Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PC start heel traag op. Duurt zeker 10 minuten

None
41 antwoorden
  • Hoi,

    Ik had al een bericht geplaatst bij Windows7 forum.
    Daar werd me verteld een hijack log hier te plaatsen.
    Zou iemand me hiermee kunnen helpen?
    Alvast bedankt

    p.s. Is er een andere manier om een hijack log hier te plaatsen?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:04:20, on 14-6-2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17006)
    Boot mode: Normal

    Running processes:
    G:\Downloads\Desktops\Desktops.exe
    C:\Users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Windows\SysWOW64\WinFLTray.exe
    C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
    C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
    C:\Users\Sebastiaan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Keyboard Driver\KMConfig.exe
    C:\Program Files (x86)\Keyboard Driver\KMProcess.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
    G:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com?o=14200&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sysinternals Desktops] G:\Downloads\Desktops\Desktops.exe
    O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    O4 - HKCU\..\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
    O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sebastiaan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF16704D-1B20-4111-9213-AF9B86C10C80}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD FusionUtility Service - Advanced Micro Devices, Inc. - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
    O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9202 bytes
  • Waarom heb je geen antiivirussoftware in jouw Windows?

    Ik wil graag dat je als eerst het volgende doet:

    [b:c75d3266d4]Welk programma[/b:c75d3266d4]: [b:c75d3266d4]TDSSStarter .exe[/b:c75d3266d4][/color:c75d3266d4]
    [b:c75d3266d4]Waarvoor/waarom[/b:c75d3266d4]: Rootkitscanner
    [b:c75d3266d4]Moeilijkheidsgraad[/b:c75d3266d4]: geen
    Download [b:c75d3266d4]TDSSStarter [/b:c75d3266d4] naar het bureaublad.

    [b:c75d3266d4]"TDSSSStarter.exe" gebruiken[/b:c75d3266d4]:
    [list:c75d3266d4][*:c75d3266d4] [b:c75d3266d4]Sluit nu eerst alle nog openstaande programmavensters![/color:c75d3266d4][/b:c75d3266d4]
    [list:c75d3266d4][*:c75d3266d4][b:c75d3266d4]Windows 2000[/color:c75d3266d4][/b:c75d3266d4] en [b:c75d3266d4]Windows XP[/b:c75d3266d4][/color:c75d3266d4]: start "[b:c75d3266d4] TDSSStarter .exe[/b:c75d3266d4]" middels dubbelklikken er op .
    [*:c75d3266d4][b:c75d3266d4]Windows Vista[/b:c75d3266d4][/color:c75d3266d4] en [b:c75d3266d4]Windows 7[/b:c75d3266d4][/color:c75d3266d4]: start "[b:c75d3266d4] TDSSStarter .exe[/b:c75d3266d4]" middels rechtsklik en kies dan voor [b:c75d3266d4]Als Administrator uitvoeren[/b:c75d3266d4].[/list:u:c75d3266d4]
    [*:c75d3266d4]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:c75d3266d4]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:c75d3266d4]
  • Ik heb wel een virusprogramma er op staan.
    Microsoft Security Essentials.
    Of is dit niet voldoende.
    Tips voor een ander (liefst gratis) virusprogramma?
  • Oké, over een goede vervanger voor MSE zal ik nog met je bespreken.
    Doe nu maar eerst wat ik in mijn vorige bericht heb gevraagd.
  • 20:46:08.0137 4100 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
    20:46:08.0152 4100 ============================================================
    20:46:08.0152 4100 Current date / time: 2012/06/14 20:46:08.0152
    20:46:08.0152 4100 SystemInfo:
    20:46:08.0152 4100
    20:46:08.0152 4100 OS Version: 6.1.7600 ServicePack: 0.0
    20:46:08.0152 4100 Product type: Workstation
    20:46:08.0153 4100 ComputerName: SEBASTIAAN-PC
    20:46:08.0153 4100 UserName: Sebastiaan
    20:46:08.0153 4100 Windows directory: C:\Windows
    20:46:08.0153 4100 System windows directory: C:\Windows
    20:46:08.0153 4100 Running under WOW64
    20:46:08.0153 4100 Processor architecture: Intel x64
    20:46:08.0153 4100 Number of processors: 2
    20:46:08.0153 4100 Page size: 0x1000
    20:46:08.0153 4100 Boot type: Normal boot
    20:46:08.0153 4100 ============================================================
    20:46:20.0701 4100 Drive \Device\Harddisk1\DR1 - Size: 0x950AC4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13000, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:46:20.0710 4100 Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:46:20.0728 4100 Drive \Device\Harddisk0\DR0 - Size: 0x253B1D5400 (148.92 Gb), SectorSize: 0x200, Cylinders: 0x4BF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:46:20.0995 4100 ============================================================
    20:46:20.0996 4100 \Device\Harddisk1\DR1:
    20:46:23.0287 4100 MBR partitions:
    20:46:23.0287 4100 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
    20:46:23.0287 4100 \Device\Harddisk2\DR2:
    20:46:23.0302 4100 MBR partitions:
    20:46:23.0303 4100 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
    20:46:23.0303 4100 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1E849DBF, BlocksNum 0x46A0F82
    20:46:23.0303 4100 \Device\Harddisk0\DR0:
    20:46:23.0317 4100 MBR partitions:
    20:46:23.0317 4100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x129D5FB1
    20:46:23.0317 4100 ============================================================
    20:46:23.0323 4100 C: <-> \Device\Harddisk0\DR0\Partition0
    20:46:49.0074 4100 F: <-> \Device\Harddisk1\DR1\Partition0
    20:46:49.0109 4100 G: <-> \Device\Harddisk2\DR2\Partition0
    20:46:49.0165 4100 H: <-> \Device\Harddisk2\DR2\Partition1
    20:46:49.0165 4100 ============================================================
    20:46:49.0165 4100 Initialize success
    20:46:49.0165 4100 ============================================================
    20:46:49.0217 1088 ============================================================
    20:46:49.0217 1088 Scan started
    20:46:49.0217 1088 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    20:46:49.0217 1088 ============================================================
    20:47:37.0084 1088 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    20:47:37.0569 1088 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    20:47:37.0627 1088 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    20:47:38.0013 1088 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:47:38.0081 1088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    20:47:38.0188 1088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    20:47:38.0262 1088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    20:47:38.0314 1088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    20:47:38.0646 1088 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    20:47:38.0730 1088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    20:47:38.0769 1088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    20:47:38.0830 1088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    20:47:38.0890 1088 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
    20:47:39.0148 1088 AMD FusionUtility Service (72893d5e805cc0a721dac0102329f94e) C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
    20:47:39.0206 1088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    20:47:39.0251 1088 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    20:47:39.0314 1088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    20:47:39.0781 1088 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:47:40.0382 1088 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
    20:47:40.0494 1088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    20:47:40.0612 1088 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    20:47:40.0648 1088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    20:47:40.0678 1088 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    20:47:40.0722 1088 amd_sata (b69ab579e950511d6d9bd09aaa350001) C:\Windows\system32\DRIVERS\amd_sata.sys
    20:47:40.0744 1088 amd_xata (683f545b70c80fa2c6349eb52958ef29) C:\Windows\system32\DRIVERS\amd_xata.sys
    20:47:40.0875 1088 AODDriver2 (6a488397b2e020ec24ce1aacfc830f90) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
    20:47:40.0935 1088 AODService (7e869d0d289358b3dd17fce30e502d3a) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    20:47:41.0000 1088 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    20:47:41.0126 1088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    20:47:41.0189 1088 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    20:47:41.0352 1088 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:47:41.0398 1088 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    20:47:41.0447 1088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    20:47:41.0478 1088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    20:47:41.0511 1088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:47:41.0584 1088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    20:47:41.0671 1088 athrusb (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys
    20:47:41.0766 1088 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    20:47:42.0709 1088 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:47:42.0982 1088 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    20:47:43.0058 1088 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    20:47:43.0125 1088 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    20:47:43.0272 1088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    20:47:43.0342 1088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:47:43.0426 1088 BCM42RLY (413c17feb9666ae4a390df7f9552aaf6) C:\Windows\system32\drivers\BCM42RLY.sys
    20:47:43.0778 1088 BCM43XX (e962c2c7e6120c5087a73809eaa90e4b) C:\Windows\system32\DRIVERS\bcmwl664.sys
    20:47:44.0356 1088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    20:47:44.0491 1088 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    20:47:44.0615 1088 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    20:47:44.0736 1088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    20:47:44.0832 1088 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    20:47:44.0885 1088 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    20:47:44.0984 1088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:47:45.0049 1088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:47:45.0112 1088 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    20:47:45.0191 1088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    20:47:45.0250 1088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    20:47:45.0292 1088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:47:45.0336 1088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    20:47:45.0396 1088 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    20:47:45.0451 1088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    20:47:45.0513 1088 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    20:47:45.0586 1088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    20:47:45.0664 1088 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    20:47:45.0728 1088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:47:45.0801 1088 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    20:47:45.0864 1088 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    20:47:45.0926 1088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    20:47:45.0976 1088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    20:47:46.0069 1088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:47:46.0142 1088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:47:46.0243 1088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:47:46.0304 1088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:47:46.0359 1088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:47:46.0402 1088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    20:47:46.0459 1088 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    20:47:46.0518 1088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    20:47:46.0567 1088 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    20:47:46.0641 1088 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
    20:47:46.0668 1088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    20:47:46.0722 1088 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    20:47:46.0841 1088 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    20:47:46.0952 1088 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
    20:47:47.0059 1088 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    20:47:47.0187 1088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    20:47:47.0319 1088 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    20:47:47.0430 1088 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    20:47:47.0541 1088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    20:47:47.0625 1088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    20:47:47.0682 1088 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    20:47:47.0765 1088 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    20:47:47.0844 1088 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    20:47:47.0985 1088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    20:47:48.0154 1088 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    20:47:48.0236 1088 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    20:47:48.0309 1088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    20:47:48.0500 1088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    20:47:49.0124 1088 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    20:47:49.0235 1088 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    20:47:49.0315 1088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    20:47:49.0443 1088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    20:47:49.0478 1088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    20:47:49.0560 1088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    20:47:49.0668 1088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    20:47:49.0740 1088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    20:47:49.0847 1088 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    20:47:50.0017 1088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    20:47:50.0097 1088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    20:47:50.0193 1088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    20:47:50.0334 1088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    20:47:50.0364 1088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    20:47:50.0429 1088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:47:50.0538 1088 FLService (9f63cbeaa3cf458db4d41e1906b66a9b) C:\Windows\SysWow64\WinFLService.exe
    20:47:50.0633 1088 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    20:47:50.0738 1088 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    20:47:50.0899 1088 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:47:50.0968 1088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    20:47:51.0023 1088 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    20:47:51.0047 1088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:47:51.0101 1088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:47:51.0169 1088 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    20:47:51.0276 1088 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:47:51.0322 1088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    20:47:51.0547 1088 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    20:47:51.0612 1088 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:47:51.0653 1088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    20:47:51.0698 1088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    20:47:51.0751 1088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    20:47:51.0813 1088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    20:47:51.0881 1088 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    20:47:51.0926 1088 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    20:47:51.0984 1088 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    20:47:52.0068 1088 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    20:47:52.0125 1088 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    20:47:52.0217 1088 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    20:47:52.0318 1088 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    20:47:52.0344 1088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:47:52.0419 1088 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    20:47:52.0592 1088 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:47:52.0680 1088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    20:47:52.0756 1088 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    20:47:53.0045 1088 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
    20:47:53.0338 1088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    20:47:53.0378 1088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    20:47:53.0446 1088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    20:47:53.0525 1088 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:47:53.0631 1088 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    20:47:53.0709 1088 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    20:47:53.0750 1088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    20:47:54.0130 1088 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    20:47:54.0221 1088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    20:47:54.0277 1088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    20:47:54.0331 1088 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:47:54.0426 1088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:47:54.0497 1088 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:47:54.0605 1088 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    20:47:54.0667 1088 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
    20:47:54.0839 1088 KMWDSERVICE (c845bad94bb9ab52806e1402fc04ad89) C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
    20:47:54.0903 1088 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - [b:8668c290b3]warning[/color:8668c290b3][/b:8668c290b3]
    20:47:54.0903 1088 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
    20:47:55.0051 1088 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    20:47:55.0097 1088 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    20:47:55.0143 1088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    20:47:55.0301 1088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    20:47:55.0415 1088 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    20:47:55.0491 1088 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    20:47:55.0567 1088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    20:47:55.0671 1088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    20:47:55.0779 1088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    20:47:55.0872 1088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:47:55.0974 1088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:47:56.0056 1088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:47:56.0077 1088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:47:56.0118 1088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    20:47:56.0218 1088 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    20:47:56.0326 1088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    20:47:56.0381 1088 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    20:47:56.0443 1088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    20:47:56.0480 1088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    20:47:56.0599 1088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    20:47:56.0669 1088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    20:47:56.0742 1088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    20:47:56.0785 1088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    20:47:56.0810 1088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    20:47:56.0838 1088 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    20:47:56.0919 1088 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:47:57.0016 1088 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    20:47:57.0096 1088 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    20:47:57.0130 1088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    20:47:57.0244 1088 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    20:47:57.0329 1088 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    20:47:57.0390 1088 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:47:57.0459 1088 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:47:57.0511 1088 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:47:57.0562 1088 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    20:47:57.0595 1088 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    20:47:57.0645 1088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    20:47:57.0734 1088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    20:47:57.0806 1088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    20:47:58.0031 1088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    20:47:58.0158 1088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    20:47:58.0282 1088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    20:47:58.0523 1088 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:47:58.0561 1088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:47:58.0647 1088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    20:47:58.0720 1088 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    20:47:58.0765 1088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:47:58.0790 1088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    20:47:58.0865 1088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    20:47:58.0993 1088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    20:47:59.0060 1088 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    20:47:59.0195 1088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    20:47:59.0577 1088 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers
    dis.sys
    20:47:59.0662 1088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    20:47:59.0805 1088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    20:47:59.0935 1088 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS
    disuio.sys
    20:48:00.0066 1088 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS
    diswan.sys
    20:48:00.0158 1088 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    20:48:00.0246 1088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    20:48:00.0323 1088 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS
    etbt.sys
    20:48:00.0403 1088 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    20:48:00.0623 1088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32
    etman.dll
    20:48:00.0756 1088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32
    etprofm.dll
    20:48:00.0931 1088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:48:01.0052 1088 NEWDRIVER (2d446f342467128ea389cf44ec79c2ba) C:\Windows\SysWow64\WinVDEdrv6.sys
    20:48:01.0151 1088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    20:48:01.0223 1088 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    20:48:01.0360 1088 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
    20:48:01.0431 1088 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32
    lasvc.dll
    20:48:01.0562 1088 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers
    pf.sys
    20:48:01.0609 1088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    20:48:01.0738 1088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32
    sisvc.dll
    20:48:01.0822 1088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    20:48:02.0145 1088 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    20:48:02.0325 1088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    20:48:02.0398 1088 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers
    vraid.sys
    20:48:02.0443 1088 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers
    vstor.sys
    20:48:02.0486 1088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS
    v_agp.sys
    20:48:02.0533 1088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:48:02.0645 1088 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:48:03.0018 1088 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    20:48:03.0354 1088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    20:48:03.0453 1088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    20:48:03.0550 1088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    20:48:03.0595 1088 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    20:48:03.0646 1088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    20:48:03.0703 1088 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    20:48:03.0732 1088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    20:48:03.0769 1088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:48:03.0806 1088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    20:48:03.0867 1088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    20:48:04.0298 1088 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    20:48:04.0438 1088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    20:48:04.0604 1088 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    20:48:04.0745 1088 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    20:48:04.0827 1088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    20:48:04.0886 1088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    20:48:04.0972 1088 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    20:48:05.0085 1088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    20:48:05.0252 1088 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    20:48:05.0330 1088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    20:48:05.0393 1088 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    20:48:05.0469 1088 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    20:48:05.0523 1088 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    20:48:05.0633 1088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    20:48:05.0822 1088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    20:48:05.0877 1088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    20:48:05.0962 1088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    20:48:06.0031 1088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    20:48:06.0130 1088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:48:06.0200 1088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    20:48:06.0275 1088 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:48:06.0374 1088 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    20:48:06.0463 1088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:48:06.0524 1088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    20:48:06.0609 1088 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    20:48:06.0678 1088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    20:48:06.0706 1088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:48:06.0765 1088 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    20:48:06.0829 1088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    20:48:06.0871 1088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    20:48:06.0953 1088 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    20:48:07.0048 1088 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    20:48:07.0121 1088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    20:48:07.0213 1088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    20:48:07.0309 1088 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    20:48:07.0359 1088 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    20:48:07.0460 1088 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
    20:48:07.0518 1088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    20:48:07.0610 1088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    20:48:07.0671 1088 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    20:48:07.0737 1088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    20:48:07.0877 1088 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
    20:48:08.0133 1088 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
    20:48:08.0223 1088 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    20:48:08.0305 1088 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    20:48:08.0371 1088 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    20:48:08.0439 1088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    20:48:08.0560 1088 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
    20:48:08.0614 1088 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    20:48:08.0731 1088 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    20:48:08.0829 1088 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    20:48:08.0906 1088 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    20:48:09.0018 1088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    20:48:09.0138 1088 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    20:48:09.0262 1088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    20:48:09.0408 1088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    20:48:09.0581 1088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    20:48:09.0628 1088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    20:48:09.0664 1088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    20:48:09.0722 1088 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    20:48:09.0790 1088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    20:48:09.0831 1088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    20:48:09.0857 1088 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    20:48:10.0084 1088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    20:48:10.0219 1088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    20:48:10.0366 1088 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    20:48:10.0439 1088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:48:10.0480 1088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    20:48:10.0509 1088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    20:48:10.0579 1088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    20:48:10.0618 1088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    20:48:10.0690 1088 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    20:48:10.0930 1088 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    20:48:11.0161 1088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    20:48:11.0313 1088 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    20:48:11.0425 1088 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    20:48:11.0499 1088 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    20:48:11.0580 1088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    20:48:11.0660 1088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    20:48:11.0742 1088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    20:48:11.0813 1088 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    20:48:11.0938 1088 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    20:48:12.0075 1088 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    20:48:12.0168 1088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    20:48:12.0250 1088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    20:48:12.0442 1088 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    20:48:12.0661 1088 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    20:48:12.0772 1088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    20:48:12.0964 1088 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    20:48:13.0247 1088 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    20:48:13.0448 1088 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    20:48:13.0507 1088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    20:48:13.0570 1088 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    20:48:13.0609 1088 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    20:48:13.0719 1088 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    20:48:13.0795 1088 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    20:48:14.0040 1088 Themes (88e2696a4a1521b0f5ff62977259cdd1) C:\Windows\system32\themeservice.dll
    20:48:14.0072 1088 Themes ( UnsignedFile.Multi.Generic ) - [b:8668c290b3]warning[/color:8668c290b3][/b:8668c290b3]
    20:48:14.0072 1088 Themes - detected UnsignedFile.Multi.Generic (1)
    20:48:14.0126 1088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    20:48:14.0371 1088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    20:48:14.0492 1088 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    20:48:14.0538 1088 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:48:14.0819 1088 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    20:48:14.0987 1088 TVersityMediaServer (e0a9b5b92097211a57fd16d27f2b3750) C:\ProgramData\TVersity\Media Server\MediaServer.exe
    20:48:15.0022 1088 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - [b:8668c290b3]warning[/color:8668c290b3][/b:8668c290b3]
    20:48:15.0022 1088 TVersityMediaServer - detected UnsignedFile.Multi.Generic (1)
    20:48:15.0040 1088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    20:48:15.0125 1088 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    20:48:15.0229 1088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    20:48:15.0266 1088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    20:48:15.0298 1088 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    20:48:15.0328 1088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    20:48:15.0359 1088 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
    20:48:15.0439 1088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    20:48:15.0547 1088 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    20:48:15.0615 1088 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:48:15.0688 1088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    20:48:15.0743 1088 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    20:48:15.0792 1088 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
    20:48:15.0833 1088 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    20:48:15.0912 1088 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
    20:48:15.0984 1088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    20:48:16.0072 1088 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:48:16.0126 1088 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:48:16.0175 1088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    20:48:16.0273 1088 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    20:48:16.0327 1088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    20:48:16.0462 1088 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    20:48:16.0519 1088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:48:16.0560 1088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    20:48:16.0635 1088 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    20:48:16.0661 1088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    20:48:16.0709 1088 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    20:48:16.0743 1088 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    20:48:16.0792 1088 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    20:48:16.0833 1088 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    20:48:16.0878 1088 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    20:48:17.0079 1088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    20:48:17.0190 1088 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    20:48:17.0404 1088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    20:48:17.0448 1088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    20:48:17.0535 1088 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    20:48:17.0600 1088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    20:48:17.0681 1088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    20:48:17.0714 1088 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    20:48:17.0763 1088 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    20:48:17.0974 1088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    20:48:18.0282 1088 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    20:48:18.0474 1088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    20:48:18.0544 1088 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    20:48:18.0608 1088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    20:48:18.0707 1088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    20:48:18.0764 1088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    20:48:18.0826 1088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    20:48:18.0873 1088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    20:48:18.0948 1088 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    20:48:19.0018 1088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    20:48:19.0096 1088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    20:48:19.0156 1088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    20:48:19.0259 1088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    20:48:19.0318 1088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    20:48:19.0475 1088 WinFLAdrv (90c9eec60df94e0633a494750c4bac5b) C:\Windows\syswow64\WinFLAdrv.sys
    20:48:19.0575 1088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    20:48:19.0759 1088 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    20:48:20.0468 1088 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    20:48:20.0556 1088 WinVDEDrv (3cc985a4e7d90f5b6d9ff1fd5cd486d7) C:\Windows\SysWow64\WinVDEdrv.sys
    20:48:20.0651 1088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    20:48:20.0904 1088 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:48:21.0000 1088 wltrysvc (010a746877306e721e76afd4721943f2) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
    20:48:21.0014 1088 wltrysvc ( UnsignedFile.Multi.Generic ) - [b:8668c290b3]warning[/color:8668c290b3][/b:8668c290b3]
    20:48:21.0014 1088 wltrysvc - detected UnsignedFile.Multi.Generic (1)
    20:48:21.0169 1088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:48:21.0254 1088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    20:48:21.0340 1088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    20:48:21.0390 1088 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    20:48:21.0496 1088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    20:48:21.0578 1088 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
    20:48:21.0733 1088 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    20:48:22.0134 1088 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    20:48:22.0298 1088 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:48:22.0382 1088 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    20:48:22.0503 1088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    20:48:28.0071 1088 MBR (0x1B8) (656ef04e873b2e489486eff339d5d98b) \Device\Harddisk1\DR1
    20:56:50.0025 1088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    20:56:50.0134 1088 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    20:56:51.0423 1088 Boot (0x1200) (504c8912a5553b0d691c8f530736791e) \Device\Harddisk1\DR1\Partition0
    20:56:51.0750 1088 Boot (0x1200) (fe67f42d4dfbe5f56992cbc3707fdf32) \Device\Harddisk2\DR2\Partition0
    20:56:51.0786 1088 Boot (0x1200) (b4b78a624a54a108d7a8899ae4514dbf) \Device\Harddisk2\DR2\Partition1
    20:56:51.0806 1088 Boot (0x1200) (d6281849202557bcce327a32a904f19a) \Device\Harddisk0\DR0\Partition0
    20:56:51.0808 1088 ============================================================
    20:56:51.0808 1088 Scan finished
    20:56:51.0808 1088 ============================================================
    20:56:53.0035 5012 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Mooi zo, geen MBR-rootkit.

    We gaan Combofix gebruiken - http://hijackthis.nl/forum/viewtopic.php?p=273082#p273082 - hier zie je hoe MSE te deaktiveren.

    [b:c5c8dfa3bd]Welk programma[/b:c5c8dfa3bd]: [b:c5c8dfa3bd]ComboFix[/b:c5c8dfa3bd][/color:c5c8dfa3bd]
    [b:c5c8dfa3bd]Waarvoor/waarom[/b:c5c8dfa3bd]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:c5c8dfa3bd]Moeilijkheidsgraad[/b:c5c8dfa3bd]: Lees alles eerst goed vanwege de voorbereidingsfase.
    [b:c5c8dfa3bd]Downloadlokatie[/b:c5c8dfa3bd]: Dit programma absoluut naar het bureaublad downloaden!
    [b:c5c8dfa3bd]Download ComboFix via één van deze locaties[/b:c5c8dfa3bd]:
    [list:c5c8dfa3bd][*:c5c8dfa3bd][b:c5c8dfa3bd]Bleepingcomputer[/b:c5c8dfa3bd]
    [*:c5c8dfa3bd][b:c5c8dfa3bd]ForoSpyware[/b:c5c8dfa3bd]
    [*:c5c8dfa3bd][b:c5c8dfa3bd]Geekstogo[/b:c5c8dfa3bd][/list:u:c5c8dfa3bd]
    [b:c5c8dfa3bd]Hier[/b:c5c8dfa3bd] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:c5c8dfa3bd]Hier[/color:c5c8dfa3bd][/b:c5c8dfa3bd] of [b:c5c8dfa3bd]hier[/b:c5c8dfa3bd][/color:c5c8dfa3bd] kan je lezen hoe je dat doet.

    [b:c5c8dfa3bd]Voor alle duidelijkheid nogmaals[/b:c5c8dfa3bd]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:c5c8dfa3bd]Opmerkingen[/b:c5c8dfa3bd]:
    [list:c5c8dfa3bd][*:c5c8dfa3bd] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:c5c8dfa3bd]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:c5c8dfa3bd]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:c5c8dfa3bd]
    [b:c5c8dfa3bd]ComboFix is opgestart[/b:c5c8dfa3bd]:
    [list:c5c8dfa3bd][*:c5c8dfa3bd]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:c5c8dfa3bd]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:c5c8dfa3bd]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:c5c8dfa3bd]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:c5c8dfa3bd]Post de inhoud van dit logbestand in je volgende bericht.
    [*:c5c8dfa3bd]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:c5c8dfa3bd]
    [b:c5c8dfa3bd]Belangrijke opmerking[/b:c5c8dfa3bd]:
    [list:c5c8dfa3bd][*:c5c8dfa3bd][b:c5c8dfa3bd]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:c5c8dfa3bd][/b:c5c8dfa3bd]
    [*:c5c8dfa3bd][b:c5c8dfa3bd]Illegal operation attempted on a registery key that has been marked for deletion.[/color:c5c8dfa3bd][/b:c5c8dfa3bd]
    [*:c5c8dfa3bd][b:c5c8dfa3bd]Start dan de computer opnieuw op.[/color:c5c8dfa3bd][/b:c5c8dfa3bd][/list:u:c5c8dfa3bd]
  • Okay dankjewel. Ik zal het programma zo snel mogelijk laten draaien.
    Ik moet eerst even m'n werk afmaken aangezien het programma ervoor kan zorgen dat je pc meerdere keren opnieuw moet opstarten,
    Ik zal zo snel mogelijk het logfile hier posten
  • Prima hoor.
  • Hieronder de log van de Combofix scan, ik hoop dat je er iets mee kunt en me verder kunt helpen. Alvast bedankt.

    ComboFix 12-06-14.01 - Sebastiaan 14-06-2012 23:38:04.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.5629.3397 [GMT 2:00]
    Gestart vanuit: c:\users\Sebastiaan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Mozilla Maintenance Service
    c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    c:\program files (x86)\Mozilla Maintenance Service\Uninstall.exe
    c:\program files (x86)\Mozilla Maintenance Service\updater.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Service_MozillaMaintenance
    ——-\Service_MozillaMaintenance
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))
    .
    .
    2012-06-14 22:04 . 2012-06-14 22:04 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-06-14 21:32 . 2012-06-14 21:32 ——– d—–w- c:\program files (x86)\SmartClose
    2012-06-14 21:32 . 2012-06-14 21:32 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\SmartClose
    2012-06-14 19:38 . 2012-05-08 08:02 8955792 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FCB6ADC-DC4E-4560-AEFD-F16A12A2930B}\mpengine.dll
    2012-06-14 18:45 . 2012-06-14 18:56 ——– d—–w- C:\TDSSStarter
    2012-06-14 02:01 . 2012-06-01 11:32 927800 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-14 02:01 . 2012-06-01 11:32 927800 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A81F4A80-5E7E-419F-A290-88FB92F1F64B}\gapaengine.dll
    2012-06-13 14:32 . 2012-06-13 14:32 ——– d—–w- C:\Microgaming
    2012-06-13 13:45 . 2012-06-13 13:45 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\Malwarebytes
    2012-06-13 13:45 . 2012-06-13 13:45 ——– d—–w- c:\programdata\Malwarebytes
    2012-06-13 13:45 . 2012-06-13 13:45 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-13 13:45 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-12 11:37 . 2012-05-08 08:02 8955792 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-07 20:49 . 2012-06-07 20:49 ——– d—–w- c:\users\Sebastiaan\AppData\Local\IsolatedStorage
    2012-06-07 20:48 . 2012-06-07 20:48 ——– d—–w- c:\users\Sebastiaan\AppData\Local\Sublight_Labs
    2012-06-07 20:48 . 2012-06-07 21:22 ——– d—–w- c:\program files (x86)\Sublight
    2012-06-06 19:29 . 2012-06-06 19:29 ——– d—–w- c:\program files (x86)\Ashampoo
    2012-06-06 11:55 . 2012-06-06 11:55 770384 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-06 11:55 . 2012-06-06 11:55 421200 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-02 03:04 . 2012-06-02 04:07 ——– d—–w- c:\users\Sebastiaan\AppData\Local\7D0365B3-FBB3-4DFE-8480-444D8327B9E1.aplzod
    2012-06-02 00:01 . 2012-03-09 08:57 23816 —-a-w- c:\windows\system32\drivers\cpuz135_x64.sys
    2012-06-02 00:01 . 2012-06-02 00:01 ——– d—–w- c:\program files\CPU-Z
    2012-06-01 17:30 . 2012-06-01 17:30 131584 —-a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2012-06-01 17:06 . 2012-06-01 17:06 ——– d—–w- c:\users\Sebastiaan\AppData\Local\APN
    2012-06-01 16:58 . 2012-06-02 00:59 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\PFStaticIP
    2012-06-01 16:58 . 2012-06-01 16:58 ——– d—–w- c:\program files (x86)\PFStaticIP
    2012-06-01 15:28 . 2012-06-01 15:28 ——– d—–w- c:\users\Sebastiaan\AppData\Local\MetaGeek,_LLC
    2012-06-01 14:53 . 2012-06-01 14:53 ——– d—–w- c:\program files (x86)\MetaGeek
    2012-06-01 11:38 . 2012-06-01 11:38 ——– d—–w- c:\program files (x86)\Auslogics
    2012-06-01 11:29 . 2012-06-01 11:29 ——– d—–w- c:\program files (x86)\Microsoft Security Client
    2012-06-01 11:29 . 2012-06-01 11:29 ——– d—–w- c:\program files\Microsoft Security Client
    2012-06-01 11:24 . 2012-06-01 11:24 ——– d—–w- c:\program files (x86)\MSECache
    2012-06-01 11:07 . 2012-06-01 20:55 ——– d—–w- c:\program files (x86)\Microsoft
    2012-06-01 11:07 . 2012-06-01 11:07 7450888 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c4d311271cd3fe609\bingbarsetup.exe
    2012-06-01 10:20 . 2012-06-01 10:20 ——– d—–w- c:\program files (x86)\Microsoft Synchronization Services
    2012-06-01 10:19 . 2012-06-01 10:19 ——– d—–w- c:\windows\PCHEALTH
    2012-06-01 10:19 . 2012-06-01 10:19 ——– d—–w- c:\program files (x86)\Microsoft Sync Framework
    2012-06-01 10:19 . 2012-06-01 10:19 ——– d—–w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-06-01 10:13 . 2012-06-01 10:13 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
    2012-06-01 09:41 . 2012-06-01 09:42 ——– d—–w- c:\program files (x86)\Windows Live
    2012-06-01 09:26 . 2012-06-01 09:26 36240 —-a-w- c:\windows\SysWow64\WinFLAdrv.sys
    2012-06-01 09:26 . 2012-06-01 09:26 197648 —-a-w- c:\windows\SysWow64\WinVDEdrv6.sys
    2012-06-01 09:26 . 2012-06-01 09:26 225680 —-a-w- c:\windows\SysWow64\WinVDEdrv.sys
    2012-06-01 09:25 . 2012-06-01 09:25 91736 —-a-w- c:\windows\SysWow64\WinFLService.exe
    2012-06-01 09:25 . 2012-06-01 09:25 14936 —-a-w- c:\windows\SysWow64\WinFLMsgService.exe
    2012-06-01 09:25 . 2012-06-01 09:25 40960 —-a-w- c:\windows\SysWow64
    wsftUninstall.exe
    2012-06-01 09:25 . 2012-06-01 09:25 293976 —-a-w- c:\windows\SysWow64\WinFLTray.exe
    2012-06-01 09:25 . 2012-06-01 09:25 293976 —-a-w- c:\windows\SysWow64\WinFLTrayShred.exe
    2012-06-01 09:25 . 2012-06-01 09:25 594520 —-a-w- c:\windows\SysWow64\WinFLCtxMenu.dll
    2012-06-01 09:25 . 2012-06-01 09:25 ——– d—–w- c:\program files (x86)\NewSoftware's
    2012-05-31 21:08 . 2012-05-31 21:08 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\Mozilla-Cache
    2012-05-31 02:38 . 2012-05-31 02:39 ——– d—–w- c:\program files (x86)\VirtualDJ
    2012-05-31 02:28 . 2012-06-06 11:55 85472 —-a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-05-31 01:17 . 2012-05-31 02:16 ——– d—–w- c:\programdata\Ableton
    2012-05-31 01:17 . 2012-05-31 01:17 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\Ableton
    2012-05-31 01:16 . 2012-06-07 16:29 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\Foxit Software
    2012-05-31 00:24 . 2012-05-31 00:24 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\Deckadance19
    2012-05-31 00:23 . 2012-06-01 13:38 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\SongManager
    2012-05-30 23:46 . 2012-05-30 23:46 ——– d—–w- c:\program files (x86)\ASIO4ALL v2
    2012-05-30 23:46 . 2012-05-31 00:23 ——– d—–w- c:\program files (x86)\VstPlugins
    2012-05-30 23:46 . 2012-05-30 23:46 ——– d—–w- c:\program files (x86)\Image-Line
    2012-05-30 23:45 . 2009-09-15 09:14 1554944 —-a-w- c:\windows\SysWow64\vorbis.acm
    2012-05-30 23:45 . 2012-05-30 23:45 ——– d—–w- c:\program files (x86)\Outsim
    2012-05-30 23:42 . 2012-05-30 23:47 ——– d—–w- c:\program files (x86)\Fruity Loops Studio 10
    2012-05-30 23:40 . 2010-10-08 15:57 233472 —-a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-05-30 23:40 . 2010-10-08 15:57 368640 —-a-w- c:\windows\SysWow64\ReWire.dll
    2012-05-30 23:37 . 2012-05-30 23:37 ——– d—–w- c:\program files (x86)\Ableton
    2012-05-29 21:43 . 2012-05-29 21:43 ——– d—–r- c:\users\Sebastiaan\SkyDrive
    2012-05-29 21:42 . 2012-05-29 21:42 ——– d—–w- c:\programdata\Microsoft SkyDrive
    2012-05-29 21:38 . 2012-05-29 21:38 ——– d—–w- c:\users\Sebastiaan\AppData\Local\Macromedia
    2012-05-29 21:36 . 2012-05-29 21:36 ——– d—–w- c:\program files (x86)\Foxit Reader
    2012-05-29 21:25 . 2012-05-29 21:25 ——– d—–w- c:\program files (x86)\FileHippo.com
    2012-05-29 21:18 . 2012-05-29 21:17 955848 —-a-w- c:\windows\system32
    pDeployJava1.dll
    2012-05-29 21:16 . 2012-05-29 21:16 772552 —-a-w- c:\windows\SysWow64
    pDeployJava1.dll
    2012-05-29 20:34 . 2012-05-29 20:34 ——– d—–w- c:\program files (x86)\Cisco
    2012-05-29 20:33 . 2012-05-29 20:32 1047552 —-a-w- c:\windows\system32\BCMLogon.dll
    2012-05-29 20:31 . 2012-05-29 20:31 ——– d—–w- c:\programdata\ATI
    2012-05-29 20:30 . 2012-05-29 20:30 ——– d—–w- c:\program files (x86)\AMD APP
    2012-05-29 20:30 . 2012-05-29 20:30 ——– d—–w- c:\program files (x86)\ATI Technologies
    2012-05-29 20:24 . 2011-08-17 21:44 53376 —-a-w- c:\windows\system32\drivers\usbfilter.sys
    2012-05-29 20:20 . 2011-05-05 13:24 2085440 —-a-w- c:\windows\system32\FMAPO64.dll
    2012-05-29 20:02 . 2012-05-29 20:18 ——– d—–w- c:\programdata\DriverGenius
    2012-05-25 18:34 . 2012-05-25 18:34 ——– d—–w- c:\programdata\IObit
    2012-05-25 18:34 . 2012-05-25 19:25 ——– d—–w- c:\users\Sebastiaan\AppData\Roaming\IObit
    2012-05-25 18:34 . 2012-05-25 19:59 ——– d—–w- c:\program files (x86)\Advanced SystemCare 5
    2012-05-17 14:47 . 2012-05-17 14:47 ——– d—–w- c:\program files\Microsoft Silverlight
    2012-05-17 14:47 . 2012-05-17 14:47 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
    2012-05-16 14:33 . 2012-05-16 14:33 ——– d—–w- c:\windows\CheckSur
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-09 14:07 . 2012-04-07 11:49 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-09 14:07 . 2011-08-15 14:12 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-01 09:41 . 2011-03-28 16:36 19736 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-29 21:17 . 2011-02-25 19:29 839112 —-a-w- c:\windows\system32\deployJava1.dll
    2012-05-29 21:16 . 2011-02-28 15:46 687560 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-29 20:32 . 2009-10-20 18:19 35344 —-a-w- c:\windows\system32\drivers
    pf.sys
    2012-05-06 13:50 . 2012-04-07 11:50 8744608 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-18 18:56 . 2012-04-18 18:56 94208 —-a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 18:56 . 2012-04-18 18:56 69632 —-a-w- c:\windows\SysWow64\QuickTime.qts
    2012-03-30 11:09 . 2012-05-13 21:02 1895280 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\SysWow64\GPhotos.scr
    2012-03-20 18:44 . 2012-03-20 18:44 98688 —-a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-20 18:44 . 2012-03-20 18:44 203888 —-a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-17 07:55 . 2012-05-13 21:02 75632 —-a-w- c:\windows\system32\drivers\partmgr.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-05-31 10:54 208608 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-05-31 10:54 208608 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-05-31 10:54 208608 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sysinternals Desktops"="g:\downloads\Desktops\Desktops.exe" [2010-01-18 116088]
    "SkyDrive"="c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-05-31 296672]
    "WinFLTray"="c:\windows\SysWow64\WinFLTray.exe" [2012-06-01 293976]
    "FLBackup"="c:\program files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-06-01 282712]
    "Spotify Web Helper"="c:\users\Sebastiaan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-13 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-29 212992]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 FLService;FLService;c:\windows\SysWow64\WinFLService.exe [2012-06-01 91736]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
    S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2009-08-31 1821184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NEWDRIVER;NEWDRIVER;c:\windows\SysWow64\WinVDEdrv6.sys [2012-06-01 197648]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-07-01 52352]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:07]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793306352-945316632-3298908517-1000Core.job
    - c:\users\Sebastiaan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 19:51]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793306352-945316632-3298908517-1000UA.job
    - c:\users\Sebastiaan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 19:51]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-05-31 10:54 232672 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-05-31 10:54 232672 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-05-31 10:54 232672 —-a-w- c:\users\Sebastiaan\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-05-29 7142400]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF6938.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nl.ask.com?o=14200&l=dis
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FF16704D-1B20-4111-9213-AF9B86C10C80}: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Sebastiaan\AppData\Roaming\Mozilla\Firefox\Profiles\h4rdvxyi.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-WinFLAdrv.sys
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
    c:\program files (x86)\Keyboard Driver\KMConfig.exe
    c:\program files (x86)\Keyboard Driver\KMProcess.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-06-15 00:19:59 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-06-14 22:19
    .
    Pre-Run: 99.976.187.904 bytes beschikbaar
    Post-Run: 99.437.228.032 bytes beschikbaar
    .
    - - End Of File - - 2E9BDDD55EA01BB7591C284C76EBCFCA
  • Laten we eens kijken hoeveel processen en bijbehorend cpu-gebruik door Taakbeheer wordt vermeld een vijftal minuten na opstarten van Windows.
    Noteer die gegevens en post ze - zonder daarbij middels SmaertClose programma's en diensten te hebben uitgeschakeld.

    Ik vind overigens geen crapware in jouw Windows, dus ga ik ervan uit dat jij deze Windows zelf hebt geïnstalleerd - klopt dat?
    Indien ja - zijn alle drivers ook geïnstalleerd?
  • De links hieronder bevatten de processen die in taakbeheer draaien 5 minuten nadat de computer is opgestart.

    http://flic.kr/p/ceCv5J
    http://flic.kr/p/ceCv8j

    Ik heb inderdaad deze Windows zelf geinstalleerd en volgens mij zijn ook alle drivers geinstalleerd. Ik zie in elk geval in apparaatbeheer geen vragen tekens of andere opmerkingen bij de verschillende apparaten staan.
    Ook heb ik wel eens driver genius geinstalleerd om te kijken of er stuurprogramma's miste maar dat was niet het geval.[/img]
  • Dat Ati-geval had ik in een vorig notebook met Ati-kaart gewoon gedeaktiveerd via Services (AMD External Events enz.).

    Het aantal processen en cpu gebruik is heel normaal inderdaad.
    Doe jij speciale aktiviteiten met jouw PC, welk veel eisen van de PC?
  • Nee niet echt.
    Ik gebruik hem om te downloaden, muziek mee af te spelen, te internetten. Gewoon de normale dingen.
  • Oké - hoe gaat het nu overigens met jou Windows?

    En loop de geïnstalleerde programma's eens goed na en verwijder dan wat je niet meer gebruikt - dat komt ook Windows ten goede.

    En dan de wisseling van antivirussoftware.
    Dan wil ik eerst weten hoe jij e-mailt.
    Doe jij dat via een e-mailprogramma in Windows of gebruik jij webmail?
  • Abraham ik wil je allereerst bedanken voor alle moeite die je voor me hebt gedaan. Ik stel dit zeer op prijs. Dankjewel!

    Met windows gaat het goed, met het opstarten volgens mij nog altijd even slecht. Het duurt nog altijd ongeveer 10 minuten.
    Wel ben ik ergens anders achter gekomen (ik weet niet of dit van invloed is op het opstarten). Een van mijn harde schijven bevat een aantal fouten. Tijdens het optimaliseren van de schijven m.b.v. auslogic disk defrag heb ik alle schijven maar eens laten optimaliseren. Op het einde van de optimalisatie kreeg ik de melding dat er in de F: schijf een aantal fouten zaten. Ik heb deze meteen laten nakijken met chkdsk en ze ook voor zo goed als het gaat te repareren hiermee. Na het opnieuw opstarten nog eens gescand met chkdsk en weer zaten er fouten in F:
    Is er een ander programma waarmee ik fouten uit een harde schijf kan halen?

    Dan de antivirus software:

    Ik gebruik alleen webmail op deze computer.
    Ik heb een gehackte versie van Avast Internet Security en een van Norton Internet Security (beiden werken) Mogelijk kan ik deze dus gebruiken.
  • Ik raad het af om antivirusprodukten met fix te gebruiken.
    Dat geeft eerder schijnveiligheid dan wat anders.

    En je bent goed beveiligd indien jij Avira Free en de Emisoft Online Armor firewall gebruikt

    Maar laten we nu eerst de gezondheid van de HD inspecteren:

    [b:1aa364c1b6]Welk programma[/b:1aa364c1b6]: CrystalDiskInfo
    [b:1aa364c1b6]Waarvoor/waarom[/b:1aa364c1b6]: controle van van SMART-gegevens van de harddisk(s)
    [b:1aa364c1b6]Moeilijkheidsgraad[/b:1aa364c1b6]: geen.
    [b:1aa364c1b6]Download CrystalDiskInfo[/b:1aa364c1b6] [b:1aa364c1b6]hier[/b:1aa364c1b6]


    [img:1aa364c1b6]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:1aa364c1b6]


    Installeer het tool en start vervolgens CrystalDiskInfo
    [b:1aa364c1b6]N.B. vink wel de meeliftende software uit, indien je niet wenst dat dit ook wordt geïnstalleerd.[/b:1aa364c1b6][/color:1aa364c1b6]

    Het tool leest daarop de SMART-gegevens van de aangesloten harddisks.
    Is de kleur Blauw - dan volledig gezond.
    Is de kleur Geel - dan zijn er problemen.
    Is de kleur Rood - dan de HD z.s.m. vervangen.

    Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
  • Ok dan zal ik geen gekraakte software installeren maar degene die jij voorstelt. Beide installeren? En van tevoren Microsoft SE + firewall verwijderen+stopzetten?

    Bij CrystalDiskInfo krijg ik alleen maar blauwe kleuren.
    Alle 3 de schijven zijn dus goed.
  • De Windows Firewall deaktiveer je pas wanneer Online Armor aktief is.

    Hoe je dat doet?
    Daarvoor ga je naar Start\Uitvoeren en de opdracht luidt: [b:cb32aedd45]services.msc[/b:cb32aedd45].
    Klik op de knop OK.
    N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.

    In het venster Services scroll je naar [b:cb32aedd45]Windows Firewall[/color:cb32aedd45][/b:cb32aedd45].
    Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd".

    Klik nu eerst op de knop [b:cb32aedd45]Toepassen[/b:cb32aedd45]; vervolgens klik je op de knop [b:cb32aedd45]Stoppen[/b:cb32aedd45], wacht even en klik uiteindelijk op [b:cb32aedd45]OK[/b:cb32aedd45].

    [b:cb32aedd45]Avira Antivir2012[/b:cb32aedd45][/color:cb32aedd45] - downloadlink

    Ga ook WOT - WebOfTrust gebruiken: http://www.mywot.com/

    [b:cb32aedd45]Online Armor Free Firewall[/b:cb32aedd45][/color:cb32aedd45] - mijn persoonlijke voorkeur.
    Geweldige software: deze zeer goede Firewall heeft als extra een actief onderdeel welk Windows op keyloggers onderzoekt.
    - Downloadlink
  • Okay ik heb alles geinstalleerd zoals je zei.
    Avira + Online armor en WOT ook.

    Ik snap alleen niet hoe het nu met de harde schijf zit. Raar dat het programma niks aangeeft.

    Is het een idee om een programma te laten draaien die bad sectors repareert (uitschakelt)?
    Ik heb het programma HDD regenerator.
  • Jij gaf aan dat CrystalDiskInfo alles oké aangaf.
    Dus hoe kom je er dan op dat er bad sectors zouden zijn?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.