Het is nu vr jul 25, 2014 1:18 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 14 berichten ] 
Auteur Bericht
 Berichttitel: Politievirus
BerichtGeplaatst: zo jul 29, 2012 3:51 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
Computer was al een tijdje trager, gisteren is er een 100 euro Ukash politievirus overeengekomen.

Computer afgesloten
Opgestart in veilige modus
Mbam gedraaid (zie info onderstaand
Hitman pro gedraaid (geen bedreiging)
AVG gedraaid (geen bedreiging)
Met systeemherstel teruggezet naar oudere status

Momenteel draait alles ogenschijnlijk goed, maar ik heb toch het vermoeden dat er iets is achtergebelven van deze, of oudere, virus(sen).

Ik zou hulp erg op prijs stellen,

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Hans at 21:20:47 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1642 [GMT 2:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HijackThis\hijackthis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpagina.nl/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn. ... =476554152
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uWindows: Load=C:\Users\Hans\AppData\Local\Temp\{55569~1.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIM~1.LNK - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C776337-388B-49DB-8406-5A669439EA8C} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: ezsecshield.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: hpwucli.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: onplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFCB3198-32F3-4E8B-9539-4324694ED664}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [QPService REG_SZ "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" ]
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ]
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [(standaard)]
mRun-x64: [WirelessAssistant REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ]
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IFEO-X64: ezsecshield.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: hpwucli.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: onplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-16 308136]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-28 655944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WFMC_VAD;WFMCVAD (WDM);C:\Windows\system32\DRIVERS\wfmcvad.sys --> C:\Windows\system32\DRIVERS\wfmcvad.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-25 89600]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-9-2 227896]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-28 19:19:14 -------- d-----w- C:\Program Files (x86)\DDS
2012-07-28 18:05:00 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-07-28 17:51:01 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2012-07-28 17:48:03 -------- d-----w- C:\Program Files (x86)\Adblock
2012-07-28 14:03:48 -------- d-----w- C:\ProgramData\pneodcjunkhwnyy
2012-07-23 17:33:06 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-23 17:33:04 -------- d-----w- C:\Program Files (x86)\Vuze_Remote
2012-07-23 17:20:16 -------- d-----w- C:\Users\Hans\AppData\Roaming\Convivea
2012-07-13 10:34:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 19:43:07 -------- d-----w- C:\Users\Hans\AppData\Local\{067D1C10-1C28-4604-8C72-BCCA3FB346E5}
.
==================== Find3M ====================
.
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 21:21:38,73 ===============
Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
http://www.malwarebytes.org

Databaseversie: v2012.07.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Hans :: HANS-PC [administrator]

Realtime bescherming: Ingeschakeld

28-7-2012 20:14:16
mbam-log-2012-07-28 (20-14-16).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 213222
Verstreken tijd: 4 minuut/minuten, 34 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 3
C:\Users\Hans\AppData\Roaming\usernt.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Hans\Desktop\.url (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Hans\0.23731112784028086.exe (Exploit.Drop.UR.2) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: zo jul 29, 2012 8:59 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Hoe gaat het op het moment ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: zo jul 29, 2012 10:25 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
Computer is traag.
Explorer werkt regelmatig niet
in Outlook is een ernstige fout ontstaan toen de invoegtoepassing C:proga-2\AVG\ASVG9\ACGFXCh32.dll de laatste keer werd geopend.
Er lijkt nog een probleem te bestaan


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: ma jul 30, 2012 7:05 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download TDSSKiller en plaats het op je bureaublad.
  • Pak de bestanden in tdsskiller.zip uit.
  • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
  • Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
  • Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
    Afbeelding
  • Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
  • Start nu TDSSkiller opnieuw.
  • Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
    Afbeelding
  • Klik op de knop "Start Scan" en volg de instructies.
  • Wanneer de scan klaar is klik je op de knop "Report".
  • Selecteer de inhoud (log) en plaats deze in uw volgende bericht.
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt



De unsigned files skip je, TDSS File System laat je verwijderen of in quarantaine zetten, delete of copy to quarantine

Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: ma jul 30, 2012 9:25 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
LightScribeService ( UnsignedFile.Multi.Generic ) - skipped



21:09:20.0716 3612 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:09:21.0480 3612 ============================================================
21:09:21.0480 3612 Current date / time: 2012/07/30 21:09:21.0480
21:09:21.0480 3612 SystemInfo:
21:09:21.0480 3612
21:09:21.0480 3612 OS Version: 6.1.7601 ServicePack: 1.0
21:09:21.0480 3612 Product type: Workstation
21:09:21.0480 3612 ComputerName: HANS-PC
21:09:21.0480 3612 UserName: Hans
21:09:21.0480 3612 Windows directory: C:\Windows
21:09:21.0480 3612 System windows directory: C:\Windows
21:09:21.0480 3612 Running under WOW64
21:09:21.0480 3612 Processor architecture: Intel x64
21:09:21.0480 3612 Number of processors: 2
21:09:21.0480 3612 Page size: 0x1000
21:09:21.0480 3612 Boot type: Normal boot
21:09:21.0480 3612 ============================================================
21:09:22.0666 3612 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:22.0666 3612 ============================================================
21:09:22.0666 3612 \Device\Harddisk0\DR0:
21:09:22.0666 3612 MBR partitions:
21:09:22.0666 3612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:09:22.0666 3612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A7C000
21:09:22.0666 3612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23AE0000, BlocksNum 0x194E000
21:09:22.0666 3612 ============================================================
21:09:22.0697 3612 C: <-> \Device\Harddisk0\DR0\Partition1
21:09:22.0760 3612 D: <-> \Device\Harddisk0\DR0\Partition2
21:09:22.0760 3612 ============================================================
21:09:22.0760 3612 Initialize success
21:09:22.0760 3612 ============================================================
21:10:46.0095 3168 ============================================================
21:10:46.0095 3168 Scan started
21:10:46.0095 3168 Mode: Manual; SigCheck; TDLFS;
21:10:46.0095 3168 ============================================================
21:10:47.0078 3168 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:10:47.0187 3168 1394ohci - ok
21:10:47.0296 3168 A2DDA - ok
21:10:47.0343 3168 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:10:47.0390 3168 ACPI - ok
21:10:47.0436 3168 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:10:47.0546 3168 AcpiPmi - ok
21:10:47.0624 3168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:47.0670 3168 adp94xx - ok
21:10:47.0702 3168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:10:47.0733 3168 adpahci - ok
21:10:47.0764 3168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:10:47.0780 3168 adpu320 - ok
21:10:47.0811 3168 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:10:47.0936 3168 AeLookupSvc - ok
21:10:48.0029 3168 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
21:10:48.0092 3168 AESTFilters - ok
21:10:48.0154 3168 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:10:48.0263 3168 AFD - ok
21:10:48.0357 3168 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
21:10:48.0450 3168 AgereSoftModem - ok
21:10:48.0482 3168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:10:48.0497 3168 agp440 - ok
21:10:48.0544 3168 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:10:48.0591 3168 ALG - ok
21:10:48.0638 3168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:10:48.0653 3168 aliide - ok
21:10:48.0669 3168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:10:48.0684 3168 amdide - ok
21:10:48.0716 3168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:10:48.0762 3168 AmdK8 - ok
21:10:48.0794 3168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:10:48.0825 3168 AmdPPM - ok
21:10:48.0856 3168 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:10:48.0872 3168 amdsata - ok
21:10:48.0918 3168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:48.0934 3168 amdsbs - ok
21:10:48.0950 3168 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:10:48.0965 3168 amdxata - ok
21:10:49.0012 3168 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:10:49.0199 3168 AppID - ok
21:10:49.0230 3168 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:10:49.0293 3168 AppIDSvc - ok
21:10:49.0355 3168 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:10:49.0418 3168 Appinfo - ok
21:10:49.0542 3168 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:49.0558 3168 Apple Mobile Device - ok
21:10:49.0605 3168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:10:49.0621 3168 arc - ok
21:10:49.0652 3168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:10:49.0667 3168 arcsas - ok
21:10:49.0699 3168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:49.0761 3168 AsyncMac - ok
21:10:49.0792 3168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:10:49.0808 3168 atapi - ok
21:10:49.0901 3168 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
21:10:49.0995 3168 athr - ok
21:10:50.0120 3168 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:10:50.0213 3168 AudioEndpointBuilder - ok
21:10:50.0229 3168 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:10:50.0276 3168 AudioSrv - ok
21:10:50.0401 3168 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
21:10:50.0416 3168 avg9wd - ok
21:10:50.0510 3168 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
21:10:50.0525 3168 AvgLdx64 - ok
21:10:50.0572 3168 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
21:10:50.0572 3168 AvgMfx64 - ok
21:10:50.0619 3168 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
21:10:50.0635 3168 AvgRkx64 - ok
21:10:50.0666 3168 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
21:10:50.0681 3168 AvgTdiA - ok
21:10:50.0728 3168 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:10:50.0822 3168 AxInstSV - ok
21:10:50.0869 3168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:10:50.0962 3168 b06bdrv - ok
21:10:51.0009 3168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:51.0056 3168 b57nd60a - ok
21:10:51.0196 3168 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:10:51.0212 3168 BBSvc - ok
21:10:51.0259 3168 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:10:51.0305 3168 BDESVC - ok
21:10:51.0337 3168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:10:51.0399 3168 Beep - ok
21:10:51.0493 3168 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:10:51.0571 3168 BFE - ok
21:10:51.0633 3168 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:10:51.0742 3168 BITS - ok
21:10:51.0805 3168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:51.0851 3168 blbdrive - ok
21:10:52.0101 3168 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:10:52.0117 3168 Bonjour Service - ok
21:10:52.0179 3168 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:10:52.0226 3168 bowser - ok
21:10:52.0257 3168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:52.0335 3168 BrFiltLo - ok
21:10:52.0351 3168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:52.0366 3168 BrFiltUp - ok
21:10:52.0397 3168 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:10:52.0475 3168 Browser - ok
21:10:52.0507 3168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:10:52.0553 3168 Brserid - ok
21:10:52.0585 3168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:52.0631 3168 BrSerWdm - ok
21:10:52.0678 3168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:52.0709 3168 BrUsbMdm - ok
21:10:52.0741 3168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:52.0772 3168 BrUsbSer - ok
21:10:52.0803 3168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:52.0834 3168 BTHMODEM - ok
21:10:52.0881 3168 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:10:52.0943 3168 bthserv - ok
21:10:52.0975 3168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:10:53.0037 3168 cdfs - ok
21:10:53.0084 3168 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:10:53.0131 3168 cdrom - ok
21:10:53.0177 3168 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:10:53.0224 3168 CertPropSvc - ok
21:10:53.0271 3168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:10:53.0302 3168 circlass - ok
21:10:53.0333 3168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:10:53.0365 3168 CLFS - ok
21:10:53.0443 3168 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:53.0458 3168 clr_optimization_v2.0.50727_32 - ok
21:10:53.0505 3168 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:53.0521 3168 clr_optimization_v2.0.50727_64 - ok
21:10:53.0599 3168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:53.0614 3168 clr_optimization_v4.0.30319_32 - ok
21:10:53.0677 3168 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:53.0692 3168 clr_optimization_v4.0.30319_64 - ok
21:10:53.0723 3168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:53.0739 3168 CmBatt - ok
21:10:53.0770 3168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:10:53.0770 3168 cmdide - ok
21:10:53.0833 3168 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:10:53.0879 3168 CNG - ok
21:10:53.0989 3168 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:10:54.0004 3168 Com4QLBEx - ok
21:10:54.0035 3168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:10:54.0051 3168 Compbatt - ok
21:10:54.0082 3168 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:10:54.0129 3168 CompositeBus - ok
21:10:54.0145 3168 COMSysApp - ok
21:10:54.0160 3168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:54.0176 3168 crcdisk - ok
21:10:54.0223 3168 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:10:54.0285 3168 CryptSvc - ok
21:10:54.0332 3168 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:10:54.0425 3168 DcomLaunch - ok
21:10:54.0472 3168 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:10:54.0550 3168 defragsvc - ok
21:10:54.0581 3168 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:10:54.0644 3168 DfsC - ok
21:10:54.0722 3168 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
21:10:54.0737 3168 dg_ssudbus - ok
21:10:54.0800 3168 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:10:54.0878 3168 Dhcp - ok
21:10:54.0909 3168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:10:54.0971 3168 discache - ok
21:10:55.0018 3168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:10:55.0034 3168 Disk - ok
21:10:55.0065 3168 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:10:55.0112 3168 Dnscache - ok
21:10:55.0159 3168 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:10:55.0221 3168 dot3svc - ok
21:10:55.0268 3168 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:10:55.0330 3168 DPS - ok
21:10:55.0377 3168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:10:55.0424 3168 drmkaud - ok
21:10:55.0517 3168 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:10:55.0549 3168 DXGKrnl - ok
21:10:55.0595 3168 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:10:55.0658 3168 EapHost - ok
21:10:55.0814 3168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:10:55.0939 3168 ebdrv - ok
21:10:56.0048 3168 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:10:56.0110 3168 EFS - ok
21:10:56.0204 3168 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:10:56.0282 3168 ehRecvr - ok
21:10:56.0344 3168 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:10:56.0375 3168 ehSched - ok
21:10:56.0438 3168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:10:56.0485 3168 elxstor - ok
21:10:56.0516 3168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:10:56.0547 3168 ErrDev - ok
21:10:56.0609 3168 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:10:56.0687 3168 EventSystem - ok
21:10:56.0734 3168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:10:56.0781 3168 exfat - ok
21:10:56.0812 3168 ezSharedSvc - ok
21:10:56.0828 3168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:10:56.0906 3168 fastfat - ok
21:10:56.0984 3168 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:10:57.0062 3168 Fax - ok
21:10:57.0124 3168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:10:57.0155 3168 fdc - ok
21:10:57.0171 3168 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:10:57.0233 3168 fdPHost - ok
21:10:57.0265 3168 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:10:57.0311 3168 FDResPub - ok
21:10:57.0343 3168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:10:57.0358 3168 FileInfo - ok
21:10:57.0374 3168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:10:57.0436 3168 Filetrace - ok
21:10:57.0467 3168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:57.0499 3168 flpydisk - ok
21:10:57.0561 3168 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:10:57.0577 3168 FltMgr - ok
21:10:57.0655 3168 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:10:57.0733 3168 FontCache - ok
21:10:57.0795 3168 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:57.0811 3168 FontCache3.0.0.0 - ok
21:10:57.0857 3168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:10:57.0873 3168 FsDepends - ok
21:10:57.0920 3168 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
21:10:57.0935 3168 fssfltr - ok
21:10:58.0076 3168 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:10:58.0138 3168 fsssvc - ok
21:10:58.0247 3168 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:10:58.0263 3168 Fs_Rec - ok
21:10:58.0294 3168 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:10:58.0325 3168 fvevol - ok
21:10:58.0357 3168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:10:58.0372 3168 gagp30kx - ok
21:10:58.0403 3168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:58.0403 3168 GEARAspiWDM - ok
21:10:58.0466 3168 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:10:58.0559 3168 gpsvc - ok
21:10:58.0669 3168 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:58.0684 3168 gusvc - ok
21:10:58.0715 3168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:10:58.0747 3168 hcw85cir - ok
21:10:58.0809 3168 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:10:58.0856 3168 HdAudAddService - ok
21:10:58.0887 3168 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:10:58.0903 3168 HDAudBus - ok
21:10:58.0918 3168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:10:58.0949 3168 HidBatt - ok
21:10:58.0981 3168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:10:59.0012 3168 HidBth - ok
21:10:59.0043 3168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:10:59.0074 3168 HidIr - ok
21:10:59.0105 3168 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:10:59.0168 3168 hidserv - ok
21:10:59.0215 3168 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:10:59.0230 3168 HidUsb - ok
21:10:59.0277 3168 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:10:59.0339 3168 hkmsvc - ok
21:10:59.0386 3168 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:10:59.0433 3168 HomeGroupListener - ok
21:10:59.0449 3168 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:10:59.0495 3168 HomeGroupProvider - ok
21:10:59.0605 3168 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:10:59.0620 3168 HP Support Assistant Service - ok
21:10:59.0667 3168 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:10:59.0683 3168 HPDrvMntSvc.exe - ok
21:10:59.0714 3168 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:10:59.0761 3168 HpqKbFiltr - ok
21:10:59.0839 3168 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:10:59.0870 3168 hpqwmiex - ok
21:10:59.0901 3168 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:10:59.0917 3168 HpSAMD - ok
21:10:59.0979 3168 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:11:00.0073 3168 HTTP - ok
21:11:00.0104 3168 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:11:00.0119 3168 hwpolicy - ok
21:11:00.0151 3168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:11:00.0166 3168 i8042prt - ok
21:11:00.0229 3168 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:11:00.0260 3168 iaStorV - ok
21:11:00.0369 3168 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:11:00.0416 3168 idsvc - ok
21:11:00.0946 3168 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:01.0289 3168 igfx - ok
21:11:01.0414 3168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:01.0430 3168 iirsp - ok
21:11:01.0492 3168 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:11:01.0586 3168 IKEEXT - ok
21:11:01.0633 3168 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
21:11:01.0664 3168 IntcHdmiAddService - ok
21:11:01.0757 3168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:11:01.0773 3168 intelide - ok
21:11:01.0867 3168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:01.0898 3168 intelppm - ok
21:11:01.0929 3168 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:11:02.0007 3168 IPBusEnum - ok
21:11:02.0038 3168 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:02.0085 3168 IpFilterDriver - ok
21:11:02.0147 3168 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:11:02.0225 3168 iphlpsvc - ok
21:11:02.0257 3168 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:02.0288 3168 IPMIDRV - ok
21:11:02.0335 3168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:11:02.0397 3168 IPNAT - ok
21:11:02.0491 3168 iPod Service (9b812a3484d89eb934982d67fb7d9313) C:\Program Files\iPod\bin\iPodService.exe
21:11:02.0537 3168 iPod Service - ok
21:11:02.0569 3168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:11:02.0647 3168 IRENUM - ok
21:11:02.0662 3168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:11:02.0678 3168 isapnp - ok
21:11:02.0709 3168 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:11:02.0725 3168 iScsiPrt - ok
21:11:02.0740 3168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:11:02.0756 3168 kbdclass - ok
21:11:02.0787 3168 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:11:02.0818 3168 kbdhid - ok
21:11:02.0849 3168 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:02.0865 3168 KeyIso - ok
21:11:02.0896 3168 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:11:02.0912 3168 KSecDD - ok
21:11:02.0943 3168 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:02.0959 3168 KSecPkg - ok
21:11:02.0990 3168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:11:03.0052 3168 ksthunk - ok
21:11:03.0083 3168 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:11:03.0161 3168 KtmRm - ok
21:11:03.0224 3168 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:11:03.0286 3168 LanmanServer - ok
21:11:03.0333 3168 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:11:03.0395 3168 LanmanWorkstation - ok
21:11:03.0505 3168 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:11:03.0520 3168 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:11:03.0520 3168 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:11:03.0567 3168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:03.0629 3168 lltdio - ok
21:11:03.0676 3168 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:11:03.0739 3168 lltdsvc - ok
21:11:03.0770 3168 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:11:03.0817 3168 lmhosts - ok
21:11:03.0863 3168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:03.0879 3168 LSI_FC - ok
21:11:03.0910 3168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:03.0926 3168 LSI_SAS - ok
21:11:03.0941 3168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:03.0973 3168 LSI_SAS2 - ok
21:11:04.0004 3168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:04.0019 3168 LSI_SCSI - ok
21:11:04.0051 3168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:11:04.0097 3168 luafv - ok
21:11:04.0144 3168 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:11:04.0160 3168 MBAMProtector - ok
21:11:04.0253 3168 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
21:11:04.0300 3168 MBAMService - ok
21:11:04.0347 3168 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:11:04.0378 3168 Mcx2Svc - ok
21:11:04.0425 3168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:11:04.0441 3168 megasas - ok
21:11:04.0472 3168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:04.0487 3168 MegaSR - ok
21:11:04.0519 3168 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:11:04.0597 3168 MMCSS - ok
21:11:04.0612 3168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:11:04.0675 3168 Modem - ok
21:11:04.0690 3168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:11:04.0737 3168 monitor - ok
21:11:04.0768 3168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:11:04.0784 3168 mouclass - ok
21:11:04.0815 3168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:04.0846 3168 mouhid - ok
21:11:04.0893 3168 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:11:04.0909 3168 mountmgr - ok
21:11:04.0940 3168 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:11:04.0955 3168 mpio - ok
21:11:04.0987 3168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:11:05.0049 3168 mpsdrv - ok
21:11:05.0096 3168 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:11:05.0189 3168 MpsSvc - ok
21:11:05.0221 3168 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:11:05.0252 3168 MRxDAV - ok
21:11:05.0283 3168 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:05.0330 3168 mrxsmb - ok
21:11:05.0377 3168 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:05.0408 3168 mrxsmb10 - ok
21:11:05.0423 3168 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:05.0455 3168 mrxsmb20 - ok
21:11:05.0501 3168 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:11:05.0517 3168 msahci - ok
21:11:05.0548 3168 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:11:05.0564 3168 msdsm - ok
21:11:05.0595 3168 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:11:05.0611 3168 MSDTC - ok
21:11:05.0642 3168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:11:05.0689 3168 Msfs - ok
21:11:05.0704 3168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:05.0767 3168 mshidkmdf - ok
21:11:05.0782 3168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:11:05.0798 3168 msisadrv - ok
21:11:05.0845 3168 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:11:05.0891 3168 MSiSCSI - ok
21:11:05.0891 3168 msiserver - ok
21:11:06.0016 3168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:06.0079 3168 MSKSSRV - ok
21:11:06.0094 3168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:06.0157 3168 MSPCLOCK - ok
21:11:06.0188 3168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:11:06.0235 3168 MSPQM - ok
21:11:06.0281 3168 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:11:06.0313 3168 MsRPC - ok
21:11:06.0344 3168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:11:06.0359 3168 mssmbios - ok
21:11:06.0406 3168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:11:06.0453 3168 MSTEE - ok
21:11:06.0484 3168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:06.0500 3168 MTConfig - ok
21:11:06.0531 3168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:11:06.0547 3168 Mup - ok
21:11:06.0593 3168 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:11:06.0671 3168 napagent - ok
21:11:06.0921 3168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:06.0983 3168 NativeWifiP - ok
21:11:07.0046 3168 NAVENG - ok
21:11:07.0046 3168 NAVEX15 - ok
21:11:07.0124 3168 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:11:07.0171 3168 NDIS - ok
21:11:07.0217 3168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:07.0280 3168 NdisCap - ok
21:11:07.0295 3168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:07.0358 3168 NdisTapi - ok
21:11:07.0389 3168 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:07.0451 3168 Ndisuio - ok
21:11:07.0483 3168 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:07.0545 3168 NdisWan - ok
21:11:07.0576 3168 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:11:07.0623 3168 NDProxy - ok
21:11:07.0670 3168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:11:07.0717 3168 NetBIOS - ok
21:11:07.0763 3168 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:11:07.0810 3168 NetBT - ok
21:11:07.0841 3168 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:07.0857 3168 Netlogon - ok
21:11:07.0904 3168 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:11:07.0982 3168 Netman - ok
21:11:08.0013 3168 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:11:08.0107 3168 netprofm - ok
21:11:08.0169 3168 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:08.0185 3168 NetTcpPortSharing - ok
21:11:08.0450 3168 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:11:08.0637 3168 netw5v64 - ok
21:11:08.0746 3168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:08.0762 3168 nfrd960 - ok
21:11:08.0809 3168 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:11:08.0871 3168 NlaSvc - ok
21:11:08.0902 3168 Norton Internet Security - ok
21:11:08.0949 3168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:11:08.0996 3168 Npfs - ok
21:11:09.0011 3168 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:11:09.0074 3168 nsi - ok
21:11:09.0105 3168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:11:09.0136 3168 nsiproxy - ok
21:11:09.0245 3168 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:11:09.0323 3168 Ntfs - ok
21:11:09.0433 3168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:11:09.0495 3168 Null - ok
21:11:09.0542 3168 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:11:09.0557 3168 nvraid - ok
21:11:09.0573 3168 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:11:09.0589 3168 nvstor - ok
21:11:09.0620 3168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:11:09.0635 3168 nv_agp - ok
21:11:09.0760 3168 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:09.0791 3168 odserv - ok
21:11:09.0807 3168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:11:09.0838 3168 ohci1394 - ok
21:11:09.0885 3168 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:09.0901 3168 ose - ok
21:11:09.0947 3168 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:11:09.0994 3168 p2pimsvc - ok
21:11:10.0041 3168 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:11:10.0072 3168 p2psvc - ok
21:11:10.0103 3168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:11:10.0135 3168 Parport - ok
21:11:10.0166 3168 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:11:10.0181 3168 partmgr - ok
21:11:10.0213 3168 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:11:10.0244 3168 PcaSvc - ok
21:11:10.0275 3168 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:11:10.0306 3168 pci - ok
21:11:10.0322 3168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:11:10.0337 3168 pciide - ok
21:11:10.0384 3168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:10.0400 3168 pcmcia - ok
21:11:10.0431 3168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:11:10.0447 3168 pcw - ok
21:11:10.0493 3168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:11:10.0556 3168 PEAUTH - ok
21:11:10.0618 3168 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:11:10.0649 3168 PerfHost - ok
21:11:10.0759 3168 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:11:10.0852 3168 pla - ok
21:11:10.0993 3168 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:11:11.0055 3168 PlugPlay - ok
21:11:11.0086 3168 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:11:11.0117 3168 PNRPAutoReg - ok
21:11:11.0149 3168 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:11:11.0180 3168 PNRPsvc - ok
21:11:11.0227 3168 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:11:11.0305 3168 PolicyAgent - ok
21:11:11.0336 3168 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:11:11.0398 3168 Power - ok
21:11:11.0476 3168 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:11.0523 3168 PptpMiniport - ok
21:11:11.0570 3168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:11:11.0601 3168 Processor - ok
21:11:11.0648 3168 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:11:11.0679 3168 ProfSvc - ok
21:11:11.0710 3168 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:11.0726 3168 ProtectedStorage - ok
21:11:11.0773 3168 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:11:11.0819 3168 Psched - ok
21:11:11.0960 3168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:12.0022 3168 ql2300 - ok
21:11:12.0116 3168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:12.0131 3168 ql40xx - ok
21:11:12.0178 3168 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:11:12.0209 3168 QWAVE - ok
21:11:12.0241 3168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:11:12.0256 3168 QWAVEdrv - ok
21:11:12.0272 3168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:12.0334 3168 RasAcd - ok
21:11:12.0381 3168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:12.0428 3168 RasAgileVpn - ok
21:11:12.0459 3168 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:11:12.0521 3168 RasAuto - ok
21:11:12.0553 3168 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:12.0615 3168 Rasl2tp - ok
21:11:12.0662 3168 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:11:12.0740 3168 RasMan - ok
21:11:12.0833 3168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:12.0896 3168 RasPppoe - ok
21:11:12.0927 3168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:12.0989 3168 RasSstp - ok
21:11:13.0036 3168 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:13.0083 3168 rdbss - ok
21:11:13.0099 3168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:13.0145 3168 rdpbus - ok
21:11:13.0177 3168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:13.0223 3168 RDPCDD - ok
21:11:13.0255 3168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:11:13.0317 3168 RDPENCDD - ok
21:11:13.0348 3168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:11:13.0395 3168 RDPREFMP - ok
21:11:13.0426 3168 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:11:13.0457 3168 RDPWD - ok
21:11:13.0520 3168 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:11:13.0535 3168 rdyboost - ok
21:11:13.0567 3168 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:11:13.0629 3168 RemoteAccess - ok
21:11:13.0676 3168 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:11:13.0738 3168 RemoteRegistry - ok
21:11:13.0785 3168 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
21:11:13.0785 3168 Revoflt - ok
21:11:13.0832 3168 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:11:13.0894 3168 RpcEptMapper - ok
21:11:13.0910 3168 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:11:13.0925 3168 RpcLocator - ok
21:11:13.0988 3168 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:11:14.0035 3168 RpcSs - ok
21:11:14.0066 3168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:14.0128 3168 rspndr - ok
21:11:14.0175 3168 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
21:11:14.0206 3168 RSUSBSTOR - ok
21:11:14.0253 3168 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:11:14.0300 3168 RTL8167 - ok
21:11:14.0300 3168 RtsUIR - ok
21:11:14.0331 3168 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:14.0347 3168 SamSs - ok
21:11:14.0393 3168 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:11:14.0409 3168 sbp2port - ok
21:11:14.0440 3168 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:11:14.0487 3168 SCardSvr - ok
21:11:14.0503 3168 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:14.0565 3168 scfilter - ok
21:11:14.0643 3168 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:11:14.0752 3168 Schedule - ok
21:11:14.0768 3168 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:11:14.0815 3168 SCPolicySvc - ok
21:11:14.0893 3168 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:11:14.0924 3168 sdbus - ok
21:11:14.0955 3168 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:11:14.0986 3168 SDRSVC - ok
21:11:15.0111 3168 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:11:15.0127 3168 SeaPort - ok
21:11:15.0158 3168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:11:15.0220 3168 secdrv - ok
21:11:15.0267 3168 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:11:15.0314 3168 seclogon - ok
21:11:15.0345 3168 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:11:15.0392 3168 SENS - ok
21:11:15.0439 3168 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:11:15.0485 3168 SensrSvc - ok
21:11:15.0501 3168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:11:15.0517 3168 Serenum - ok
21:11:15.0548 3168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:11:15.0563 3168 Serial - ok
21:11:15.0595 3168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:15.0626 3168 sermouse - ok
21:11:15.0673 3168 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:11:15.0735 3168 SessionEnv - ok
21:11:15.0766 3168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:11:15.0797 3168 sffdisk - ok
21:11:15.0829 3168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:15.0860 3168 sffp_mmc - ok
21:11:15.0891 3168 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:11:15.0922 3168 sffp_sd - ok
21:11:15.0953 3168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:15.0985 3168 sfloppy - ok
21:11:16.0031 3168 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:11:16.0109 3168 SharedAccess - ok
21:11:16.0156 3168 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:11:16.0234 3168 ShellHWDetection - ok
21:11:16.0281 3168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:16.0297 3168 SiSRaid2 - ok
21:11:16.0328 3168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:16.0359 3168 SiSRaid4 - ok
21:11:16.0468 3168 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:11:16.0484 3168 SkypeUpdate - ok
21:11:16.0515 3168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:11:16.0577 3168 Smb - ok
21:11:16.0624 3168 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:11:16.0655 3168 SNMPTRAP - ok
21:11:16.0687 3168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:11:16.0702 3168 spldr - ok
21:11:16.0749 3168 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:11:16.0811 3168 Spooler - ok
21:11:16.0983 3168 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:11:17.0155 3168 sppsvc - ok
21:11:17.0248 3168 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:11:17.0311 3168 sppuinotify - ok
21:11:17.0389 3168 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS
21:11:17.0420 3168 SRTSP - ok
21:11:17.0435 3168 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS
21:11:17.0451 3168 SRTSPX - ok
21:11:17.0498 3168 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:11:17.0560 3168 srv - ok
21:11:17.0607 3168 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:11:17.0654 3168 srv2 - ok
21:11:17.0701 3168 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:11:17.0716 3168 SrvHsfHDA - ok
21:11:17.0794 3168 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:11:17.0872 3168 SrvHsfV92 - ok
21:11:17.0997 3168 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:11:18.0059 3168 SrvHsfWinac - ok
21:11:18.0091 3168 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:18.0122 3168 srvnet - ok
21:11:18.0169 3168 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:11:18.0231 3168 SSDPSRV - ok
21:11:18.0262 3168 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:11:18.0309 3168 SstpSvc - ok
21:11:18.0356 3168 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:11:18.0387 3168 ssudmdm - ok
21:11:18.0481 3168 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
21:11:18.0512 3168 STacSV - ok
21:11:18.0543 3168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:11:18.0559 3168 stexstor - ok
21:11:18.0621 3168 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
21:11:18.0683 3168 STHDA - ok
21:11:18.0746 3168 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:11:18.0793 3168 stisvc - ok
21:11:18.0824 3168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:11:18.0839 3168 swenum - ok
21:11:18.0886 3168 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:11:18.0980 3168 swprv - ok
21:11:19.0058 3168 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:19.0089 3168 SynTP - ok
21:11:19.0183 3168 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:11:19.0276 3168 SysMain - ok
21:11:19.0370 3168 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:11:19.0401 3168 TabletInputService - ok
21:11:19.0432 3168 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:11:19.0510 3168 TapiSrv - ok
21:11:19.0526 3168 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:11:19.0573 3168 TBS - ok
21:11:19.0713 3168 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:11:19.0791 3168 Tcpip - ok
21:11:19.0994 3168 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:11:20.0041 3168 TCPIP6 - ok
21:11:20.0119 3168 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:11:20.0181 3168 tcpipreg - ok
21:11:20.0212 3168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:11:20.0243 3168 TDPIPE - ok
21:11:20.0275 3168 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:11:20.0290 3168 TDTCP - ok
21:11:20.0337 3168 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:11:20.0384 3168 tdx - ok
21:11:20.0415 3168 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:11:20.0431 3168 TermDD - ok
21:11:20.0462 3168 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:11:20.0555 3168 TermService - ok
21:11:20.0587 3168 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:11:20.0618 3168 Themes - ok
21:11:20.0649 3168 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:11:20.0696 3168 THREADORDER - ok
21:11:20.0711 3168 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:11:20.0758 3168 TrkWks - ok
21:11:20.0821 3168 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:11:20.0899 3168 TrustedInstaller - ok
21:11:20.0945 3168 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:20.0992 3168 tssecsrv - ok
21:11:21.0023 3168 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:11:21.0055 3168 TsUsbFlt - ok
21:11:21.0086 3168 TuneUp.Defrag - ok
21:11:21.0242 3168 TuneUp.UtilitiesSvc (dc0f2a0c445ef104bc240954d3a460c2) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
21:11:21.0289 3168 TuneUp.UtilitiesSvc - ok
21:11:21.0335 3168 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
21:11:21.0351 3168 TuneUpUtilitiesDrv - ok
21:11:21.0476 3168 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:11:21.0523 3168 tunnel - ok
21:11:21.0554 3168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:11:21.0569 3168 uagp35 - ok
21:11:21.0601 3168 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:11:21.0679 3168 udfs - ok
21:11:21.0725 3168 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:11:21.0741 3168 UI0Detect - ok
21:11:21.0772 3168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:11:21.0788 3168 uliagpkx - ok
21:11:21.0835 3168 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:11:21.0866 3168 umbus - ok
21:11:21.0913 3168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:11:21.0928 3168 UmPass - ok
21:11:21.0975 3168 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:11:22.0069 3168 upnphost - ok
21:11:22.0115 3168 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:11:22.0147 3168 USBAAPL64 - ok
21:11:22.0178 3168 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:22.0209 3168 usbccgp - ok
21:11:22.0209 3168 USBCCID - ok
21:11:22.0256 3168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:11:22.0287 3168 usbcir - ok
21:11:22.0318 3168 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:11:22.0334 3168 usbehci - ok
21:11:22.0381 3168 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:11:22.0427 3168 usbhub - ok
21:11:22.0459 3168 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:11:22.0490 3168 usbohci - ok
21:11:22.0521 3168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:11:22.0552 3168 usbprint - ok
21:11:22.0583 3168 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:11:22.0630 3168 USBSTOR - ok
21:11:22.0646 3168 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:11:22.0693 3168 usbuhci - ok
21:11:22.0708 3168 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:11:22.0755 3168 usbvideo - ok
21:11:22.0786 3168 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:11:22.0849 3168 UxSms - ok
21:11:22.0927 3168 UxTuneUp (04611bc8f101ef6bae519260ee4225d4) C:\Windows\System32\uxtuneup.dll
21:11:22.0942 3168 UxTuneUp - ok
21:11:22.0973 3168 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:22.0989 3168 VaultSvc - ok
21:11:23.0020 3168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:11:23.0036 3168 vdrvroot - ok
21:11:23.0114 3168 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:11:23.0176 3168 vds - ok
21:11:23.0207 3168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:23.0239 3168 vga - ok
21:11:23.0270 3168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:11:23.0332 3168 VgaSave - ok
21:11:23.0363 3168 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:11:23.0379 3168 vhdmp - ok
21:11:23.0410 3168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:11:23.0426 3168 viaide - ok
21:11:23.0441 3168 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:11:23.0457 3168 volmgr - ok
21:11:23.0504 3168 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:11:23.0535 3168 volmgrx - ok
21:11:23.0582 3168 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:11:23.0613 3168 volsnap - ok
21:11:23.0644 3168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:23.0675 3168 vsmraid - ok
21:11:23.0769 3168 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:11:23.0863 3168 VSS - ok
21:11:23.0987 3168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:11:24.0003 3168 vwifibus - ok
21:11:24.0034 3168 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:11:24.0065 3168 vwififlt - ok
21:11:24.0097 3168 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:11:24.0128 3168 vwifimp - ok
21:11:24.0159 3168 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:11:24.0237 3168 W32Time - ok
21:11:24.0268 3168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:11:24.0299 3168 WacomPen - ok
21:11:24.0362 3168 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:24.0424 3168 WANARP - ok
21:11:24.0424 3168 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:24.0471 3168 Wanarpv6 - ok
21:11:24.0549 3168 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:11:24.0611 3168 WatAdminSvc - ok
21:11:24.0705 3168 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:11:24.0799 3168 wbengine - ok
21:11:24.0923 3168 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:11:24.0955 3168 WbioSrvc - ok
21:11:25.0017 3168 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:11:25.0064 3168 wcncsvc - ok
21:11:25.0079 3168 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:11:25.0126 3168 WcsPlugInService - ok
21:11:25.0157 3168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:11:25.0173 3168 Wd - ok
21:11:25.0235 3168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:11:25.0282 3168 Wdf01000 - ok
21:11:25.0313 3168 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:11:25.0423 3168 WdiServiceHost - ok
21:11:25.0423 3168 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:11:25.0438 3168 WdiSystemHost - ok
21:11:25.0501 3168 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:11:25.0547 3168 WebClient - ok
21:11:25.0594 3168 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:11:25.0657 3168 Wecsvc - ok
21:11:25.0688 3168 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:11:25.0750 3168 wercplsupport - ok
21:11:25.0781 3168 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:11:25.0828 3168 WerSvc - ok
21:11:25.0875 3168 WFMC_VAD (c48ca80fdc6926a9fc2f520379bdb635) C:\Windows\system32\DRIVERS\wfmcvad.sys
21:11:25.0906 3168 WFMC_VAD - ok
21:11:25.0953 3168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:26.0000 3168 WfpLwf - ok
21:11:26.0015 3168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:11:26.0031 3168 WIMMount - ok
21:11:26.0062 3168 WinDefend - ok
21:11:26.0078 3168 WinHttpAutoProxySvc - ok
21:11:26.0140 3168 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:11:26.0187 3168 Winmgmt - ok
21:11:26.0296 3168 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:11:26.0405 3168 WinRM - ok
21:11:26.0546 3168 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:11:26.0577 3168 WinUsb - ok
21:11:26.0639 3168 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:11:26.0702 3168 Wlansvc - ok
21:11:26.0764 3168 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:11:26.0780 3168 wlcrasvc - ok
21:11:26.0936 3168 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:27.0014 3168 wlidsvc - ok
21:11:27.0123 3168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:11:27.0139 3168 WmiAcpi - ok
21:11:27.0217 3168 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:11:27.0263 3168 wmiApSrv - ok
21:11:27.0310 3168 WMPNetworkSvc - ok
21:11:27.0341 3168 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:11:27.0357 3168 WPCSvc - ok
21:11:27.0404 3168 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:11:27.0435 3168 WPDBusEnum - ok
21:11:27.0466 3168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:11:27.0513 3168 ws2ifsl - ok
21:11:27.0544 3168 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:11:27.0575 3168 wscsvc - ok
21:11:27.0591 3168 WSearch - ok
21:11:27.0731 3168 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:11:27.0841 3168 wuauserv - ok
21:11:27.0997 3168 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:11:28.0059 3168 WudfPf - ok
21:11:28.0121 3168 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:28.0168 3168 WUDFRd - ok
21:11:28.0199 3168 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:11:28.0246 3168 wudfsvc - ok
21:11:28.0277 3168 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:11:28.0324 3168 WwanSvc - ok
21:11:28.0387 3168 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:11:28.0433 3168 yukonw7 - ok
21:11:28.0449 3168 MBR (0x1B8) (8117ca59186cce8a730b89c7281a1321) \Device\Harddisk0\DR0
21:11:28.0823 3168 \Device\Harddisk0\DR0 - ok
21:11:28.0823 3168 Boot (0x1200) (69f82ce6df569a984bbe4c054480cfb2) \Device\Harddisk0\DR0\Partition0
21:11:28.0823 3168 \Device\Harddisk0\DR0\Partition0 - ok
21:11:28.0870 3168 Boot (0x1200) (aa6e8cee722cd1934f64758f6b675642) \Device\Harddisk0\DR0\Partition1
21:11:28.0870 3168 \Device\Harddisk0\DR0\Partition1 - ok
21:11:28.0901 3168 Boot (0x1200) (cc3af19726ea234cb63525c12cdd05e4) \Device\Harddisk0\DR0\Partition2
21:11:28.0901 3168 \Device\Harddisk0\DR0\Partition2 - ok
21:11:28.0901 3168 ============================================================
21:11:28.0901 3168 Scan finished
21:11:28.0901 3168 ============================================================
21:11:28.0917 3560 Detected object count: 1
21:11:28.0917 3560 Actual detected object count: 1
21:14:16.0992 3560 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:16.0992 3560 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:29.0406 0932 Deinitialize success


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: ma jul 30, 2012 9:29 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Prima, die tool kan je weer wegdoen.

Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.




Afbeelding

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: di jul 31, 2012 6:11 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
Resultaat door combofix verslechterd;
HitmanPro en AVG melden 12 sporen van traching cookies (zie onderstaand) Hitman merkt Combofix aan als malware
C;\Users\Hans\AppData\Roaming\MicrosoftWindows\Cookies\C1U3EDOD.txt Tracking cookie Revsci
C;\Users\Hans\AppData\Roaming\MicrosoftWindows\Cookies\6KUJZFGL.txt Tracking cookie Atdmt

Hoe zit dat ! Wie vormt nu de bedreiging ??

Log van Combofix

ComboFix 12-07-30.03 - Hans 31-07-2012 16:28:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1957 [GMT 2:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wfafshhzjxmxivg
c:\users\Hans\Desktop\Internet Explorer.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))
.
.
2012-07-31 14:36 . 2012-07-31 14:36 -------- d-----w- c:\users\Mcx1-HANS-PC\AppData\Local\temp
2012-07-31 14:36 . 2012-07-31 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 06:47 . 2012-07-30 06:47 -------- d-----w- c:\users\Hans\AppData\Roaming\AVG9
2012-07-29 14:51 . 2012-07-29 14:52 -------- d-----w- c:\program files (x86)\Emisoft Emergency kit
2012-07-28 19:19 . 2012-07-28 19:19 -------- d-----w- c:\program files (x86)\DDS
2012-07-28 17:51 . 2012-07-28 17:51 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-07-28 17:48 . 2012-07-28 17:50 -------- d-----w- c:\program files (x86)\Adblock
2012-07-28 14:03 . 2012-07-28 14:47 -------- d-----w- c:\programdata\pneodcjunkhwnyy
2012-07-23 17:33 . 2012-07-28 14:47 -------- d-----w- c:\program files (x86)\Conduit
2012-07-23 17:33 . 2012-07-28 14:47 -------- d-----w- c:\program files (x86)\Vuze_Remote
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\users\Hans\AppData\Roaming\Convivea
2012-07-13 10:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 10:31 . 2009-11-23 11:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2009-12-10 20:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 07:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 07:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-14 17:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 17:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 17:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-14 17:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 17:31 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:31 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-08-05 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2011-6-5 2345472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Hans\AppData\Local\Temp\Rar$EX00.424\Run\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-08-16 56008]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-08-16 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-16 308136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 24064]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForHans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn. ... =476554152
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-NL\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C776337-388B-49DB-8406-5A669439EA8C}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-31 16:44:10 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-31 14:44
.
Pre-Run: 218.982.543.360 bytes beschikbaar
Post-Run: 218.877.161.472 bytes beschikbaar
.
- - End Of File - - 1C88BEF32DDB6E66DAD1CDA8D0B38C2F


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: di jul 31, 2012 8:27 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Denk jij dat ik je een virus aanbied of zo ? Combofix zit vol met dingen waar een beetje AV wit van wegtrekt, jammer dat Hitman daar ook bij hoort, ik heb de heren looman al een tweet gestuurd.

Schakel je beveiligingssoftware uit.

Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Citaat:

Folder::
c:\programdata\pneodcjunkhwnyy
c:\program files (x86)\Conduit



Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

Afbeelding

ComboFix zal opnieuw starten.
Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.

Post de inhoud van de logfile.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: di jul 31, 2012 9:40 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
ComboFix 12-07-30.03 - Hans 31-07-2012 21:14:25.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1274 [GMT 2:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hans\Documents\Politievirus\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hans\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\Hans\Desktop\Internet Explorer.lnk
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_843e1cd1-fea7-4c96-b53f-91ce34f57760\HP.ActiveCheckLocalMode.Ccl.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_843e1cd1-fea7-4c96-b53f-91ce34f57760\HP.ActiveCheckLocalMode.SharedObjects.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_843e1cd1-fea7-4c96-b53f-91ce34f57760\HP.ActiveCheckLocalMode.UpdateEngine.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))
.
.
2012-07-31 19:22 . 2012-07-31 19:22 -------- d-----w- c:\users\Mcx1-HANS-PC\AppData\Local\temp
2012-07-31 19:22 . 2012-07-31 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 16:11 . 2012-07-31 16:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-30 06:47 . 2012-07-30 06:47 -------- d-----w- c:\users\Hans\AppData\Roaming\AVG9
2012-07-29 14:51 . 2012-07-29 14:52 -------- d-----w- c:\program files (x86)\Emisoft Emergency kit
2012-07-28 19:19 . 2012-07-28 19:19 -------- d-----w- c:\program files (x86)\DDS
2012-07-28 17:51 . 2012-07-28 17:51 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-07-28 17:48 . 2012-07-28 17:50 -------- d-----w- c:\program files (x86)\Adblock
2012-07-28 14:03 . 2012-07-28 14:47 -------- d-----w- c:\programdata\pneodcjunkhwnyy
2012-07-23 17:33 . 2012-07-28 14:47 -------- d-----w- c:\program files (x86)\Conduit
2012-07-23 17:33 . 2012-07-28 14:47 -------- d-----w- c:\program files (x86)\Vuze_Remote
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\users\Hans\AppData\Roaming\Convivea
2012-07-13 10:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 00:40 . 2012-07-31 14:55 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3F5ECC-2903-4E0F-88E4-2738A4D5C516}\mpengine.dll
2012-07-13 10:31 . 2009-11-23 11:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2009-12-10 20:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 07:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 07:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-11-10 17:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-14 17:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 17:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 17:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-14 17:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 17:31 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:31 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_14.38.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-01 22:54 . 2012-07-31 14:40 68970 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-09-01 22:54 . 2012-07-31 14:48 68970 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-31 19:26 62930 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 15:36 . 2012-07-31 19:26 18574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-384086421-1369882028-3500195097-1001_UserData.bin
- 2009-11-10 19:07 . 2012-07-31 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 19:07 . 2012-07-31 14:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 19:07 . 2012-07-31 14:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 19:07 . 2012-07-31 14:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 19:07 . 2012-07-31 14:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 19:07 . 2012-07-31 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 15:41 . 2012-07-31 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 15:41 . 2012-07-31 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 15:41 . 2012-07-31 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 15:41 . 2012-07-31 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-31 19:24 . 2012-07-31 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 14:38 . 2012-07-31 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 14:38 . 2012-07-31 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-31 19:24 . 2012-07-31 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-11 16:55 . 2012-07-31 15:59 313500 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-07-31 14:37 358772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-31 19:23 358772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-16 19:57 . 2012-07-31 19:23 1038972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384086421-1369882028-3500195097-1001-8192.dat
- 2011-10-16 19:57 . 2012-07-31 14:37 1038972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384086421-1369882028-3500195097-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-08-05 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2011-6-5 2345472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Hans\AppData\Local\Temp\Rar$EX00.424\Run\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-08-16 56008]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-08-16 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-16 308136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 24064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForHans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn. ... =476554152
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-NL\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C776337-388B-49DB-8406-5A669439EA8C}: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-31 21:30:51 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-31 19:30
.
Pre-Run: 217.876.439.040 bytes beschikbaar
Post-Run: 217.860.612.096 bytes beschikbaar
.
- - End Of File - - 783EB3F132BEAA3ED53868B03BD7DF71


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: di jul 31, 2012 9:45 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Probeer het nog eens maar dan in veilige modus. http://users.telenet.be/marcvn/spyware/ ... modus.html

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: wo aug 01, 2012 9:27 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
ComboFix 12-07-31.03 - Hans 01-08-2012 20:20:27.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.2366 [GMT 2:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hans\Documents\Politievirus\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\programdata\pneodcjunkhwnyy
c:\programdata\pneodcjunkhwnyy\btn-green.png
c:\programdata\pneodcjunkhwnyy\corners-btn.png
c:\programdata\pneodcjunkhwnyy\corners1.png
c:\programdata\pneodcjunkhwnyy\corners2.png
c:\programdata\pneodcjunkhwnyy\corners3.png
c:\programdata\pneodcjunkhwnyy\corners4.png
c:\programdata\pneodcjunkhwnyy\ie6-7.css
c:\programdata\pneodcjunkhwnyy\main.html
c:\programdata\pneodcjunkhwnyy\McAfee.png
c:\programdata\pneodcjunkhwnyy\nl-flag.png
c:\programdata\pneodcjunkhwnyy\nl-image.png
c:\programdata\pneodcjunkhwnyy\pay7.png
c:\programdata\pneodcjunkhwnyy\pay8.png
c:\programdata\pneodcjunkhwnyy\pay9.png
c:\programdata\pneodcjunkhwnyy\steps-en.png
c:\programdata\pneodcjunkhwnyy\steps-nl.png
c:\programdata\pneodcjunkhwnyy\style.css
c:\programdata\pneodcjunkhwnyy\tabs.png
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))
.
.
2012-08-01 18:27 . 2012-08-01 18:27 -------- d-----w- c:\users\Mcx1-HANS-PC\AppData\Local\temp
2012-08-01 18:27 . 2012-08-01 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 16:11 . 2012-07-31 16:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-31 14:55 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3F5ECC-2903-4E0F-88E4-2738A4D5C516}\mpengine.dll
2012-07-30 06:47 . 2012-07-30 06:47 -------- d-----w- c:\users\Hans\AppData\Roaming\AVG9
2012-07-29 14:51 . 2012-07-29 14:52 -------- d-----w- c:\program files (x86)\Emisoft Emergency kit
2012-07-28 19:19 . 2012-07-28 19:19 -------- d-----w- c:\program files (x86)\DDS
2012-07-28 17:51 . 2012-07-28 17:51 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-07-28 17:48 . 2012-07-28 17:50 -------- d-----w- c:\program files (x86)\Adblock
2012-07-23 17:33 . 2012-07-28 14:47 -------- d-----w- c:\program files (x86)\Vuze_Remote
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\users\Hans\AppData\Roaming\Convivea
2012-07-13 10:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 10:31 . 2009-11-23 11:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2009-12-10 20:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 07:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 07:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-11-10 17:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-14 17:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 17:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 17:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-14 17:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 17:31 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 17:31 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_14.38.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-01 22:54 . 2012-08-01 18:02 69484 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-01 18:02 63120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 15:36 . 2012-08-01 18:02 18582 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-384086421-1369882028-3500195097-1001_UserData.bin
+ 2009-11-10 14:51 . 2012-08-01 16:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 14:51 . 2012-07-31 14:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 14:51 . 2012-07-31 14:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 14:51 . 2012-08-01 16:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-31 14:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 16:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 19:07 . 2012-08-01 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 19:07 . 2012-07-31 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 19:07 . 2012-08-01 18:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 19:07 . 2012-07-31 14:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 19:07 . 2012-07-31 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 19:07 . 2012-08-01 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 15:41 . 2012-07-31 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 15:41 . 2012-08-01 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 15:41 . 2012-08-01 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 15:41 . 2012-07-31 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 21:41 . 2012-07-31 19:32 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-31 14:38 . 2012-07-31 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 18:28 . 2012-08-01 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 14:38 . 2012-07-31 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-01 18:28 . 2012-08-01 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-11 16:55 . 2012-07-31 15:59 313500 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-07-31 14:37 358772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-01 18:04 358772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-09-02 01:38 . 2012-08-01 17:48 5283048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-09-02 01:38 . 2012-07-24 20:37 5283048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-16 19:57 . 2012-08-01 18:04 1038972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384086421-1369882028-3500195097-1001-8192.dat
- 2011-10-16 19:57 . 2012-07-31 14:37 1038972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384086421-1369882028-3500195097-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-08-05 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2011-6-5 2345472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Hans\AppData\Local\Temp\Rar$EX00.424\Run\a2ddax64.sys [x]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-08-16 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-16 308136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 MBAMService;MBAMService;c:\program files (x86)\Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
R3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 24064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-08-16 56008]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForHans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn. ... =476554152
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-NL\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hans\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C776337-388B-49DB-8406-5A669439EA8C}: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-08-01 20:33:49 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-01 18:33
.
Pre-Run: 217.682.313.216 bytes beschikbaar
Post-Run: 217.593.757.696 bytes beschikbaar
.
- - End Of File - - 5CA9DD2E2FFF90158E28B7BF31A1F4C6


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: wo aug 01, 2012 9:56 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
En hoe gaat het nu ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: do aug 02, 2012 8:22 pm 
Offline
Lid

Geregistreerd: za jul 28, 2012 9:49 pm
Berichten: 13
Besturingssysteem: Windows7
Bescherming: AVG 9.0
Alles lijkt goed te werken, wat mij betreft kunnen we afsluiten.

Bedankt voor de hulp.


Omhoog
 Profiel  
 
 Berichttitel: Re: Politievirus
BerichtGeplaatst: vr aug 03, 2012 12:49 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33463
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
Afbeelding

Ccleaner
Download CCleaner Slim
Installeer CCleaner en start CCleaner op.

  • Klik in de linkse kolom op Cleaner.
  • Klik achtereenvolgens op Analyseren en Opschonen.
  • Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
  • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
  • Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
  • Sluit hierna CCleaner af.

Om herbesmetting te vermijden, kan je deze tips eens nalezen:
Hoe voorkom ik een nieuwe infectie?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 14 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot], Google [Bot] en 3 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling