Vraag & Antwoord

Beveiliging & privacy

Hijackthis 1302

Anoniem
None
57 antwoorden
 • Het volgende probleem doet zich sinds gisteren voor: ik kreeg vandaag enkele honderden emails met een bericht dat mijn verzonden emails niet afgeleverd konden worden. Ben me niet bewust dat ik zoveel emails aan het verzenden was, dus dat baart me al zorgen. Via Ziggo werd ik verwezen naar https://www.ziggo.nl/#help/hulp-per-onderwerp/internet/e-mail/email003/, dus ik kan nu (voorlopig hoop ik) geen email meer versturen.

  Vandaar dat ik zou willen vragen of iemand onderstaande log zou willen beoordelen.
  Intussen heb ik wel een herstelpunt teruggeplaatst van voor deze problemen. Om tot een oplossing te komen, had ik dat misschien beter niet kunnen doen???

  Alvast bedankt.

  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 19:40:26, on 13-2-2012
  Platform: Windows Vista SP2 (WinNT 6.00.1906)
  MSIE: Internet Explorer v9.00 (9.00.8112.16421)
  Boot mode: Normal

  Running processes:
  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
  E:\CB Algemeen\X_cbupdate.exe
  c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
  C:\Program Files (x86)\Opera\opera.exe
  C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
  C:\Program Files (x86)\ConTEXT\ConTEXT.exe
  C:\Windows\SysWOW64\DllHost.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/maps/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111226152210.dll
  O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\Program Files (x86)\DMEXBar\dmexbar.dll
  O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
  O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
  O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-4L6Q7.exe" /REG /REGSVRMODE
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-21-3325951053-1369944651-455877973-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
  O4 - HKUS\S-1-5-21-3325951053-1369944651-455877973-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
  O4 - Global Startup: ConBuilder - Auto Update.lnk = E:\CB Algemeen\cbupdate.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
  O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
  O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
  O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
  O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
  O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
  O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


  End of file - 9059 bytes
 • Jij mag het volgende gaan doen:

  [b:0b5fcf32f4]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:0b5fcf32f4]
 • Bedankt voor je snelle antwoord. 't Zal wel morgenavond worden voordat ik je instructies uit ga voeren; vanavond en morgen overdag komt het er niet van.

  Groeten
  Rob
 • Hieronder de gevraagde logs. Combofix meldde wel dat ik antivirussoftware niet had uitgeschakeld, terwijl ik dat (volgens mij) wel gedaan had.

  16:37:40.0550 3500 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
  16:37:40.0550 3500 ============================================================
  16:37:40.0550 3500 Current date / time: 2012/02/14 16:37:40.0550
  16:37:40.0550 3500 SystemInfo:
  16:37:40.0550 3500
  16:37:40.0550 3500 OS Version: 6.0.6002 ServicePack: 2.0
  16:37:40.0550 3500 Product type: Workstation
  16:37:40.0550 3500 ComputerName: mijzelf
  16:37:40.0550 3500 UserName: mijzelf
  16:37:40.0550 3500 Windows directory: C:\Windows
  16:37:40.0550 3500 System windows directory: C:\Windows
  16:37:40.0550 3500 Running under WOW64
  16:37:40.0550 3500 Processor architecture: Intel x64
  16:37:40.0550 3500 Number of processors: 4
  16:37:40.0550 3500 Page size: 0x1000
  16:37:40.0550 3500 Boot type: Normal boot
  16:37:40.0550 3500 ============================================================
  16:37:42.0406 3500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
  16:37:42.0422 3500 \Device\Harddisk0\DR0:
  16:37:42.0422 3500 MBR used
  16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E848000
  16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E848800, BlocksNum 0x1E848000
  16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675800
  16:37:42.0858 3500 Initialize success
  16:37:42.0858 3500 ============================================================
  16:37:42.0874 1780 ============================================================
  16:37:42.0874 1780 Scan started
  16:37:42.0874 1780 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
  16:37:42.0874 1780 ============================================================
  16:37:45.0588 1780 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
  16:37:45.0713 1780 ACPI - ok
  16:37:45.0776 1780 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
  16:37:45.0916 1780 adp94xx - ok
  16:37:45.0947 1780 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
  16:37:45.0963 1780 adpahci - ok
  16:37:45.0994 1780 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
  16:37:46.0010 1780 adpu160m - ok
  16:37:46.0056 1780 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
  16:37:46.0072 1780 adpu320 - ok
  16:37:46.0134 1780 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
  16:37:46.0384 1780 AFD - ok
  16:37:46.0431 1780 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
  16:37:46.0431 1780 agp440 - ok
  16:37:46.0462 1780 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
  16:37:46.0478 1780 aic78xx - ok
  16:37:46.0524 1780 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
  16:37:46.0524 1780 aliide - ok
  16:37:46.0540 1780 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
  16:37:46.0556 1780 amdide - ok
  16:37:46.0571 1780 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
  16:37:46.0665 1780 AmdK8 - ok
  16:37:46.0696 1780 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
  16:37:46.0712 1780 arc - ok
  16:37:46.0758 1780 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
  16:37:46.0774 1780 arcsas - ok
  16:37:46.0821 1780 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
  16:37:46.0883 1780 AsyncMac - ok
  16:37:46.0899 1780 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
  16:37:46.0914 1780 atapi - ok
  16:37:47.0024 1780 Beep - ok
  16:37:47.0055 1780 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
  16:37:47.0102 1780 blbdrive - ok
  16:37:47.0148 1780 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
  16:37:47.0273 1780 bowser - ok
  16:37:47.0289 1780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
  16:37:47.0414 1780 BrFiltLo - ok
  16:37:47.0429 1780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
  16:37:47.0460 1780 BrFiltUp - ok
  16:37:47.0507 1780 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
  16:37:47.0648 1780 Brserid - ok
  16:37:47.0663 1780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
  16:37:47.0772 1780 BrSerWdm - ok
  16:37:47.0788 1780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
  16:37:47.0897 1780 BrUsbMdm - ok
  16:37:47.0928 1780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
  16:37:47.0975 1780 BrUsbSer - ok
  16:37:48.0038 1780 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
  16:37:48.0100 1780 BTHMODEM - ok
  16:37:48.0116 1780 catchme - ok
  16:37:48.0147 1780 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
  16:37:48.0225 1780 cdfs - ok
  16:37:48.0256 1780 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
  16:37:48.0334 1780 cdrom - ok
  16:37:48.0381 1780 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
  16:37:48.0474 1780 cfwids - ok
  16:37:48.0552 1780 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
  16:37:48.0615 1780 circlass - ok
  16:37:48.0646 1780 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
  16:37:48.0708 1780 CLFS - ok
  16:37:48.0740 1780 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
  16:37:48.0755 1780 cmdide - ok
  16:37:48.0771 1780 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
  16:37:48.0786 1780 Compbatt - ok
  16:37:48.0802 1780 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
  16:37:48.0818 1780 crcdisk - ok
  16:37:48.0880 1780 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
  16:37:49.0005 1780 DfsC - ok
  16:37:49.0036 1780 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
  16:37:49.0052 1780 disk - ok
  16:37:49.0114 1780 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
  16:37:49.0145 1780 drmkaud - ok
  16:37:49.0192 1780 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
  16:37:49.0223 1780 DXGKrnl - ok
  16:37:49.0254 1780 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
  16:37:49.0317 1780 E1G60 - ok
  16:37:49.0379 1780 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
  16:37:49.0395 1780 Ecache - ok
  16:37:49.0457 1780 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
  16:37:49.0551 1780 elxstor - ok
  16:37:49.0566 1780 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
  16:37:49.0598 1780 ErrDev - ok
  16:37:49.0738 1780 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
  16:37:49.0832 1780 exfat - ok
  16:37:49.0863 1780 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
  16:37:49.0941 1780 fastfat - ok
  16:37:49.0941 1780 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
  16:37:49.0988 1780 fdc - ok
  16:37:50.0019 1780 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
  16:37:50.0034 1780 FileInfo - ok
  16:37:50.0066 1780 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
  16:37:50.0112 1780 Filetrace - ok
  16:37:50.0128 1780 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
  16:37:50.0159 1780 flpydisk - ok
  16:37:50.0175 1780 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
  16:37:50.0222 1780 FltMgr - ok
  16:37:50.0253 1780 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
  16:37:50.0300 1780 Fs_Rec - ok
  16:37:50.0331 1780 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
  16:37:50.0378 1780 gagp30kx - ok
  16:37:50.0409 1780 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
  16:37:50.0534 1780 HdAudAddService - ok
  16:37:50.0658 1780 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
  16:37:50.0752 1780 HDAudBus - ok
  16:37:50.0783 1780 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
  16:37:50.0846 1780 HidBth - ok
  16:37:50.0877 1780 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
  16:37:50.0970 1780 HidIr - ok
  16:37:50.0986 1780 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
  16:37:51.0033 1780 HidUsb - ok
  16:37:51.0048 1780 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
  16:37:51.0064 1780 HpCISSs - ok
  16:37:51.0095 1780 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
  16:37:51.0204 1780 HTTP - ok
  16:37:51.0220 1780 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
  16:37:51.0236 1780 i2omp - ok
  16:37:51.0267 1780 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
  16:37:51.0329 1780 i8042prt - ok
  16:37:51.0345 1780 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
  16:37:51.0360 1780 iaStorV - ok
  16:37:51.0407 1780 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
  16:37:51.0423 1780 iirsp - ok
  16:37:51.0438 1780 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
  16:37:51.0454 1780 intelide - ok
  16:37:51.0485 1780 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
  16:37:51.0501 1780 intelppm - ok
  16:37:51.0548 1780 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
  16:37:51.0626 1780 IpFilterDriver - ok
  16:37:51.0626 1780 IpInIp - ok
  16:37:51.0641 1780 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
  16:37:51.0672 1780 IPMIDRV - ok
  16:37:51.0719 1780 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
  16:37:51.0750 1780 IPNAT - ok
  16:37:51.0797 1780 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
  16:37:51.0844 1780 IRENUM - ok
  16:37:51.0860 1780 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
  16:37:51.0906 1780 isapnp - ok
  16:37:51.0922 1780 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
  16:37:51.0938 1780 iScsiPrt - ok
  16:37:51.0953 1780 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
  16:37:51.0969 1780 iteatapi - ok
  16:37:52.0000 1780 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
  16:37:52.0016 1780 iteraid - ok
  16:37:52.0156 1780 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
  16:37:52.0172 1780 kbdclass - ok
  16:37:52.0281 1780 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
  16:37:52.0328 1780 kbdhid - ok
  16:37:52.0374 1780 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
  16:37:52.0577 1780 KSecDD - ok
  16:37:52.0593 1780 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
  16:37:52.0671 1780 ksthunk - ok
  16:37:52.0686 1780 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
  16:37:52.0842 1780 L1E - ok
  16:37:52.0858 1780 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
  16:37:52.0905 1780 lltdio - ok
  16:37:52.0920 1780 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
  16:37:52.0983 1780 LSI_FC - ok
  16:37:53.0014 1780 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
  16:37:53.0030 1780 LSI_SAS - ok
  16:37:53.0061 1780 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
  16:37:53.0076 1780 LSI_SCSI - ok
  16:37:53.0123 1780 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
  16:37:53.0186 1780 luafv - ok
  16:37:53.0232 1780 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
  16:37:53.0248 1780 MBAMProtector - ok
  16:37:53.0326 1780 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
  16:37:53.0342 1780 megasas - ok
  16:37:53.0373 1780 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
  16:37:53.0435 1780 MegaSR - ok
  16:37:53.0576 1780 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
  16:37:53.0622 1780 mfeapfk - ok
  16:37:53.0716 1780 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
  16:37:53.0763 1780 mfeavfk - ok
  16:37:53.0794 1780 mfeavfk01 - ok
  16:37:53.0841 1780 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
  16:37:54.0028 1780 mfefirek - ok
  16:37:54.0075 1780 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
  16:37:54.0184 1780 mfehidk - ok
  16:37:54.0215 1780 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
  16:37:54.0262 1780 mfenlfk - ok
  16:37:54.0293 1780 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
  16:37:54.0340 1780 mferkdet - ok
  16:37:54.0371 1780 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
  16:37:54.0418 1780 mfewfpk - ok
  16:37:54.0449 1780 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
  16:37:54.0496 1780 MOBKFilter - ok
  16:37:54.0527 1780 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
  16:37:54.0590 1780 Modem - ok
  16:37:54.0605 1780 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
  16:37:54.0652 1780 monitor - ok
  16:37:54.0668 1780 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
  16:37:54.0683 1780 mouclass - ok
  16:37:54.0714 1780 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
  16:37:54.0761 1780 mouhid - ok
  16:37:54.0777 1780 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
  16:37:54.0777 1780 MountMgr - ok
  16:37:54.0824 1780 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
  16:37:54.0839 1780 mpio - ok
  16:37:54.0886 1780 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
  16:37:54.0933 1780 mpsdrv - ok
  16:37:54.0995 1780 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
  16:37:55.0011 1780 Mraid35x - ok
  16:37:55.0058 1780 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
  16:37:55.0120 1780 MRxDAV - ok
  16:37:55.0167 1780 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
  16:37:55.0260 1780 mrxsmb - ok
  16:37:55.0307 1780 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
  16:37:55.0370 1780 mrxsmb10 - ok
  16:37:55.0385 1780 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
  16:37:55.0448 1780 mrxsmb20 - ok
  16:37:55.0463 1780 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
  16:37:55.0479 1780 msahci - ok
  16:37:55.0494 1780 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
  16:37:55.0510 1780 msdsm - ok
  16:37:55.0588 1780 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
  16:37:55.0635 1780 Msfs - ok
  16:37:55.0666 1780 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
  16:37:55.0682 1780 msisadrv - ok
  16:37:55.0728 1780 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
  16:37:55.0775 1780 MSKSSRV - ok
  16:37:55.0791 1780 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
  16:37:55.0884 1780 MSPCLOCK - ok
  16:37:55.0916 1780 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
  16:37:55.0962 1780 MSPQM - ok
  16:37:56.0040 1780 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
  16:37:56.0056 1780 MsRPC - ok
  16:37:56.0103 1780 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
  16:37:56.0103 1780 mssmbios - ok
  16:37:56.0259 1780 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
  16:37:56.0306 1780 MSTEE - ok
  16:37:56.0352 1780 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
  16:37:56.0430 1780 MTsensor - ok
  16:37:56.0446 1780 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
  16:37:56.0462 1780 Mup - ok
  16:37:56.0540 1780 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
  16:37:56.0571 1780 NativeWifiP - ok
  16:37:56.0649 1780 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
  16:37:56.0742 1780 NDIS - ok
  16:37:56.0774 1780 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
  16:37:56.0820 1780 NdisTapi - ok
  16:37:56.0883 1780 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
  16:37:56.0961 1780 Ndisuio - ok
  16:37:56.0976 1780 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
  16:37:57.0008 1780 NdisWan - ok
  16:37:57.0023 1780 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
  16:37:57.0086 1780 NDProxy - ok
  16:37:57.0132 1780 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
  16:37:57.0164 1780 NetBIOS - ok
  16:37:57.0320 1780 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
  16:37:57.0429 1780 netbt - ok
  16:37:57.0460 1780 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
  16:37:57.0476 1780 nfrd960 - ok
  16:37:57.0507 1780 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
  16:37:57.0585 1780 Npfs - ok
  16:37:57.0647 1780 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
  16:37:57.0694 1780 nsiproxy - ok
  16:37:57.0803 1780 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
  16:37:57.0990 1780 Ntfs - ok
  16:37:58.0006 1780 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
  16:37:58.0068 1780 Null - ok
  16:37:58.0661 1780 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
  16:37:58.0942 1780 nvlddmkm - ok
  16:37:58.0973 1780 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
  16:37:58.0989 1780 nvraid - ok
  16:37:59.0004 1780 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
  16:37:59.0020 1780 nvstor - ok
  16:37:59.0067 1780 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
  16:37:59.0082 1780 nv_agp - ok
  16:37:59.0129 1780 NwlnkFlt - ok
  16:37:59.0145 1780 NwlnkFwd - ok
  16:37:59.0223 1780 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
  16:37:59.0270 1780 ohci1394 - ok
  16:37:59.0348 1780 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
  16:37:59.0410 1780 Parport - ok
  16:37:59.0472 1780 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
  16:37:59.0488 1780 partmgr - ok
  16:37:59.0519 1780 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
  16:37:59.0535 1780 pci - ok
  16:37:59.0582 1780 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
  16:37:59.0582 1780 pciide - ok
  16:37:59.0628 1780 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
  16:37:59.0644 1780 pcmcia - ok
  16:37:59.0722 1780 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
  16:37:59.0972 1780 PEAUTH - ok
  16:38:00.0034 1780 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
  16:38:00.0112 1780 PptpMiniport - ok
  16:38:00.0159 1780 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
  16:38:00.0206 1780 Processor - ok
  16:38:00.0252 1780 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
  16:38:00.0284 1780 PSched - ok
  16:38:00.0330 1780 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
  16:38:00.0502 1780 ql2300 - ok
  16:38:00.0533 1780 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
  16:38:00.0549 1780 ql40xx - ok
  16:38:00.0580 1780 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
  16:38:00.0627 1780 QWAVEdrv - ok
  16:38:00.0642 1780 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
  16:38:00.0689 1780 RasAcd - ok
  16:38:00.0752 1780 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
  16:38:00.0783 1780 Rasl2tp - ok
  16:38:00.0830 1780 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
  16:38:00.0908 1780 RasPppoe - ok
  16:38:00.0954 1780 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
  16:38:00.0970 1780 RasSstp - ok
  16:38:01.0095 1780 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
  16:38:01.0142 1780 rdbss - ok
  16:38:01.0173 1780 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
  16:38:01.0220 1780 RDPCDD - ok
  16:38:01.0266 1780 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
  16:38:01.0344 1780 rdpdr - ok
  16:38:01.0360 1780 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
  16:38:01.0391 1780 RDPENCDD - ok
  16:38:01.0407 1780 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
  16:38:01.0500 1780 RDPWD - ok
  16:38:01.0547 1780 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
  16:38:01.0594 1780 Revoflt - ok
  16:38:01.0610 1780 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
  16:38:01.0641 1780 rspndr - ok
  16:38:01.0719 1780 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
  16:38:01.0734 1780 sbp2port - ok
  16:38:01.0750 1780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
  16:38:01.0812 1780 secdrv - ok
  16:38:01.0844 1780 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
  16:38:01.0922 1780 Serenum - ok
  16:38:01.0953 1780 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
  16:38:01.0984 1780 Serial - ok
  16:38:02.0000 1780 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
  16:38:02.0046 1780 sermouse - ok
  16:38:02.0078 1780 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
  16:38:02.0109 1780 sffdisk - ok
  16:38:02.0171 1780 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
  16:38:02.0218 1780 sffp_mmc - ok
  16:38:02.0249 1780 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
  16:38:02.0327 1780 sffp_sd - ok
  16:38:02.0374 1780 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
  16:38:02.0421 1780 sfloppy - ok
  16:38:02.0577 1780 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
  16:38:02.0624 1780 SiSRaid2 - ok
  16:38:02.0686 1780 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
  16:38:02.0702 1780 SiSRaid4 - ok
  16:38:02.0858 1780 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
  16:38:02.0904 1780 Smb - ok
  16:38:03.0029 1780 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
  16:38:03.0045 1780 spldr - ok
  16:38:03.0138 1780 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
  16:38:03.0201 1780 srv - ok
  16:38:03.0263 1780 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
  16:38:03.0357 1780 srv2 - ok
  16:38:03.0372 1780 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
  16:38:03.0435 1780 srvnet - ok
  16:38:03.0450 1780 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
  16:38:03.0466 1780 swenum - ok
  16:38:03.0497 1780 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
  16:38:03.0513 1780 Symc8xx - ok
  16:38:03.0528 1780 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
  16:38:03.0544 1780 Sym_hi - ok
  16:38:03.0560 1780 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
  16:38:03.0575 1780 Sym_u3 - ok
  16:38:03.0622 1780 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
  16:38:03.0950 1780 Tcpip - ok
  16:38:04.0074 1780 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
  16:38:04.0199 1780 Tcpip6 - ok
  16:38:04.0230 1780 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
  16:38:04.0293 1780 tcpipreg - ok
  16:38:04.0308 1780 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
  16:38:04.0340 1780 TDPIPE - ok
  16:38:04.0386 1780 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
  16:38:04.0449 1780 TDTCP - ok
  16:38:04.0542 1780 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
  16:38:04.0574 1780 tdx - ok
  16:38:04.0605 1780 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
  16:38:04.0620 1780 TermDD - ok
  16:38:04.0730 1780 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
  16:38:04.0776 1780 tssecsrv - ok
  16:38:04.0776 1780 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
  16:38:04.0808 1780 tunmp - ok
  16:38:04.0839 1780 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
  16:38:04.0870 1780 tunnel - ok
  16:38:04.0901 1780 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
  16:38:04.0917 1780 uagp35 - ok
  16:38:04.0948 1780 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
  16:38:04.0995 1780 udfs - ok
  16:38:05.0026 1780 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
  16:38:05.0073 1780 uliagpkx - ok
  16:38:05.0104 1780 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
  16:38:05.0182 1780 uliahci - ok
  16:38:05.0198 1780 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
  16:38:05.0213 1780 UlSata - ok
  16:38:05.0291 1780 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
  16:38:05.0322 1780 ulsata2 - ok
  16:38:05.0338 1780 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
  16:38:05.0369 1780 umbus - ok
  16:38:05.0432 1780 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
  16:38:05.0541 1780 usbccgp - ok
  16:38:05.0556 1780 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
  16:38:05.0634 1780 usbcir - ok
  16:38:05.0712 1780 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
  16:38:05.0744 1780 usbehci - ok
  16:38:05.0868 1780 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
  16:38:05.0915 1780 usbhub - ok
  16:38:05.0946 1780 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
  16:38:06.0009 1780 usbohci - ok
  16:38:06.0196 1780 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
  16:38:06.0258 1780 usbprint - ok
  16:38:06.0305 1780 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
  16:38:06.0336 1780 usbscan - ok
  16:38:06.0352 1780 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
  16:38:06.0414 1780 USBSTOR - ok
  16:38:06.0430 1780 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
  16:38:06.0461 1780 usbuhci - ok
  16:38:06.0492 1780 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
  16:38:06.0555 1780 vga - ok
  16:38:06.0602 1780 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
  16:38:06.0648 1780 VgaSave - ok
  16:38:06.0664 1780 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
  16:38:06.0680 1780 viaide - ok
  16:38:06.0742 1780 vmm (c117cedfb9bfeadb29106fdac1358470) C:\Windows\system32\Drivers\vmm.sys
  16:38:06.0758 1780 vmm - ok
  16:38:06.0773 1780 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
  16:38:06.0804 1780 volmgr - ok
  16:38:06.0867 1780 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
  16:38:06.0945 1780 volmgrx - ok
  16:38:07.0007 1780 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
  16:38:07.0023 1780 volsnap - ok
  16:38:07.0054 1780 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
  16:38:07.0101 1780 VPCNetS2 - ok
  16:38:07.0148 1780 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
  16:38:07.0163 1780 vsmraid - ok
  16:38:07.0194 1780 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
  16:38:07.0288 1780 WacomPen - ok
  16:38:07.0335 1780 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
  16:38:07.0397 1780 Wanarp - ok
  16:38:07.0397 1780 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
  16:38:07.0428 1780 Wanarpv6 - ok
  16:38:07.0460 1780 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
  16:38:07.0475 1780 Wd - ok
  16:38:07.0506 1780 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
  16:38:07.0600 1780 Wdf01000 - ok
  16:38:07.0678 1780 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
  16:38:07.0787 1780 WmiAcpi - ok
  16:38:07.0896 1780 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
  16:38:07.0974 1780 WpdUsb - ok
  16:38:07.0990 1780 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
  16:38:08.0037 1780 ws2ifsl - ok
  16:38:08.0068 1780 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
  16:38:08.0146 1780 WUDFRd - ok
  16:38:08.0162 1780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
  16:38:08.0505 1780 \Device\Harddisk0\DR0 - ok
  16:38:08.0536 1780 Boot (0x1200) (e49a6d7f2e4a69365829dc5a4d29643e) \Device\Harddisk0\DR0\Partition0
  16:38:08.0552 1780 \Device\Harddisk0\DR0\Partition0 - ok
  16:38:08.0567 1780 Boot (0x1200) (f4eecde97d0fc6a0d71f159de8c00fd8) \Device\Harddisk0\DR0\Partition1
  16:38:08.0567 1780 \Device\Harddisk0\DR0\Partition1 - ok
  16:38:08.0598 1780 Boot (0x1200) (02d3c43010815810f0b3b6efa7c9b76b) \Device\Harddisk0\DR0\Partition2
  16:38:08.0598 1780 \Device\Harddisk0\DR0\Partition2 - ok
  16:38:08.0598 1780 ============================================================
  16:38:08.0598 1780 Scan finished
  16:38:08.0598 1780 ============================================================
  16:38:09.0472 3792 Deinitialize success

  ==============================================
  Last Created System Restore Point
  ==============================================
  RP256: 13-2-2012 17:54:31 - Herstelbewerking
  ==============================================
  EOF


  ++++++++++++++++++++++++++++++++++++++++++++++

  Combofixlog:

  ComboFix 12-02-13.01 - Rob Broers 14-02-2012 16:49:18.4.4 - x64
  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2537 [GMT 1:00]
  Gestart vanuit: c:\users\Rob Broers\Desktop\ComboFix.exe
  AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
  FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
  SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  * Aanwezig AV is actief
  .
  .
  .
  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  c:\windows\isRS-000.tmp
  c:\windows\pkunzip.pif
  c:\windows\pkzip.pif
  D:\install.exe
  .
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))
  .
  .
  2012-02-14 16:04 . 2012-02-14 16:11 ——– d—–w- c:\users\Rob Broers\AppData\Local\temp
  2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
  2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\Public\AppData\Local\temp
  2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\Default\AppData\Local\temp
  2012-02-14 15:37 . 2012-02-14 15:38 ——– d—–w- C:\TDSSStarter
  2012-02-05 10:00 . 2011-11-16 16:42 347136 —-a-w- c:\windows\system32\schannel.dll
  2012-02-05 10:00 . 2011-11-17 06:53 515968 —-a-w- c:\windows\system32\drivers\ksecdd.sys
  2012-02-05 10:00 . 2011-11-16 16:43 442368 —-a-w- c:\windows\system32\winhttp.dll
  2012-02-05 10:00 . 2011-11-16 16:41 1689600 —-a-w- c:\windows\system32\lsasrv.dll
  2012-02-05 10:00 . 2011-11-16 16:23 278528 —-a-w- c:\windows\SysWow64\schannel.dll
  2012-02-05 10:00 . 2011-11-16 16:42 94720 —-a-w- c:\windows\system32\secur32.dll
  2012-02-05 10:00 . 2011-11-16 16:24 77312 —-a-w- c:\windows\SysWow64\secur32.dll
  2012-02-05 10:00 . 2011-11-16 16:23 377344 —-a-w- c:\windows\SysWow64\winhttp.dll
  2012-02-05 10:00 . 2011-11-16 14:34 11264 —-a-w- c:\windows\system32\lsass.exe
  2012-01-21 18:41 . 2012-01-21 18:41 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
  .
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2012-01-30 18:39 . 2011-07-17 08:59 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  2011-12-10 14:24 . 2011-04-03 11:46 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
  2011-11-24 15:01 . 2011-11-24 15:01 499712 —-a-w- c:\windows\SysWow64\msvcp71.dll
  2011-11-24 15:01 . 2011-11-24 15:01 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
  2011-11-23 13:57 . 2012-01-08 09:09 2764800 —-a-w- c:\windows\system32\win32k.sys
  .
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4
  .
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
  "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
  "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
  "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-24 296056]
  .
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  ConBuilder - Auto Update.lnk - e:\cb algemeen\cbupdate.exe [2011-10-8 194177]
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableLUA"= 0 (0x0)
  "EnableUIADesktopToggle"= 0 (0x0)
  .
  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
  "aux"=wdmaud.drv
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
  @=""
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
  @=""
  .
  — Andere Services/Drivers In Geheugen —
  .
  *NewlyCreated* - WS2IFSL
  *Deregistered* - mfeavfk01
  .
  .
  ——— x86-64 ———–
  .
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
  @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
  [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
  @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
  [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
  @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
  [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  ——- Bijkomende Scan ——-
  .
  uLocal Page = c:\windows\system32\blank.htm
  uStart Page = hxxp://www.bing.com/maps/
  mLocal Page = c:\windows\SysWOW64\blank.htm
  IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
  CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
  FF - ProfilePath - c:\users\Rob Broers\AppData\Roaming\Mozilla\Firefox\Profiles\1cz0hd18.default\
  FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
  FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
  .
  - - - - ORPHANS VERWIJDERD - - - -
  .
  Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
  WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
  AddRemove-BADLANDS Summer Clear Plug-in for KOSMOS - c:\windows\system32\ss2uinst.exe
  AddRemove-CP Sggmrss - e:\temp\Uninstal CP Sggmrss.exe
  AddRemove-ProTrain Extra 6 Update 1.01 1.01 - e:\temp\SETUP\setup.exe
  AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
  AddRemove-2016 - e:\temp\2016.exe
  AddRemove-DB Schenker 189 - Packet - e:\temp\Uninstal.exe
  AddRemove-Glasgow - Carlisle Version 3.0 Beta - e:\ukroute\GLAS2CAR\Uninstal.exe
  AddRemove-Oberlausitzbahn V.1 + Zittauer Schmalspurbahn - e:\temp\Uninstal.exe
  AddRemove-TIR - e:\temp\ROUTES\TIR\Uninstal.exe
  AddRemove-Wupper Express 11 Actpack 1.0 - e:\temp\Uninstal.exe
  .
  .
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Shockwave Flash Object"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  @="0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  @="ShockwaveFlash.ShockwaveFlash.10"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="ShockwaveFlash.ShockwaveFlash"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Macromedia Flash Factory Object"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  @="FlashFactory.FlashFactory.1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="FlashFactory.FlashFactory"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker4"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
  @="Shockwave Flash"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
  @Denied: (A 2) (Everyone)
  @=""
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
  @="FlashBroker"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
  "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
  "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
  .
  ———————— Andere Aktieve Processen ————————
  .
  c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  c:\program files (x86)\Nero\Update\NASvc.exe
  c:\windows\SysWOW64\rundll32.exe
  c:\windows\SysWOW64\PSIService.exe
  e:\cb algemeen\X_cbupdate.exe
  c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2012-02-14 17:34:40 - machine werd herstart
  ComboFix-quarantined-files.txt 2012-02-14 16:34
  .
  Pre-Run: 133.555.699.712 bytes beschikbaar
  Post-Run: 132.977.979.392 bytes beschikbaar
  .
  - - End Of File - - 8F888E34436DF0A57F7A58500CAD7E20
 • Ik vind een rare gebruiker in jouw Windows, ben jij daar zelf mee bekend?

  Namelijk: [b:b54fb734e9]UpdatusUser[/b:b54fb734e9]

  Graag informatie hierover.
 • [quote:71e5b78e20="Abraham54"]Ik vind een rare gebruiker in jouw Windows, ben jij daar zelf mee bekend?

  Namelijk: [b:71e5b78e20]UpdatusUser[/b:71e5b78e20]

  Graag informatie hierover.[/quote:71e5b78e20]

  Die gebruikersnaam zegt me helemaal niets. Zou dat de boosdoener zijn?
 • Onderzoek leert mij dat het NVidia te maken heeft.

  Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

  Dat tool hangt samen met die UpdateUser!

  En nee, zo te lezen is het geen veiligheidsrisico!

  Welk e-mailprogramma gebruik jij eigenlijk?
 • [quote:70af391be9="Abraham54"]Onderzoek leert mij dat het NVidia te maken heeft.

  Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

  Dat tool hangt samen met die UpdateUser!

  En nee, zo te lezen is het geen veiligheidsrisico!

  Welk e-mailprogramma gebruik jij eigenlijk?[/quote:70af391be9]

  Ik gebruik Mozilla thunderbird als emailprogramma.

  Wat betreft die Nvidia updater: dat kijk ik vanavond even na. Ben nu onderweg.
 • [quote:5b2c6a2e00="Abraham54"]Onderzoek leert mij dat het NVidia te maken heeft.

  Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

  Dat tool hangt samen met die UpdateUser!

  En nee, zo te lezen is het geen veiligheidsrisico!

  Welk e-mailprogramma gebruik jij eigenlijk?[/quote:5b2c6a2e00]

  In het configuratiescherm kom ik inderdaad Nvidia Update tegen.
 • Hallo Rob, hoeveel e-mailaccounts heb jij en hoe lang werk je al met hetzelfde wachtwoord?

  En gebruik je hetzelfde wachtwoord mogelijk ook voor andere log-ins?
 • [quote:a71e7d8936="Abraham54"]Hallo Rob, hoeveel e-mailaccounts heb jij en hoe lang werk je al met hetzelfde wachtwoord?

  En gebruik je hetzelfde wachtwoord mogelijk ook voor andere log-ins?[/quote:a71e7d8936]

  Hallo Abraham,

  Ik heb in totaal 3 accounts, werk inderdaad al lang met hetzelfde wachtwoord, wat ik intussen wel gewijzigd heb. Dat oude wachtwoord gebruik ik ook voor andere logins.

  Groeten
  Rob
 • Foute boel dus!

  Juist daardoor maak je het anderen wel bijzonder makkelijk om er achter te komen wat jij gebruikt.

  Bovendien zal je te makkelijk onthouden wachtwoorden gebruiken en ook dat is uit den boze.
  Vermoedelijk ook dat logins automatisch gebeuren vanuit de cookiecache.
  Ook dat is foute boel, want de cookiecache kan heel makkelijk door derden worden nagekeken en dan kan het gebeuren wat jiu is gebeurd: dat je spam gaat verzenden.

  Ik beschik over twee mailaccounts en onnoemelijk veel logins.
  Gemiddelde wachtwoordlengte bij mij is 14 tekens.
  Elk wachtwoord bij mij is anders en dat alles wordt mij ook heel makkelijk gemaakt, omdat ik LastPass gebruik als wachtwoordmanager.

  Dus onderzoek LastPass maar en verbeter je wachtwoordleven.
 • Hoi Rob, volgens mij heb jij je antwoord in een verkeerd topic gepost.

  Is het met LastPass al gelukt?

  En jij mag het volgende doen: [b:c3e29829fa]de ESET online scan (Klik).[/b:c3e29829fa]
  [list:c3e29829fa]
  [*:c3e29829fa]Klik op de knop [b:c3e29829fa]ESET Online Scanner[/b:c3e29829fa]
  [*:c3e29829fa]Zet een vinkje bij [b:c3e29829fa]YES, I accept the Terms of Use[/b:c3e29829fa]
  [*:c3e29829fa]Klik op [b:c3e29829fa]Start[/b:c3e29829fa]
  [*:c3e29829fa]Sta het ActiveX control toe om te installeren.
  [*:c3e29829fa]Zet een vinkje bij de volgende opties:
  [list:c3e29829fa][*:c3e29829fa][b:c3e29829fa]Remove found threats[/b:c3e29829fa]
  [*:c3e29829fa][b:c3e29829fa]Scan archives[/b:c3e29829fa][/list:u:c3e29829fa]
  [*:c3e29829fa]Klik vervolgens op [b:c3e29829fa]
 • Inderdaad Abraham, ik zat verkeerd. Heb het al gewijzigd met het verzoek om het bericht te verwijderen.

  LastPass zojuist gedownload en ga het zo meteen installeren. Als ik het goed begrijp, zou ik voor Opera een andere versie moeten installeren?

  'k Zal eerst de ESET scan uitvoeren.

  Groeten
  Rob
 • Hoi Rob, ik heb je bericht gelezen.
  Een schone installatie zal mogelijk niet het gewenste resultaat geven!
 • [quote:8f43954421="Abraham54"]Hoi Rob, ik heb je bericht gelezen.
  Een schone installatie zal mogelijk niet het gewenste resultaat geven![/quote:8f43954421]

  Zit het probleem dan toch bij mij als dat niet helpt?
  En hoe kan ik of mijn pc spam versturen als de pc niet aanstaat?

  Groeten
  Rob
 • Vertel, wie is jouw e-mailprovider?
 • [quote:5e40630cdc="Abraham54"]Vertel, wie is jouw e-mailprovider?[/quote:5e40630cdc]

  Ziggo is mijn provider.
 • Oké.

  Is LastPass al funktioneel?


  [b:5782aae7eb]Welk programma[/b:5782aae7eb]: Malwarebytes MBAM
  [b:5782aae7eb]Waarvoor/waarom[/b:5782aae7eb]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
  [b:5782aae7eb]Moeilijkheidsgraad[/b:5782aae7eb]: geen.

  [b:5782aae7eb]Download Malwarebytes MBAM via één van deze locaties[/b:5782aae7eb]:
  [list:5782aae7eb][*:5782aae7eb][b:5782aae7eb]Softpedia.com[/b:5782aae7eb][*:5782aae7eb][b:5782aae7eb]Majorgeeks.com[/b:5782aae7eb][/list:u:5782aae7eb]
  [b:5782aae7eb]Allereerst[/b:5782aae7eb]:[list:5782aae7eb][*:5782aae7eb] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
  [*:5782aae7eb] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:5782aae7eb]
  [b:5782aae7eb]Malwarebytes MBAM opstarten[/b:5782aae7eb]:
  [list:5782aae7eb][*:5782aae7eb] [b:5782aae7eb]
 • Hallo Abraham,

  intussen is me iets anders opgevallen: met het emailprogramma in de Opera browser kan ik wel mail verzenden, maar met Mozilla niet.

  Het probleem zit waarschijnlijk in Mozilla Thunderbird, want met Windows Mail kan ik wel verzenden.

  de log van MBAM:

  Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
  www.malwarebytes.org

  Databaseversie: v2012.02.17.02

  Windows Vista Service Pack 2 x64 NTFS
  Internet Explorer 9.0.8112.16421
  Rob Broers :: PC_VAN_ROBBROER [administrator]

  Realtime bescherming: Uitgeschakeld

  17-2-2012 18:24:41
  mbam-log-2012-02-17 (18-24-41).txt

  Scantype: Snelle scan
  Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
  Uitgeschakelde scanopties: P2P
  Objecten gescand: 199469
  Verstreken tijd: 3 minuut/minuten, 49 seconde(n)

  Geheugenprocessen gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 0
  (Geen kwaadaardige objecten gedetecteerd)

  (einde)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.