Vraag & Antwoord

Beveiliging & privacy

Hijackthis 1302

Anoniem
None
57 antwoorden
  • Het volgende probleem doet zich sinds gisteren voor: ik kreeg vandaag enkele honderden emails met een bericht dat mijn verzonden emails niet afgeleverd konden worden. Ben me niet bewust dat ik zoveel emails aan het verzenden was, dus dat baart me al zorgen. Via Ziggo werd ik verwezen naar https://www.ziggo.nl/#help/hulp-per-onderwerp/internet/e-mail/email003/, dus ik kan nu (voorlopig hoop ik) geen email meer versturen.

    Vandaar dat ik zou willen vragen of iemand onderstaande log zou willen beoordelen.
    Intussen heb ik wel een herstelpunt teruggeplaatst van voor deze problemen. Om tot een oplossing te komen, had ik dat misschien beter niet kunnen doen???

    Alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:40:26, on 13-2-2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    E:\CB Algemeen\X_cbupdate.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\ConTEXT\ConTEXT.exe
    C:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/maps/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111226152210.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\Program Files (x86)\DMEXBar\dmexbar.dll
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-4L6Q7.exe" /REG /REGSVRMODE
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-21-3325951053-1369944651-455877973-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3325951053-1369944651-455877973-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
    O4 - Global Startup: ConBuilder - Auto Update.lnk = E:\CB Algemeen\cbupdate.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9059 bytes
    Anoniem
    Anoniem
  • Jij mag het volgende gaan doen:

    [b:0b5fcf32f4]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:0b5fcf32f4]
    Anoniem
    Anoniem
  • Bedankt voor je snelle antwoord. 't Zal wel morgenavond worden voordat ik je instructies uit ga voeren; vanavond en morgen overdag komt het er niet van.

    Groeten
    Rob
    Anoniem
    Anoniem
  • Hieronder de gevraagde logs. Combofix meldde wel dat ik antivirussoftware niet had uitgeschakeld, terwijl ik dat (volgens mij) wel gedaan had.

    16:37:40.0550 3500 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    16:37:40.0550 3500 ============================================================
    16:37:40.0550 3500 Current date / time: 2012/02/14 16:37:40.0550
    16:37:40.0550 3500 SystemInfo:
    16:37:40.0550 3500
    16:37:40.0550 3500 OS Version: 6.0.6002 ServicePack: 2.0
    16:37:40.0550 3500 Product type: Workstation
    16:37:40.0550 3500 ComputerName: mijzelf
    16:37:40.0550 3500 UserName: mijzelf
    16:37:40.0550 3500 Windows directory: C:\Windows
    16:37:40.0550 3500 System windows directory: C:\Windows
    16:37:40.0550 3500 Running under WOW64
    16:37:40.0550 3500 Processor architecture: Intel x64
    16:37:40.0550 3500 Number of processors: 4
    16:37:40.0550 3500 Page size: 0x1000
    16:37:40.0550 3500 Boot type: Normal boot
    16:37:40.0550 3500 ============================================================
    16:37:42.0406 3500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:37:42.0422 3500 \Device\Harddisk0\DR0:
    16:37:42.0422 3500 MBR used
    16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E848000
    16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E848800, BlocksNum 0x1E848000
    16:37:42.0422 3500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675800
    16:37:42.0858 3500 Initialize success
    16:37:42.0858 3500 ============================================================
    16:37:42.0874 1780 ============================================================
    16:37:42.0874 1780 Scan started
    16:37:42.0874 1780 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    16:37:42.0874 1780 ============================================================
    16:37:45.0588 1780 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    16:37:45.0713 1780 ACPI - ok
    16:37:45.0776 1780 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    16:37:45.0916 1780 adp94xx - ok
    16:37:45.0947 1780 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    16:37:45.0963 1780 adpahci - ok
    16:37:45.0994 1780 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    16:37:46.0010 1780 adpu160m - ok
    16:37:46.0056 1780 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    16:37:46.0072 1780 adpu320 - ok
    16:37:46.0134 1780 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
    16:37:46.0384 1780 AFD - ok
    16:37:46.0431 1780 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    16:37:46.0431 1780 agp440 - ok
    16:37:46.0462 1780 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    16:37:46.0478 1780 aic78xx - ok
    16:37:46.0524 1780 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    16:37:46.0524 1780 aliide - ok
    16:37:46.0540 1780 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    16:37:46.0556 1780 amdide - ok
    16:37:46.0571 1780 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    16:37:46.0665 1780 AmdK8 - ok
    16:37:46.0696 1780 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    16:37:46.0712 1780 arc - ok
    16:37:46.0758 1780 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    16:37:46.0774 1780 arcsas - ok
    16:37:46.0821 1780 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:37:46.0883 1780 AsyncMac - ok
    16:37:46.0899 1780 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    16:37:46.0914 1780 atapi - ok
    16:37:47.0024 1780 Beep - ok
    16:37:47.0055 1780 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    16:37:47.0102 1780 blbdrive - ok
    16:37:47.0148 1780 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    16:37:47.0273 1780 bowser - ok
    16:37:47.0289 1780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    16:37:47.0414 1780 BrFiltLo - ok
    16:37:47.0429 1780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    16:37:47.0460 1780 BrFiltUp - ok
    16:37:47.0507 1780 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    16:37:47.0648 1780 Brserid - ok
    16:37:47.0663 1780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    16:37:47.0772 1780 BrSerWdm - ok
    16:37:47.0788 1780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    16:37:47.0897 1780 BrUsbMdm - ok
    16:37:47.0928 1780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    16:37:47.0975 1780 BrUsbSer - ok
    16:37:48.0038 1780 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    16:37:48.0100 1780 BTHMODEM - ok
    16:37:48.0116 1780 catchme - ok
    16:37:48.0147 1780 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    16:37:48.0225 1780 cdfs - ok
    16:37:48.0256 1780 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    16:37:48.0334 1780 cdrom - ok
    16:37:48.0381 1780 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
    16:37:48.0474 1780 cfwids - ok
    16:37:48.0552 1780 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    16:37:48.0615 1780 circlass - ok
    16:37:48.0646 1780 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    16:37:48.0708 1780 CLFS - ok
    16:37:48.0740 1780 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    16:37:48.0755 1780 cmdide - ok
    16:37:48.0771 1780 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
    16:37:48.0786 1780 Compbatt - ok
    16:37:48.0802 1780 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    16:37:48.0818 1780 crcdisk - ok
    16:37:48.0880 1780 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    16:37:49.0005 1780 DfsC - ok
    16:37:49.0036 1780 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    16:37:49.0052 1780 disk - ok
    16:37:49.0114 1780 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    16:37:49.0145 1780 drmkaud - ok
    16:37:49.0192 1780 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    16:37:49.0223 1780 DXGKrnl - ok
    16:37:49.0254 1780 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    16:37:49.0317 1780 E1G60 - ok
    16:37:49.0379 1780 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    16:37:49.0395 1780 Ecache - ok
    16:37:49.0457 1780 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    16:37:49.0551 1780 elxstor - ok
    16:37:49.0566 1780 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    16:37:49.0598 1780 ErrDev - ok
    16:37:49.0738 1780 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    16:37:49.0832 1780 exfat - ok
    16:37:49.0863 1780 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    16:37:49.0941 1780 fastfat - ok
    16:37:49.0941 1780 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    16:37:49.0988 1780 fdc - ok
    16:37:50.0019 1780 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    16:37:50.0034 1780 FileInfo - ok
    16:37:50.0066 1780 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    16:37:50.0112 1780 Filetrace - ok
    16:37:50.0128 1780 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:37:50.0159 1780 flpydisk - ok
    16:37:50.0175 1780 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    16:37:50.0222 1780 FltMgr - ok
    16:37:50.0253 1780 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    16:37:50.0300 1780 Fs_Rec - ok
    16:37:50.0331 1780 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    16:37:50.0378 1780 gagp30kx - ok
    16:37:50.0409 1780 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
    16:37:50.0534 1780 HdAudAddService - ok
    16:37:50.0658 1780 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:37:50.0752 1780 HDAudBus - ok
    16:37:50.0783 1780 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    16:37:50.0846 1780 HidBth - ok
    16:37:50.0877 1780 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    16:37:50.0970 1780 HidIr - ok
    16:37:50.0986 1780 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    16:37:51.0033 1780 HidUsb - ok
    16:37:51.0048 1780 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    16:37:51.0064 1780 HpCISSs - ok
    16:37:51.0095 1780 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    16:37:51.0204 1780 HTTP - ok
    16:37:51.0220 1780 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    16:37:51.0236 1780 i2omp - ok
    16:37:51.0267 1780 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:37:51.0329 1780 i8042prt - ok
    16:37:51.0345 1780 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    16:37:51.0360 1780 iaStorV - ok
    16:37:51.0407 1780 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    16:37:51.0423 1780 iirsp - ok
    16:37:51.0438 1780 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    16:37:51.0454 1780 intelide - ok
    16:37:51.0485 1780 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    16:37:51.0501 1780 intelppm - ok
    16:37:51.0548 1780 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:37:51.0626 1780 IpFilterDriver - ok
    16:37:51.0626 1780 IpInIp - ok
    16:37:51.0641 1780 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    16:37:51.0672 1780 IPMIDRV - ok
    16:37:51.0719 1780 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    16:37:51.0750 1780 IPNAT - ok
    16:37:51.0797 1780 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    16:37:51.0844 1780 IRENUM - ok
    16:37:51.0860 1780 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    16:37:51.0906 1780 isapnp - ok
    16:37:51.0922 1780 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:37:51.0938 1780 iScsiPrt - ok
    16:37:51.0953 1780 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    16:37:51.0969 1780 iteatapi - ok
    16:37:52.0000 1780 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    16:37:52.0016 1780 iteraid - ok
    16:37:52.0156 1780 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:37:52.0172 1780 kbdclass - ok
    16:37:52.0281 1780 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:37:52.0328 1780 kbdhid - ok
    16:37:52.0374 1780 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
    16:37:52.0577 1780 KSecDD - ok
    16:37:52.0593 1780 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    16:37:52.0671 1780 ksthunk - ok
    16:37:52.0686 1780 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
    16:37:52.0842 1780 L1E - ok
    16:37:52.0858 1780 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    16:37:52.0905 1780 lltdio - ok
    16:37:52.0920 1780 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    16:37:52.0983 1780 LSI_FC - ok
    16:37:53.0014 1780 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    16:37:53.0030 1780 LSI_SAS - ok
    16:37:53.0061 1780 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    16:37:53.0076 1780 LSI_SCSI - ok
    16:37:53.0123 1780 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    16:37:53.0186 1780 luafv - ok
    16:37:53.0232 1780 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    16:37:53.0248 1780 MBAMProtector - ok
    16:37:53.0326 1780 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    16:37:53.0342 1780 megasas - ok
    16:37:53.0373 1780 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    16:37:53.0435 1780 MegaSR - ok
    16:37:53.0576 1780 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
    16:37:53.0622 1780 mfeapfk - ok
    16:37:53.0716 1780 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
    16:37:53.0763 1780 mfeavfk - ok
    16:37:53.0794 1780 mfeavfk01 - ok
    16:37:53.0841 1780 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
    16:37:54.0028 1780 mfefirek - ok
    16:37:54.0075 1780 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
    16:37:54.0184 1780 mfehidk - ok
    16:37:54.0215 1780 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
    16:37:54.0262 1780 mfenlfk - ok
    16:37:54.0293 1780 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
    16:37:54.0340 1780 mferkdet - ok
    16:37:54.0371 1780 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
    16:37:54.0418 1780 mfewfpk - ok
    16:37:54.0449 1780 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
    16:37:54.0496 1780 MOBKFilter - ok
    16:37:54.0527 1780 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    16:37:54.0590 1780 Modem - ok
    16:37:54.0605 1780 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    16:37:54.0652 1780 monitor - ok
    16:37:54.0668 1780 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    16:37:54.0683 1780 mouclass - ok
    16:37:54.0714 1780 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    16:37:54.0761 1780 mouhid - ok
    16:37:54.0777 1780 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    16:37:54.0777 1780 MountMgr - ok
    16:37:54.0824 1780 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    16:37:54.0839 1780 mpio - ok
    16:37:54.0886 1780 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    16:37:54.0933 1780 mpsdrv - ok
    16:37:54.0995 1780 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    16:37:55.0011 1780 Mraid35x - ok
    16:37:55.0058 1780 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    16:37:55.0120 1780 MRxDAV - ok
    16:37:55.0167 1780 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:37:55.0260 1780 mrxsmb - ok
    16:37:55.0307 1780 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:37:55.0370 1780 mrxsmb10 - ok
    16:37:55.0385 1780 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:37:55.0448 1780 mrxsmb20 - ok
    16:37:55.0463 1780 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    16:37:55.0479 1780 msahci - ok
    16:37:55.0494 1780 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    16:37:55.0510 1780 msdsm - ok
    16:37:55.0588 1780 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    16:37:55.0635 1780 Msfs - ok
    16:37:55.0666 1780 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    16:37:55.0682 1780 msisadrv - ok
    16:37:55.0728 1780 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    16:37:55.0775 1780 MSKSSRV - ok
    16:37:55.0791 1780 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:37:55.0884 1780 MSPCLOCK - ok
    16:37:55.0916 1780 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    16:37:55.0962 1780 MSPQM - ok
    16:37:56.0040 1780 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    16:37:56.0056 1780 MsRPC - ok
    16:37:56.0103 1780 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:37:56.0103 1780 mssmbios - ok
    16:37:56.0259 1780 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    16:37:56.0306 1780 MSTEE - ok
    16:37:56.0352 1780 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    16:37:56.0430 1780 MTsensor - ok
    16:37:56.0446 1780 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    16:37:56.0462 1780 Mup - ok
    16:37:56.0540 1780 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    16:37:56.0571 1780 NativeWifiP - ok
    16:37:56.0649 1780 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    16:37:56.0742 1780 NDIS - ok
    16:37:56.0774 1780 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:37:56.0820 1780 NdisTapi - ok
    16:37:56.0883 1780 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:37:56.0961 1780 Ndisuio - ok
    16:37:56.0976 1780 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:37:57.0008 1780 NdisWan - ok
    16:37:57.0023 1780 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    16:37:57.0086 1780 NDProxy - ok
    16:37:57.0132 1780 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    16:37:57.0164 1780 NetBIOS - ok
    16:37:57.0320 1780 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    16:37:57.0429 1780 netbt - ok
    16:37:57.0460 1780 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    16:37:57.0476 1780 nfrd960 - ok
    16:37:57.0507 1780 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    16:37:57.0585 1780 Npfs - ok
    16:37:57.0647 1780 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    16:37:57.0694 1780 nsiproxy - ok
    16:37:57.0803 1780 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    16:37:57.0990 1780 Ntfs - ok
    16:37:58.0006 1780 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    16:37:58.0068 1780 Null - ok
    16:37:58.0661 1780 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:37:58.0942 1780 nvlddmkm - ok
    16:37:58.0973 1780 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    16:37:58.0989 1780 nvraid - ok
    16:37:59.0004 1780 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    16:37:59.0020 1780 nvstor - ok
    16:37:59.0067 1780 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    16:37:59.0082 1780 nv_agp - ok
    16:37:59.0129 1780 NwlnkFlt - ok
    16:37:59.0145 1780 NwlnkFwd - ok
    16:37:59.0223 1780 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    16:37:59.0270 1780 ohci1394 - ok
    16:37:59.0348 1780 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    16:37:59.0410 1780 Parport - ok
    16:37:59.0472 1780 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    16:37:59.0488 1780 partmgr - ok
    16:37:59.0519 1780 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    16:37:59.0535 1780 pci - ok
    16:37:59.0582 1780 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
    16:37:59.0582 1780 pciide - ok
    16:37:59.0628 1780 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    16:37:59.0644 1780 pcmcia - ok
    16:37:59.0722 1780 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    16:37:59.0972 1780 PEAUTH - ok
    16:38:00.0034 1780 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    16:38:00.0112 1780 PptpMiniport - ok
    16:38:00.0159 1780 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    16:38:00.0206 1780 Processor - ok
    16:38:00.0252 1780 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    16:38:00.0284 1780 PSched - ok
    16:38:00.0330 1780 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    16:38:00.0502 1780 ql2300 - ok
    16:38:00.0533 1780 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    16:38:00.0549 1780 ql40xx - ok
    16:38:00.0580 1780 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    16:38:00.0627 1780 QWAVEdrv - ok
    16:38:00.0642 1780 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    16:38:00.0689 1780 RasAcd - ok
    16:38:00.0752 1780 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:38:00.0783 1780 Rasl2tp - ok
    16:38:00.0830 1780 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:38:00.0908 1780 RasPppoe - ok
    16:38:00.0954 1780 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    16:38:00.0970 1780 RasSstp - ok
    16:38:01.0095 1780 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    16:38:01.0142 1780 rdbss - ok
    16:38:01.0173 1780 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:38:01.0220 1780 RDPCDD - ok
    16:38:01.0266 1780 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    16:38:01.0344 1780 rdpdr - ok
    16:38:01.0360 1780 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    16:38:01.0391 1780 RDPENCDD - ok
    16:38:01.0407 1780 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    16:38:01.0500 1780 RDPWD - ok
    16:38:01.0547 1780 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
    16:38:01.0594 1780 Revoflt - ok
    16:38:01.0610 1780 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    16:38:01.0641 1780 rspndr - ok
    16:38:01.0719 1780 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    16:38:01.0734 1780 sbp2port - ok
    16:38:01.0750 1780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:38:01.0812 1780 secdrv - ok
    16:38:01.0844 1780 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
    16:38:01.0922 1780 Serenum - ok
    16:38:01.0953 1780 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
    16:38:01.0984 1780 Serial - ok
    16:38:02.0000 1780 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    16:38:02.0046 1780 sermouse - ok
    16:38:02.0078 1780 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    16:38:02.0109 1780 sffdisk - ok
    16:38:02.0171 1780 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    16:38:02.0218 1780 sffp_mmc - ok
    16:38:02.0249 1780 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    16:38:02.0327 1780 sffp_sd - ok
    16:38:02.0374 1780 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    16:38:02.0421 1780 sfloppy - ok
    16:38:02.0577 1780 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    16:38:02.0624 1780 SiSRaid2 - ok
    16:38:02.0686 1780 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    16:38:02.0702 1780 SiSRaid4 - ok
    16:38:02.0858 1780 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    16:38:02.0904 1780 Smb - ok
    16:38:03.0029 1780 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    16:38:03.0045 1780 spldr - ok
    16:38:03.0138 1780 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    16:38:03.0201 1780 srv - ok
    16:38:03.0263 1780 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    16:38:03.0357 1780 srv2 - ok
    16:38:03.0372 1780 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    16:38:03.0435 1780 srvnet - ok
    16:38:03.0450 1780 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    16:38:03.0466 1780 swenum - ok
    16:38:03.0497 1780 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    16:38:03.0513 1780 Symc8xx - ok
    16:38:03.0528 1780 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    16:38:03.0544 1780 Sym_hi - ok
    16:38:03.0560 1780 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    16:38:03.0575 1780 Sym_u3 - ok
    16:38:03.0622 1780 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
    16:38:03.0950 1780 Tcpip - ok
    16:38:04.0074 1780 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
    16:38:04.0199 1780 Tcpip6 - ok
    16:38:04.0230 1780 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    16:38:04.0293 1780 tcpipreg - ok
    16:38:04.0308 1780 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    16:38:04.0340 1780 TDPIPE - ok
    16:38:04.0386 1780 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    16:38:04.0449 1780 TDTCP - ok
    16:38:04.0542 1780 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    16:38:04.0574 1780 tdx - ok
    16:38:04.0605 1780 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    16:38:04.0620 1780 TermDD - ok
    16:38:04.0730 1780 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:38:04.0776 1780 tssecsrv - ok
    16:38:04.0776 1780 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    16:38:04.0808 1780 tunmp - ok
    16:38:04.0839 1780 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
    16:38:04.0870 1780 tunnel - ok
    16:38:04.0901 1780 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    16:38:04.0917 1780 uagp35 - ok
    16:38:04.0948 1780 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    16:38:04.0995 1780 udfs - ok
    16:38:05.0026 1780 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    16:38:05.0073 1780 uliagpkx - ok
    16:38:05.0104 1780 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    16:38:05.0182 1780 uliahci - ok
    16:38:05.0198 1780 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    16:38:05.0213 1780 UlSata - ok
    16:38:05.0291 1780 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    16:38:05.0322 1780 ulsata2 - ok
    16:38:05.0338 1780 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    16:38:05.0369 1780 umbus - ok
    16:38:05.0432 1780 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:38:05.0541 1780 usbccgp - ok
    16:38:05.0556 1780 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    16:38:05.0634 1780 usbcir - ok
    16:38:05.0712 1780 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    16:38:05.0744 1780 usbehci - ok
    16:38:05.0868 1780 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    16:38:05.0915 1780 usbhub - ok
    16:38:05.0946 1780 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    16:38:06.0009 1780 usbohci - ok
    16:38:06.0196 1780 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    16:38:06.0258 1780 usbprint - ok
    16:38:06.0305 1780 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    16:38:06.0336 1780 usbscan - ok
    16:38:06.0352 1780 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:38:06.0414 1780 USBSTOR - ok
    16:38:06.0430 1780 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:38:06.0461 1780 usbuhci - ok
    16:38:06.0492 1780 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:38:06.0555 1780 vga - ok
    16:38:06.0602 1780 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    16:38:06.0648 1780 VgaSave - ok
    16:38:06.0664 1780 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    16:38:06.0680 1780 viaide - ok
    16:38:06.0742 1780 vmm (c117cedfb9bfeadb29106fdac1358470) C:\Windows\system32\Drivers\vmm.sys
    16:38:06.0758 1780 vmm - ok
    16:38:06.0773 1780 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    16:38:06.0804 1780 volmgr - ok
    16:38:06.0867 1780 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    16:38:06.0945 1780 volmgrx - ok
    16:38:07.0007 1780 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    16:38:07.0023 1780 volsnap - ok
    16:38:07.0054 1780 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
    16:38:07.0101 1780 VPCNetS2 - ok
    16:38:07.0148 1780 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    16:38:07.0163 1780 vsmraid - ok
    16:38:07.0194 1780 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    16:38:07.0288 1780 WacomPen - ok
    16:38:07.0335 1780 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    16:38:07.0397 1780 Wanarp - ok
    16:38:07.0397 1780 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    16:38:07.0428 1780 Wanarpv6 - ok
    16:38:07.0460 1780 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    16:38:07.0475 1780 Wd - ok
    16:38:07.0506 1780 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    16:38:07.0600 1780 Wdf01000 - ok
    16:38:07.0678 1780 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    16:38:07.0787 1780 WmiAcpi - ok
    16:38:07.0896 1780 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    16:38:07.0974 1780 WpdUsb - ok
    16:38:07.0990 1780 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    16:38:08.0037 1780 ws2ifsl - ok
    16:38:08.0068 1780 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:38:08.0146 1780 WUDFRd - ok
    16:38:08.0162 1780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    16:38:08.0505 1780 \Device\Harddisk0\DR0 - ok
    16:38:08.0536 1780 Boot (0x1200) (e49a6d7f2e4a69365829dc5a4d29643e) \Device\Harddisk0\DR0\Partition0
    16:38:08.0552 1780 \Device\Harddisk0\DR0\Partition0 - ok
    16:38:08.0567 1780 Boot (0x1200) (f4eecde97d0fc6a0d71f159de8c00fd8) \Device\Harddisk0\DR0\Partition1
    16:38:08.0567 1780 \Device\Harddisk0\DR0\Partition1 - ok
    16:38:08.0598 1780 Boot (0x1200) (02d3c43010815810f0b3b6efa7c9b76b) \Device\Harddisk0\DR0\Partition2
    16:38:08.0598 1780 \Device\Harddisk0\DR0\Partition2 - ok
    16:38:08.0598 1780 ============================================================
    16:38:08.0598 1780 Scan finished
    16:38:08.0598 1780 ============================================================
    16:38:09.0472 3792 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    RP256: 13-2-2012 17:54:31 - Herstelbewerking
    ==============================================
    EOF


    ++++++++++++++++++++++++++++++++++++++++++++++

    Combofixlog:

    ComboFix 12-02-13.01 - Rob Broers 14-02-2012 16:49:18.4.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2537 [GMT 1:00]
    Gestart vanuit: c:\users\Rob Broers\Desktop\ComboFix.exe
    AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Aanwezig AV is actief
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\isRS-000.tmp
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    D:\install.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 16:04 . 2012-02-14 16:11 ——– d—–w- c:\users\Rob Broers\AppData\Local\temp
    2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\Public\AppData\Local\temp
    2012-02-14 16:04 . 2012-02-14 16:04 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-02-14 15:37 . 2012-02-14 15:38 ——– d—–w- C:\TDSSStarter
    2012-02-05 10:00 . 2011-11-16 16:42 347136 —-a-w- c:\windows\system32\schannel.dll
    2012-02-05 10:00 . 2011-11-17 06:53 515968 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-02-05 10:00 . 2011-11-16 16:43 442368 —-a-w- c:\windows\system32\winhttp.dll
    2012-02-05 10:00 . 2011-11-16 16:41 1689600 —-a-w- c:\windows\system32\lsasrv.dll
    2012-02-05 10:00 . 2011-11-16 16:23 278528 —-a-w- c:\windows\SysWow64\schannel.dll
    2012-02-05 10:00 . 2011-11-16 16:42 94720 —-a-w- c:\windows\system32\secur32.dll
    2012-02-05 10:00 . 2011-11-16 16:24 77312 —-a-w- c:\windows\SysWow64\secur32.dll
    2012-02-05 10:00 . 2011-11-16 16:23 377344 —-a-w- c:\windows\SysWow64\winhttp.dll
    2012-02-05 10:00 . 2011-11-16 14:34 11264 —-a-w- c:\windows\system32\lsass.exe
    2012-01-21 18:41 . 2012-01-21 18:41 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-30 18:39 . 2011-07-17 08:59 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 14:24 . 2011-04-03 11:46 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-24 15:01 . 2011-11-24 15:01 499712 —-a-w- c:\windows\SysWow64\msvcp71.dll
    2011-11-24 15:01 . 2011-11-24 15:01 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
    2011-11-23 13:57 . 2012-01-08 09:09 2764800 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-24 296056]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ConBuilder - Auto Update.lnk - e:\cb algemeen\cbupdate.exe [2011-10-8 194177]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/maps/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Rob Broers\AppData\Roaming\Mozilla\Firefox\Profiles\1cz0hd18.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
    AddRemove-BADLANDS Summer Clear Plug-in for KOSMOS - c:\windows\system32\ss2uinst.exe
    AddRemove-CP Sggmrss - e:\temp\Uninstal CP Sggmrss.exe
    AddRemove-ProTrain Extra 6 Update 1.01 1.01 - e:\temp\SETUP\setup.exe
    AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    AddRemove-2016 - e:\temp\2016.exe
    AddRemove-DB Schenker 189 - Packet - e:\temp\Uninstal.exe
    AddRemove-Glasgow - Carlisle Version 3.0 Beta - e:\ukroute\GLAS2CAR\Uninstal.exe
    AddRemove-Oberlausitzbahn V.1 + Zittauer Schmalspurbahn - e:\temp\Uninstal.exe
    AddRemove-TIR - e:\temp\ROUTES\TIR\Uninstal.exe
    AddRemove-Wupper Express 11 Actpack 1.0 - e:\temp\Uninstal.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\program files (x86)\Nero\Update\NASvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PSIService.exe
    e:\cb algemeen\X_cbupdate.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-02-14 17:34:40 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-02-14 16:34
    .
    Pre-Run: 133.555.699.712 bytes beschikbaar
    Post-Run: 132.977.979.392 bytes beschikbaar
    .
    - - End Of File - - 8F888E34436DF0A57F7A58500CAD7E20
    Anoniem
    Anoniem
  • Ik vind een rare gebruiker in jouw Windows, ben jij daar zelf mee bekend?

    Namelijk: [b:b54fb734e9]UpdatusUser[/b:b54fb734e9]

    Graag informatie hierover.
    Anoniem
    Anoniem
  • [quote:71e5b78e20="Abraham54"]Ik vind een rare gebruiker in jouw Windows, ben jij daar zelf mee bekend?

    Namelijk: [b:71e5b78e20]UpdatusUser[/b:71e5b78e20]

    Graag informatie hierover.[/quote:71e5b78e20]

    Die gebruikersnaam zegt me helemaal niets. Zou dat de boosdoener zijn?
    Anoniem
    Anoniem
  • Onderzoek leert mij dat het NVidia te maken heeft.

    Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

    Dat tool hangt samen met die UpdateUser!

    En nee, zo te lezen is het geen veiligheidsrisico!

    Welk e-mailprogramma gebruik jij eigenlijk?
    Anoniem
    Anoniem
  • [quote:70af391be9="Abraham54"]Onderzoek leert mij dat het NVidia te maken heeft.

    Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

    Dat tool hangt samen met die UpdateUser!

    En nee, zo te lezen is het geen veiligheidsrisico!

    Welk e-mailprogramma gebruik jij eigenlijk?[/quote:70af391be9]

    Ik gebruik Mozilla thunderbird als emailprogramma.

    Wat betreft die Nvidia updater: dat kijk ik vanavond even na. Ben nu onderweg.
    Anoniem
    Anoniem
  • [quote:5b2c6a2e00="Abraham54"]Onderzoek leert mij dat het NVidia te maken heeft.

    Kijk in "Configuratiescherm/Programma's en onderdelen" of je daar NVidia Update tegenkomt.

    Dat tool hangt samen met die UpdateUser!

    En nee, zo te lezen is het geen veiligheidsrisico!

    Welk e-mailprogramma gebruik jij eigenlijk?[/quote:5b2c6a2e00]

    In het configuratiescherm kom ik inderdaad Nvidia Update tegen.
    Anoniem
    Anoniem
  • Hallo Rob, hoeveel e-mailaccounts heb jij en hoe lang werk je al met hetzelfde wachtwoord?

    En gebruik je hetzelfde wachtwoord mogelijk ook voor andere log-ins?
    Anoniem
    Anoniem
  • [quote:a71e7d8936="Abraham54"]Hallo Rob, hoeveel e-mailaccounts heb jij en hoe lang werk je al met hetzelfde wachtwoord?

    En gebruik je hetzelfde wachtwoord mogelijk ook voor andere log-ins?[/quote:a71e7d8936]

    Hallo Abraham,

    Ik heb in totaal 3 accounts, werk inderdaad al lang met hetzelfde wachtwoord, wat ik intussen wel gewijzigd heb. Dat oude wachtwoord gebruik ik ook voor andere logins.

    Groeten
    Rob
    Anoniem
    Anoniem
  • Foute boel dus!

    Juist daardoor maak je het anderen wel bijzonder makkelijk om er achter te komen wat jij gebruikt.

    Bovendien zal je te makkelijk onthouden wachtwoorden gebruiken en ook dat is uit den boze.
    Vermoedelijk ook dat logins automatisch gebeuren vanuit de cookiecache.
    Ook dat is foute boel, want de cookiecache kan heel makkelijk door derden worden nagekeken en dan kan het gebeuren wat jiu is gebeurd: dat je spam gaat verzenden.

    Ik beschik over twee mailaccounts en onnoemelijk veel logins.
    Gemiddelde wachtwoordlengte bij mij is 14 tekens.
    Elk wachtwoord bij mij is anders en dat alles wordt mij ook heel makkelijk gemaakt, omdat ik LastPass gebruik als wachtwoordmanager.

    Dus onderzoek LastPass maar en verbeter je wachtwoordleven.
    Anoniem
    Anoniem
  • Hoi Rob, volgens mij heb jij je antwoord in een verkeerd topic gepost.

    Is het met LastPass al gelukt?

    En jij mag het volgende doen: [b:c3e29829fa]de ESET online scan (Klik).[/b:c3e29829fa]
    [list:c3e29829fa]
    [*:c3e29829fa]Klik op de knop [b:c3e29829fa]ESET Online Scanner[/b:c3e29829fa]
    [*:c3e29829fa]Zet een vinkje bij [b:c3e29829fa]YES, I accept the Terms of Use[/b:c3e29829fa]
    [*:c3e29829fa]Klik op [b:c3e29829fa]Start[/b:c3e29829fa]
    [*:c3e29829fa]Sta het ActiveX control toe om te installeren.
    [*:c3e29829fa]Zet een vinkje bij de volgende opties:
    [list:c3e29829fa][*:c3e29829fa][b:c3e29829fa]Remove found threats[/b:c3e29829fa]
    [*:c3e29829fa][b:c3e29829fa]Scan archives[/b:c3e29829fa][/list:u:c3e29829fa]
    [*:c3e29829fa]Klik vervolgens op [b:c3e29829fa]
    Anoniem
    Anoniem
  • Inderdaad Abraham, ik zat verkeerd. Heb het al gewijzigd met het verzoek om het bericht te verwijderen.

    LastPass zojuist gedownload en ga het zo meteen installeren. Als ik het goed begrijp, zou ik voor Opera een andere versie moeten installeren?

    'k Zal eerst de ESET scan uitvoeren.

    Groeten
    Rob
    Anoniem
    Anoniem
  • Hoi Rob, ik heb je bericht gelezen.
    Een schone installatie zal mogelijk niet het gewenste resultaat geven!
    Anoniem
    Anoniem
  • [quote:8f43954421="Abraham54"]Hoi Rob, ik heb je bericht gelezen.
    Een schone installatie zal mogelijk niet het gewenste resultaat geven![/quote:8f43954421]

    Zit het probleem dan toch bij mij als dat niet helpt?
    En hoe kan ik of mijn pc spam versturen als de pc niet aanstaat?

    Groeten
    Rob
    Anoniem
    Anoniem
  • Vertel, wie is jouw e-mailprovider?
    Anoniem
    Anoniem
  • [quote:5e40630cdc="Abraham54"]Vertel, wie is jouw e-mailprovider?[/quote:5e40630cdc]

    Ziggo is mijn provider.
    Anoniem
    Anoniem
  • Oké.

    Is LastPass al funktioneel?


    [b:5782aae7eb]Welk programma[/b:5782aae7eb]: Malwarebytes MBAM
    [b:5782aae7eb]Waarvoor/waarom[/b:5782aae7eb]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:5782aae7eb]Moeilijkheidsgraad[/b:5782aae7eb]: geen.

    [b:5782aae7eb]Download Malwarebytes MBAM via één van deze locaties[/b:5782aae7eb]:
    [list:5782aae7eb][*:5782aae7eb][b:5782aae7eb]Softpedia.com[/b:5782aae7eb][*:5782aae7eb][b:5782aae7eb]Majorgeeks.com[/b:5782aae7eb][/list:u:5782aae7eb]
    [b:5782aae7eb]Allereerst[/b:5782aae7eb]:[list:5782aae7eb][*:5782aae7eb] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:5782aae7eb] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:5782aae7eb]
    [b:5782aae7eb]Malwarebytes MBAM opstarten[/b:5782aae7eb]:
    [list:5782aae7eb][*:5782aae7eb] [b:5782aae7eb]
    Anoniem
    Anoniem
  • Hallo Abraham,

    intussen is me iets anders opgevallen: met het emailprogramma in de Opera browser kan ik wel mail verzenden, maar met Mozilla niet.

    Het probleem zit waarschijnlijk in Mozilla Thunderbird, want met Windows Mail kan ik wel verzenden.

    de log van MBAM:

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.02.17.02

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rob Broers :: PC_VAN_ROBBROER [administrator]

    Realtime bescherming: Uitgeschakeld

    17-2-2012 18:24:41
    mbam-log-2012-02-17 (18-24-41).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 199469
    Verstreken tijd: 3 minuut/minuten, 49 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!