuscator Software Services - Community Edition
EA Download Manager
Football Manager 2012
Foxit Reader 5.1
Free Studio version 5.0.4
Free YouTube to MP3 Converter version 3.10.11.923
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grand Theft Auto IV
Grand Theft Auto IV
Grand Theft Auto IV
Grand Theft Auto IV
Grand Theft Auto IV
GTA San Andreas
High-Definition Video Playback
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Driver
Java(TM) 6 Update 29
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
Kaspersky Anti-Virus 2011
Kaspersky Anti-Virus 2011
LEGO Rock Raiders
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware versie 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Language Pack 2010 - Dutch/Nederlands
Microsoft Office O MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office X MUI (Dutch) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Macro Tools
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0 (x86 nl)
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
MySQL Connector/ODBC 3.51
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack 3
Nero 10 Movie ThemePack 4
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
OpenTTD 1.1.3
Plants vs Zombies
PokerStars.be
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Spybot - Search & Destroy
swMSM
syncables desktop SE
Tropico
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Outlook Social Connector (KB2583935)
Uplink
Victoria
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
WinFlash
Wireless Console 3
Wolfenstein - Enemy Territory
Zoo Tycoon: Complete Collection - Je mag het volgende gaan doen:
[b:47ac58a17e]doe de ESET online scan (Klik).[/b:47ac58a17e]
[list:47ac58a17e]
[*:47ac58a17e]Klik op de knop [b:47ac58a17e]ESET Online Scanner[/b:47ac58a17e]
[*:47ac58a17e]Zet een vinkje bij [b:47ac58a17e]YES, I accept the Terms of Use[/b:47ac58a17e]
[*:47ac58a17e]Klik op [b:47ac58a17e]Start[/b:47ac58a17e]
[*:47ac58a17e]Sta het ActiveX control toe om te installeren.
[*:47ac58a17e]Zet een vinkje bij de volgende opties:
[list:47ac58a17e][*:47ac58a17e][b:47ac58a17e]Remove found threats[/b:47ac58a17e]
[*:47ac58a17e][b:47ac58a17e]Scan archives[/b:47ac58a17e][/list:u:47ac58a17e]
[*:47ac58a17e]Klik vervolgens op [b:47ac58a17e] - de scan is al bijna 2u bezig… en nog niet gedaan
maar hij heeft wel al 2 trojans gevonde
win32/agent.SCQ trojan
a variant of win32/HackKMS. A application - Geduld hebben.
- Sorry dat het zolang heeft geduurd maar die scan liep altijd vast.
Maar het is uiteindelijk toch gelukt
C:\Users\Thomas De Sterck\AppData\Roaming\winrar-x64-393.exe Win32/Agent.SCQ trojan cleaned by deleting - quarantined
C:\Windows\AutoKMS.exe a variant of Win32/HackKMS.A application deleted - quarantined - Hoi Thomas, enig idee waar die scan op vastliep?
Doe de ComboFix scan nogmaals.
Het kan na opstarten van ComboFix gebeuren dat er een melding komt:
- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.
Krijg je dus zo'n melding, dan dit ook uitvoeren.
Post wederom de inhoud van het ComboFix-log - was mn eigen fout denk ik dat die scan vastliep.
Mn laptop is zo ingesteld dat die na 10 min in standby valt. En als ik terugkwam kijken stond de laptop in standbye en ik start hem terug op en scan zat vast.
Maar ik had die instelling nu uitgeschakeld en het is wel gelukt nu - Hieronder combofix-log
ComboFix 12-01-06.03 - Thomas De Sterck 2012/01/07 13:47:15.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2989.1822 [GMT 1:00]
Gestart vanuit: c:\users\Thomas De Sterck\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))
.
.
2012-01-07 13:01 . 2012-01-07 13:01 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C7F810C-9DD8-47DD-9C97-EF487F3D825D}\offreg.dll
2012-01-07 12:57 . 2012-01-07 12:57 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-07 12:57 . 2012-01-07 12:57 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-01-07 12:57 . 2012-01-07 12:57 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-07 12:57 . 2012-01-07 12:57 ——– d—–w- c:\users\AppData\AppData\Local\temp
2012-01-07 08:29 . 2012-01-07 08:29 626688 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 08:29 . 2012-01-07 08:29 548864 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 08:29 . 2012-01-07 08:29 479232 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 08:29 . 2012-01-07 08:29 43992 —-a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 11:29 . 2011-11-21 11:40 8822856 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C7F810C-9DD8-47DD-9C97-EF487F3D825D}\mpengine.dll
2012-01-05 18:45 . 2012-01-05 18:45 ——– d—–w- c:\program files (x86)\ESET
2012-01-03 18:13 . 2012-01-03 18:13 ——– d—–w- c:\program files (x86)\Rockstar Games
2012-01-03 12:39 . 2012-01-03 12:39 ——– d—–w- c:\windows\SysWow64\xlive
2012-01-03 12:39 . 2012-01-03 12:39 ——– d—–w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-26 19:18 . 2010-02-04 09:01 78680 —-a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-26 19:18 . 2010-02-04 09:01 74072 —-a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-12-26 19:18 . 2010-02-04 09:01 530776 —-a-w- c:\windows\system32\XAudio2_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 528216 —-a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 238936 —-a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 176984 —-a-w- c:\windows\system32\xactengine3_6.dll
2011-12-26 19:18 . 2010-02-04 09:01 24920 —-a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-26 19:18 . 2010-02-04 09:01 22360 —-a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-12-21 19:28 . 2011-12-21 19:28 ——– d—–w- C:\IDrive
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- c:\program files (x86)\cygdrive
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- C:\IBCOMMON
2011-12-21 19:23 . 2011-12-21 19:23 ——– d—–w- c:\windows\SysWow64\IBCOMMON
2011-12-21 19:22 . 2011-12-21 19:29 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\IDrive
2011-12-21 19:22 . 2009-02-09 12:15 644400 —-a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2011-12-21 19:22 . 2009-02-09 12:15 140288 —-a-w- c:\windows\SysWow64\COMDLG32.OCX
2011-12-21 19:22 . 2011-12-21 19:33 ——– d—–w- c:\program files (x86)\IDriveWindows
2011-12-21 19:04 . 2011-12-21 19:04 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\Chromium
2011-12-21 19:00 . 2011-12-21 19:00 ——– d—–w- c:\users\Thomas De Sterck\AppData\Local\SKIDROW
2011-12-17 17:53 . 2011-12-17 17:55 ——– d—–w- c:\program files (x86)\Legoland
2011-12-17 12:36 . 1984-12-31 20:00 437008 —-a-w- c:\windows\D3DRM.DLL
2011-12-17 12:30 . 1998-10-29 15:45 306688 —-a-w- c:\windows\IsUninst.exe
2011-12-15 16:08 . 2011-10-26 05:21 43520 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-15 16:08 . 2011-11-24 04:52 3145216 —-a-w- c:\windows\system32\win32k.sys
2011-12-15 16:08 . 2011-10-15 06:31 723456 —-a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:08 . 2011-10-15 05:38 534528 —-a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 16:08 . 2011-11-05 05:32 2048 —-a-w- c:\windows\system32\tzres.dll
2011-12-15 16:08 . 2011-11-05 04:26 2048 —-a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 15:16 . 2011-04-17 07:35 45056 —-a-w- c:\windows\system32\acovcnt.exe
2011-12-10 14:24 . 2011-03-11 10:45 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 17:34 . 2011-05-17 15:27 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 20:25 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-15 20:25 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-15 20:17 . 2011-01-04 16:47 268952 —-a-w- c:\windows\SysWow64\PnkBstrB.ex0
2009-04-08 17:31 . 2009-04-08 17:31 106496 —-a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 —-a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_16.01.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-05 12:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-07 12:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-05 12:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-07 12:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-05 12:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-07 12:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-03 16:08 . 2012-01-05 17:11 46554 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-06 18:05 34200 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-22 17:23 . 2012-01-06 18:05 15220 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3662699763-2461931660-4105734476-1001_UserData.bin
- 2010-12-22 17:23 . 2012-01-04 19:04 15220 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3662699763-2461931660-4105734476-1001_UserData.bin
- 2010-12-22 08:11 . 2012-01-05 13:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-22 08:11 . 2012-01-07 13:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-07 12:59 . 2012-01-07 13:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-07 13:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-05 13:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-07 13:03 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-25 17:00 . 2012-01-07 12:58 5412 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-12-25 17:00 . 2012-01-04 19:01 5412 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-04 19:02 . 2012-01-05 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-07 12:59 . 2012-01-07 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-07 12:59 . 2012-01-07 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-04 19:02 . 2012-01-05 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-22 17:26 . 2012-01-05 12:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-22 17:26 . 2012-01-05 17:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-22 17:52 . 2012-01-07 08:58 279002 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-09-30 18:53 . 2012-01-07 12:58 329696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-30 18:53 . 2012-01-04 19:01 329696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-01-04 19:01 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-07 12:58 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-12 20:44 . 2012-01-07 12:58 1815580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3662699763-2461931660-4105734476-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 —-a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-03 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-3 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Visual studio 2010\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 —-a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Thomas De Sterck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Thomas De Sterck\AppData\Roaming\Mozilla\Firefox\Profiles\r7urnoa9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-3662699763-2461931660-4105734476-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f7,90,f8,ed,5b,5c,5b,6a,82,22,e8,ef,36,17,cc,c2,e8,b3,a2,74,b1,6e,ec,
c0,aa,b9,55,9b,bc,a5,31,74,3b,e3,f2,bb,58,c0,32,4d,b0,a9,a0,5a,c0,38,92,aa,\
"??"=hex:5d,19,5e,8c,bc,f4,26,6b,bd,57,03,06,9f,dd,34,69
.
[HKEY_USERS\S-1-5-21-3662699763-2461931660-4105734476-1001\Software\SecuROM\License information*]
"datasecu"=hex:d1,cd,59,12,53,aa,f3,4c,60,a2,09,6f,96,25,6c,02,7a,7a,81,c0,0e,
cc,01,d3,c2,68,7d,5b,17,61,95,30,5a,d8,56,c1,b1,07,7f,2c,b2,36,18,54,ac,a4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-07 16:41:37 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-07 15:41
ComboFix2.txt 2012-01-05 16:12
.
Pre-Run: 3 582 636 032 bytes beschikbaar
Post-Run: 10 294 939 648 bytes beschikbaar
.
- - End Of File - - EFC8A6A8A0B09E347ED93E9EAE35AE36 - Hoi Thomas, ik denk dat we bijna klaar zijn.
Start MBAM en update MBAM eerst.
Kies vervolgens snelle scan en post de inhoud van het log van deze scan. - Hoi,
hieronder het logje van malwarebytes.
Ik heb het gevoel dat de computer al sneller is
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Databaseversie: v2012.01.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas De Sterck :: THOMASDESTERCK [administrator]
Realtime bescherming: Ingeschakeld
2012/01/8 14:16:19
mbam-log-2012-01-08 (14-16-19).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 191579
Verstreken tijd: 6 minuut/minuten, 51 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde) - Hoi Thomas, mooi zo - we gaan opruimen!
Maar eerst dit:
hou MBAM en de Eset Onlinescanner in jouw Windows erbij.
Navigeer naar [b:04b59dedfb]C:\Program Files\ESET\ESET Online Scanner[/b:04b59dedfb] en klik met rechts op en kies dan voor Snelkoppeling op het bureaublad plaatsen.
Gebruik MBAM 1x wekelijks - na upaten kies je voor snelle scan.
Gebruik OnlineScannerApp.exe ix maandelijks.
Eset zal nu als App opstarten, eerst zich updaten en dan kan je de scan-instellingen aanvinken en de scan starten.
En nog een tip: hier - http://www.jawwi.nl/artikelen/cookies.html - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren. - Hieronder het logje van security-check
De computer gaat al sneller , maar er is me nog iets opgevallen.
Als ik taakbeheer opendoe, zie ik dat het fysiek geheugen altijd op ongeveer 50% en de processor op 0 -1 % gebruik staat maar er staat helemaal geen zwaar programma open of zo.
Weet jij wat dat kan zijn?
Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
[b:79a0228d21]``````````````````````````````
[u:79a0228d21]Antivirus/Firewall Check:[/u:79a0228d21][/b:79a0228d21]
ESET Online Scanner v3
Kaspersky Anti-Virus 2011
[size=1:79a0228d21]WMI entry may not exist for antivirus; attempting automatic update.[/size:79a0228d21]
[b:79a0228d21]```````````````````````````````
[u:79a0228d21]Anti-malware/Other Utilities Check:[/u:79a0228d21][/b:79a0228d21]
Spybot - Search & Destroy
Java(TM) 6 Update 29
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.