Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PWS:Win32/Sinowal.gen!Y blijft maar terugkeren

Abraham54
27 antwoorden
  • Het probleem:

    Hoewel ik "zuinig" ben op onze PC (Gebruikers allen met "user" rechten (als beheerder alleen bij installatie van nieuwe software), Microsoft Firewall aan, Microsoft Essentials aktief, officiele Windows versie, updates van W7 altijd installeren) is IE sinds enkele weken zo traag als dikke stroop. Dit was de aanleiding om Chrome als browser te gaan gebruiken. Deze start ook traag op, maar daarna werkt het redelijk goed. Kort na het opstarten van Chrome (en alleen dan) geeft Microsoft de melding dat Sinowal.gen!Y is gedetecteerd en in quarantaine is geplaats. Na een herstart (door Essentials geadviseerd) volgt ook de aanbeveling om het hele systeem te scannen. Dit duurt ongeveer 2 uur, en daarbij worden geen nieuwe dreigingen gevonden. Hoe dan ook, zodra Chrome wordt opgestart begint het feest weer van voor af aan.

    Blijkbaar toch niet zuinig genoeg geweest :-( .

    Ik heb HijackThis gedraaid met het onderstaande resultaat. Vraag is nu: Hoe verder??


    [list:2f596f30e7]Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:40:49, on 17-7-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Users\Public\Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EPSON BX600FW Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_SCBD7.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON Stylus Office BX600FW(Netwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_S7E92.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: HyperWorkswin64Desktop Quick Launch.lnk = C:\Altairwin64\hw10.0\hw\bin\win64\hw.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Flexlm Service 1 - Flexera Software, Inc. - C:\Altairwin64\hw10.0\security\win64\lmgrd.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 11091 bytes
    [/list:u:2f596f30e7]
  • Hallo bushmaster, hen je ondanks de waarschuwingen van MSE ook geïnternetbankierd?

    [b:d84f20f35e]Welk programma[/b:d84f20f35e]: Kaspersky [b:d84f20f35e]TDSSKiller[/b:d84f20f35e]
    [b:d84f20f35e]Waarvoor/waarom[/b:d84f20f35e]: Rootkitscanner
    [b:d84f20f35e]Moeilijkheidsgraad[/b:d84f20f35e]: geen
    [b:d84f20f35e]Downloadlokatie[/b:d84f20f35e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:d84f20f35e]Download[/b:d84f20f35e] [b:d84f20f35e]TDSSKiller[/b:d84f20f35e] [b:d84f20f35e]hier[/b:d84f20f35e].

    [b:d84f20f35e]Installatie[/b:d84f20f35e]:
    [list:d84f20f35e][*:d84f20f35e] pak het bestand uit op je bureaublad.[/list:u:d84f20f35e]

    [b:d84f20f35e]TDSSKiller gebruiken[/b:d84f20f35e]:
    [list:d84f20f35e][*:d84f20f35e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:d84f20f35e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:d84f20f35e]Als Administrator uitvoeren[/b:d84f20f35e].[/list:u:d84f20f35e]
    [list:d84f20f35e][*:d84f20f35e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit,
    [*:d84f20f35e]klik daarvoor op de knop "Load update"[/list:u:d84f20f35e]
    [indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:d84f20f35e][/indent][/indent]

    [list:d84f20f35e][*:d84f20f35e]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
    [*:d84f20f35e]Start nu TDSSkiller opnieuw.
    [*:d84f20f35e] Klik op "[b:d84f20f35e]Change parameters[/b:d84f20f35e]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:d84f20f35e]

    [indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:d84f20f35e][/indent][/indent]

    [list:d84f20f35e][*:d84f20f35e]Klik vervolgens op de knop [b:d84f20f35e]"Start Scan"[/b:d84f20f35e] en volg de instructies.
    [*:d84f20f35e] Nadat de scan klaar is klik je op de knop [b:d84f20f35e]"Report"[/b:d84f20f35e].
    [*:d84f20f35e]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:d84f20f35e]
    [list:d84f20f35e][*:d84f20f35e][b:d84f20f35e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:d84f20f35e]
    [*:d84f20f35e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:d84f20f35e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:d84f20f35e][/list:u:d84f20f35e]

    , [b:d84f20f35e]ZeroAccess[/b:d84f20f35e] of
  • Hallo Abraham54,

    Bedankt voor de snelle reactie!

    Vanaf dat ik (!) de melding kreeg (vanaf gisteren, want toen ben IK pas voor het eerst Chrome gaan gebruiken), heb ik niet geïnternetbankierd. Maar bij navragen bij mijn kids (Chrome gebruikers) blijkt dat zij regelmatig een melding kregen. Op de vraag wat ze daarop deden kwam als antwoord "nou gewoon, de melding wegklikken" (zucht…). Dikke kans dus dat ik in die periode dit wel heb gedaan.

    Hoe serieus is het gevaar dat mijn rekening wordt "geplunderd"? Kan men iets zonder de Randomreader (Rabobank klant)? Ik zal in ieder geval snel (via een ander systeem) poolshoogte gaan nemen!

    Ik ga snel de TDSSkiller proberen.

    Bushmaster
  • Hierbij het resultaat van de scan. Behalve het laten genereren van dit rapport heb ik nog niets gedaan:

    15:33:02.0058 1472 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    15:33:02.0230 1472 ============================================================
    15:33:02.0230 1472 Current date / time: 2012/07/17 15:33:02.0230
    15:33:02.0230 1472 SystemInfo:
    15:33:02.0230 1472
    15:33:02.0230 1472 OS Version: 6.1.7601 ServicePack: 1.0
    15:33:02.0230 1472 Product type: Workstation
    15:33:02.0230 1472 ComputerName: CODYS-PC
    15:33:02.0230 1472 UserName: Beheerder
    15:33:02.0230 1472 Windows directory: C:\Windows
    15:33:02.0230 1472 System windows directory: C:\Windows
    15:33:02.0230 1472 Running under WOW64
    15:33:02.0230 1472 Processor architecture: Intel x64
    15:33:02.0230 1472 Number of processors: 4
    15:33:02.0230 1472 Page size: 0x1000
    15:33:02.0230 1472 Boot type: Normal boot
    15:33:02.0230 1472 ============================================================
    15:33:03.0525 1472 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:33:03.0540 1472 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:33:03.0571 1472 ============================================================
    15:33:03.0571 1472 \Device\Harddisk0\DR0:
    15:33:03.0571 1472 MBR partitions:
    15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37643000
    15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37675800, BlocksNum 0x3D090000
    15:33:03.0571 1472 \Device\Harddisk1\DR1:
    15:33:03.0571 1472 MBR partitions:
    15:33:03.0571 1472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
    15:33:03.0571 1472 ============================================================
    15:33:03.0587 1472 C: <-> \Device\Harddisk0\DR0\Partition1
    15:33:03.0618 1472 J: <-> \Device\Harddisk0\DR0\Partition0
    15:33:03.0727 1472 D: <-> \Device\Harddisk0\DR0\Partition2
    15:33:03.0727 1472 S: <-> \Device\Harddisk1\DR1\Partition0
    15:33:03.0727 1472 ============================================================
    15:33:03.0727 1472 Initialize success
    15:33:03.0727 1472 ============================================================
    15:34:44.0764 3672 ============================================================
    15:34:44.0764 3672 Scan started
    15:34:44.0764 3672 Mode: Manual; SigCheck; TDLFS;
    15:34:44.0764 3672 ============================================================
    15:34:45.0622 3672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:34:45.0684 3672 1394ohci - ok
    15:34:45.0746 3672 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
    15:34:45.0824 3672 61883 - ok
    15:34:45.0887 3672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:34:45.0918 3672 ACPI - ok
    15:34:45.0949 3672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:34:45.0996 3672 AcpiPmi - ok
    15:34:46.0121 3672 AcrSch2Svc (40864cd2f67e7b532d4e366ecb54e0cb) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    15:34:46.0152 3672 AcrSch2Svc - ok
    15:34:46.0277 3672 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:34:46.0292 3672 AdobeFlashPlayerUpdateSvc - ok
    15:34:46.0355 3672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:34:46.0386 3672 adp94xx - ok
    15:34:46.0417 3672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:34:46.0433 3672 adpahci - ok
    15:34:46.0464 3672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:34:46.0464 3672 adpu320 - ok
    15:34:46.0511 3672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:34:46.0636 3672 AeLookupSvc - ok
    15:34:46.0667 3672 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys
    15:34:46.0682 3672 afcdp - ok
    15:34:46.0823 3672 afcdpsrv (a530853e2b6d9061fa25fe8df308e08e) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    15:34:46.0854 3672 afcdpsrv - ok
    15:34:46.0948 3672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    15:34:47.0010 3672 AFD - ok
    15:34:47.0041 3672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:34:47.0072 3672 agp440 - ok
    15:34:47.0275 3672 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
    15:34:47.0275 3672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
    15:34:47.0275 3672 Akamai ( HiddenFile.Multi.Generic ) - warning
    15:34:47.0275 3672 Akamai - detected HiddenFile.Multi.Generic (1)
    15:34:47.0322 3672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:34:47.0369 3672 ALG - ok
    15:34:47.0384 3672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:34:47.0400 3672 aliide - ok
    15:34:47.0447 3672 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
    15:34:47.0478 3672 AMD External Events Utility - ok
    15:34:47.0556 3672 AMD FUEL Service - ok
    15:34:47.0618 3672 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    15:34:47.0634 3672 AMD Reservation Manager - ok
    15:34:47.0650 3672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:34:47.0665 3672 amdide - ok
    15:34:47.0681 3672 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    15:34:47.0681 3672 amdiox64 - ok
    15:34:47.0728 3672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:34:47.0774 3672 AmdK8 - ok
    15:34:48.0055 3672 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:34:48.0180 3672 amdkmdag - ok
    15:34:48.0320 3672 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
    15:34:48.0352 3672 amdkmdap - ok
    15:34:48.0367 3672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:34:48.0398 3672 AmdPPM - ok
    15:34:48.0430 3672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    15:34:48.0445 3672 amdsata - ok
    15:34:48.0461 3672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:34:48.0476 3672 amdsbs - ok
    15:34:48.0492 3672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    15:34:48.0492 3672 amdxata - ok
    15:34:48.0539 3672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:34:48.0664 3672 AppID - ok
    15:34:48.0695 3672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:34:48.0773 3672 AppIDSvc - ok
    15:34:48.0804 3672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    15:34:48.0851 3672 Appinfo - ok
    15:34:48.0944 3672 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:34:48.0976 3672 Apple Mobile Device - ok
    15:34:49.0022 3672 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    15:34:49.0069 3672 AppMgmt - ok
    15:34:49.0085 3672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:34:49.0116 3672 arc - ok
    15:34:49.0132 3672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:34:49.0132 3672 arcsas - ok
    15:34:49.0194 3672 ASKService (7b44f870fc2da172c5367d9e3f96f553) C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
    15:34:49.0225 3672 ASKService - ok
    15:34:49.0241 3672 ASKUpgrade (367621cb272a8d9e7d910388916d5737) C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
    15:34:49.0256 3672 ASKUpgrade - ok
    15:34:49.0272 3672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:34:49.0319 3672 AsyncMac - ok
    15:34:49.0334 3672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:34:49.0350 3672 atapi - ok
    15:34:49.0412 3672 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    15:34:49.0428 3672 AtiHDAudioService - ok
    15:34:49.0459 3672 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
    15:34:49.0490 3672 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
    15:34:49.0490 3672 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
    15:34:49.0740 3672 atikmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:34:49.0818 3672 atikmdag - ok
    15:34:50.0114 3672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:34:50.0146 3672 AudioEndpointBuilder - ok
    15:34:50.0161 3672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:34:50.0177 3672 AudioSrv - ok
    15:34:50.0270 3672 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
    15:34:50.0302 3672 Avc - ok
    15:34:50.0333 3672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    15:34:50.0411 3672 AxInstSV - ok
    15:34:50.0458 3672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:34:50.0520 3672 b06bdrv - ok
    15:34:50.0551 3672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:34:50.0598 3672 b57nd60a - ok
    15:34:50.0629 3672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:34:50.0676 3672 BDESVC - ok
    15:34:50.0692 3672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:34:50.0754 3672 Beep - ok
    15:34:50.0832 3672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    15:34:50.0894 3672 BFE - ok
    15:34:50.0957 3672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    15:34:51.0097 3672 BITS - ok
    15:34:51.0113 3672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:34:51.0144 3672 blbdrive - ok
    15:34:51.0238 3672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    15:34:51.0269 3672 Bonjour Service - ok
    15:34:51.0316 3672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:34:51.0362 3672 bowser - ok
    15:34:51.0378 3672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:34:51.0409 3672 BrFiltLo - ok
    15:34:51.0409 3672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:34:51.0425 3672 BrFiltUp - ok
    15:34:51.0456 3672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    15:34:51.0503 3672 Browser - ok
    15:34:51.0534 3672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:34:51.0581 3672 Brserid - ok
    15:34:51.0596 3672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:34:51.0612 3672 BrSerWdm - ok
    15:34:51.0628 3672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:34:51.0659 3672 BrUsbMdm - ok
    15:34:51.0674 3672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:34:51.0690 3672 BrUsbSer - ok
    15:34:51.0706 3672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:34:51.0737 3672 BTHMODEM - ok
    15:34:51.0768 3672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:34:51.0862 3672 bthserv - ok
    15:34:51.0877 3672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:34:51.0924 3672 cdfs - ok
    15:34:51.0955 3672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    15:34:51.0986 3672 cdrom - ok
    15:34:52.0018 3672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:34:52.0049 3672 CertPropSvc - ok
    15:34:52.0064 3672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:34:52.0080 3672 circlass - ok
    15:34:52.0111 3672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:34:52.0127 3672 CLFS - ok
    15:34:52.0205 3672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:34:52.0236 3672 clr_optimization_v2.0.50727_32 - ok
    15:34:52.0283 3672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:34:52.0314 3672 clr_optimization_v2.0.50727_64 - ok
    15:34:52.0392 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:34:52.0423 3672 clr_optimization_v4.0.30319_32 - ok
    15:34:52.0470 3672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:34:52.0501 3672 clr_optimization_v4.0.30319_64 - ok
    15:34:52.0501 3672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:34:52.0532 3672 CmBatt - ok
    15:34:52.0548 3672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:34:52.0564 3672 cmdide - ok
    15:34:52.0610 3672 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    15:34:52.0642 3672 CNG - ok
    15:34:52.0642 3672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:34:52.0657 3672 Compbatt - ok
    15:34:52.0673 3672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:34:52.0688 3672 CompositeBus - ok
    15:34:52.0688 3672 COMSysApp - ok
    15:34:52.0704 3672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:34:52.0704 3672 crcdisk - ok
    15:34:52.0766 3672 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    15:34:52.0813 3672 CryptSvc - ok
    15:34:52.0860 3672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    15:34:52.0891 3672 CSC - ok
    15:34:52.0938 3672 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    15:34:52.0954 3672 CscService - ok
    15:34:53.0000 3672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:34:53.0047 3672 DcomLaunch - ok
    15:34:53.0078 3672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:34:53.0141 3672 defragsvc - ok
    15:34:53.0219 3672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:34:53.0281 3672 DfsC - ok
    15:34:53.0328 3672 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
    15:34:53.0344 3672 dg_ssudbus - ok
    15:34:53.0375 3672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    15:34:53.0437 3672 Dhcp - ok
    15:34:53.0437 3672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:34:53.0484 3672 discache - ok
    15:34:53.0515 3672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:34:53.0546 3672 Disk - ok
    15:34:53.0578 3672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    15:34:53.0624 3672 Dnscache - ok
    15:34:53.0671 3672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    15:34:53.0702 3672 dot3svc - ok
    15:34:53.0734 3672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    15:34:53.0780 3672 DPS - ok
    15:34:53.0812 3672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:34:53.0827 3672 drmkaud - ok
    15:34:53.0890 3672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:34:53.0921 3672 DXGKrnl - ok
    15:34:53.0952 3672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:34:54.0030 3672 EapHost - ok
    15:34:54.0139 3672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:34:54.0202 3672 ebdrv - ok
    15:34:54.0295 3672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    15:34:54.0342 3672 EFS - ok
    15:34:54.0436 3672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    15:34:54.0498 3672 ehRecvr - ok
    15:34:54.0529 3672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:34:54.0576 3672 ehSched - ok
    15:34:54.0654 3672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:34:54.0685 3672 elxstor - ok
    15:34:54.0748 3672 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    15:34:54.0763 3672 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
    15:34:54.0763 3672 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
    15:34:54.0841 3672 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    15:34:54.0872 3672 EPSON_EB_RPCV4_01 - ok
    15:34:54.0904 3672 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    15:34:54.0919 3672 EPSON_PM_RPCV4_01 - ok
    15:34:54.0935 3672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:34:54.0966 3672 ErrDev - ok
    15:34:55.0013 3672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:34:55.0075 3672 EventSystem - ok
    15:34:55.0106 3672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:34:55.0122 3672 exfat - ok
    15:34:55.0138 3672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:34:55.0169 3672 fastfat - ok
    15:34:55.0247 3672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    15:34:55.0278 3672 Fax - ok
    15:34:55.0278 3672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:34:55.0309 3672 fdc - ok
    15:34:55.0325 3672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:34:55.0356 3672 fdPHost - ok
    15:34:55.0372 3672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:34:55.0403 3672 FDResPub - ok
    15:34:55.0403 3672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:34:55.0418 3672 FileInfo - ok
    15:34:55.0418 3672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:34:55.0450 3672 Filetrace - ok
    15:34:55.0637 3672 Flexlm Service 1 (982c5349cb2777e90a7b4df6f1afd0de) C:\Altairwin64\hw10.0\security\win64\lmgrd.exe
    15:34:55.0668 3672 Flexlm Service 1 - ok
    15:34:55.0808 3672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:34:55.0824 3672 flpydisk - ok
    15:34:55.0855 3672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:34:55.0871 3672 FltMgr - ok
    15:34:55.0933 3672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    15:34:55.0980 3672 FontCache - ok
    15:34:56.0089 3672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:34:56.0105 3672 FontCache3.0.0.0 - ok
    15:34:56.0120 3672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:34:56.0120 3672 FsDepends - ok
    15:34:56.0152 3672 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    15:34:56.0152 3672 Fs_Rec - ok
    15:34:56.0214 3672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:34:56.0230 3672 fvevol - ok
    15:34:56.0245 3672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:34:56.0261 3672 gagp30kx - ok
    15:34:56.0292 3672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:34:56.0292 3672 GEARAspiWDM - ok
    15:34:56.0339 3672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    15:34:56.0401 3672 gpsvc - ok
    15:34:56.0510 3672 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:34:56.0526 3672 gupdate - ok
    15:34:56.0557 3672 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:34:56.0588 3672 gupdatem - ok
    15:34:56.0620 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:34:56.0635 3672 gusvc - ok
    15:34:56.0635 3672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:34:56.0682 3672 hcw85cir - ok
    15:34:56.0744 3672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    15:34:56.0776 3672 HdAudAddService - ok
    15:34:56.0807 3672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:34:56.0838 3672 HDAudBus - ok
    15:34:56.0854 3672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:34:56.0869 3672 HidBatt - ok
    15:34:56.0885 3672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:34:56.0900 3672 HidBth - ok
    15:34:56.0900 3672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:34:56.0916 3672 HidIr - ok
    15:34:56.0947 3672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    15:34:57.0010 3672 hidserv - ok
    15:34:57.0025 3672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    15:34:57.0041 3672 HidUsb - ok
    15:34:57.0072 3672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    15:34:57.0103 3672 hkmsvc - ok
    15:34:57.0134 3672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    15:34:57.0197 3672 HomeGroupListener - ok
    15:34:57.0244 3672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    15:34:57.0275 3672 HomeGroupProvider - ok
    15:34:57.0290 3672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:34:57.0306 3672 HpSAMD - ok
    15:34:57.0384 3672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:34:57.0446 3672 HTTP - ok
    15:34:57.0446 3672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:34:57.0462 3672 hwpolicy - ok
    15:34:57.0493 3672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    15:34:57.0524 3672 i8042prt - ok
    15:34:57.0587 3672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    15:34:57.0602 3672 iaStorV - ok
    15:34:57.0743 3672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:34:57.0758 3672 idsvc - ok
    15:34:57.0790 3672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:34:57.0790 3672 iirsp - ok
    15:34:57.0821 3672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    15:34:57.0868 3672 IKEEXT - ok
    15:34:57.0883 3672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:34:57.0883 3672 intelide - ok
    15:34:57.0899 3672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:34:57.0914 3672 intelppm - ok
    15:34:57.0946 3672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:34:58.0008 3672 IPBusEnum - ok
    15:34:58.0039 3672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:34:58.0055 3672 IpFilterDriver - ok
    15:34:58.0102 3672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    15:34:58.0148 3672 iphlpsvc - ok
    15:34:58.0164 3672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:34:58.0180 3672 IPMIDRV - ok
    15:34:58.0211 3672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:34:58.0273 3672 IPNAT - ok
    15:34:58.0382 3672 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    15:34:58.0414 3672 iPod Service - ok
    15:34:58.0445 3672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:34:58.0492 3672 IRENUM - ok
    15:34:58.0523 3672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:34:58.0523 3672 isapnp - ok
    15:34:58.0538 3672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:34:58.0554 3672 iScsiPrt - ok
    15:34:58.0570 3672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    15:34:58.0585 3672 kbdclass - ok
    15:34:58.0616 3672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    15:34:58.0648 3672 kbdhid - ok
    15:34:58.0679 3672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:34:58.0694 3672 KeyIso - ok
    15:34:58.0726 3672 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    15:34:58.0757 3672 KSecDD - ok
    15:34:58.0804 3672 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    15:34:58.0804 3672 KSecPkg - ok
    15:34:58.0835 3672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:34:58.0882 3672 ksthunk - ok
    15:34:58.0928 3672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:34:58.0991 3672 KtmRm - ok
    15:34:59.0022 3672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    15:34:59.0053 3672 LanmanServer - ok
    15:34:59.0100 3672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    15:34:59.0162 3672 LanmanWorkstation - ok
    15:34:59.0287 3672 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    15:34:59.0303 3672 LBTServ - ok
    15:34:59.0334 3672 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    15:34:59.0350 3672 LHidFilt - ok
    15:34:59.0365 3672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:34:59.0412 3672 lltdio - ok
    15:34:59.0443 3672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:34:59.0521 3672 lltdsvc - ok
    15:34:59.0537 3672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:34:59.0568 3672 lmhosts - ok
    15:34:59.0584 3672 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    15:34:59.0584 3672 LMouFilt - ok
    15:34:59.0646 3672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:34:59.0677 3672 LSI_FC - ok
    15:34:59.0677 3672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:34:59.0693 3672 LSI_SAS - ok
    15:34:59.0708 3672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:34:59.0724 3672 LSI_SAS2 - ok
    15:34:59.0740 3672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:34:59.0740 3672 LSI_SCSI - ok
    15:34:59.0771 3672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:34:59.0802 3672 luafv - ok
    15:34:59.0849 3672 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
    15:34:59.0880 3672 MarvinBus - ok
    15:34:59.0911 3672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    15:34:59.0927 3672 Mcx2Svc - ok
    15:34:59.0942 3672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:34:59.0942 3672 megasas - ok
    15:34:59.0958 3672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:34:59.0974 3672 MegaSR - ok
    15:35:00.0005 3672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:35:00.0052 3672 MMCSS - ok
    15:35:00.0067 3672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:35:00.0130 3672 Modem - ok
    15:35:00.0145 3672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:35:00.0161 3672 monitor - ok
    15:35:00.0208 3672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    15:35:00.0223 3672 mouclass - ok
    15:35:00.0254 3672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:35:00.0270 3672 mouhid - ok
    15:35:00.0301 3672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:35:00.0317 3672 mountmgr - ok
    15:35:00.0379 3672 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    15:35:00.0410 3672 MpFilter - ok
    15:35:00.0457 3672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    15:35:00.0473 3672 mpio - ok
    15:35:00.0504 3672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:35:00.0535 3672 mpsdrv - ok
    15:35:00.0582 3672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    15:35:00.0691 3672 MpsSvc - ok
    15:35:00.0722 3672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    15:35:00.0754 3672 MRxDAV - ok
    15:35:00.0785 3672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:35:00.0816 3672 mrxsmb - ok
    15:35:00.0863 3672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:35:00.0894 3672 mrxsmb10 - ok
    15:35:00.0910 3672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:35:00.0925 3672 mrxsmb20 - ok
    15:35:00.0956 3672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    15:35:00.0972 3672 msahci - ok
    15:35:00.0988 3672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    15:35:01.0003 3672 msdsm - ok
    15:35:01.0034 3672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    15:35:01.0050 3672 MSDTC - ok
    15:35:01.0112 3672 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
    15:35:01.0159 3672 MSDV - ok
    15:35:01.0175 3672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:35:01.0206 3672 Msfs - ok
    15:35:01.0222 3672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:35:01.0253 3672 mshidkmdf - ok
    15:35:01.0284 3672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    15:35:01.0284 3672 msisadrv - ok
    15:35:01.0331 3672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    15:35:01.0362 3672 MSiSCSI - ok
    15:35:01.0362 3672 msiserver - ok
    15:35:01.0393 3672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:35:01.0409 3672 MSKSSRV - ok
    15:35:01.0502 3672 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    15:35:01.0534 3672 MsMpSvc - ok
    15:35:01.0534 3672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:35:01.0565 3672 MSPCLOCK - ok
    15:35:01.0580 3672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:35:01.0612 3672 MSPQM - ok
    15:35:01.0658 3672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    15:35:01.0674 3672 MsRPC - ok
    15:35:01.0690 3672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    15:35:01.0705 3672 mssmbios - ok
    15:35:01.0705 3672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:35:01.0752 3672 MSTEE - ok
    15:35:01.0783 3672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:35:01.0799 3672 MTConfig - ok
    15:35:01.0877 3672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    15:35:01.0908 3672 MTsensor - ok
    15:35:01.0924 3672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:35:01.0939 3672 Mup - ok
    15:35:01.0986 3672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    15:35:02.0033 3672 napagent - ok
    15:35:02.0080 3672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    15:35:02.0095 3672 NativeWifiP - ok
    15:35:02.0142 3672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    15:35:02.0158 3672 NDIS - ok
    15:35:02.0173 3672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    15:35:02.0204 3672 NdisCap - ok
    15:35:02.0220 3672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    15:35:02.0298 3672 NdisTapi - ok
    15:35:02.0329 3672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    15:35:02.0407 3672 Ndisuio - ok
    15:35:02.0454 3672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    15:35:02.0532 3672 NdisWan - ok
    15:35:02.0548 3672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    15:35:02.0579 3672 NDProxy - ok
    15:35:02.0704 3672 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    15:35:02.0719 3672 Nero BackItUp Scheduler 4.0 - ok
    15:35:02.0735 3672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    15:35:02.0766 3672 NetBIOS - ok
    15:35:02.0797 3672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    15:35:02.0828 3672 NetBT - ok
    15:35:02.0860 3672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:35:02.0875 3672 Netlogon - ok
    15:35:02.0922 3672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32
    etman.dll
    15:35:02.0969 3672 Netman - ok
    15:35:03.0000 3672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32
    etprofm.dll
    15:35:03.0031 3672 netprofm - ok
    15:35:03.0094 3672 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS
    etr28x.sys
    15:35:03.0140 3672 netr28x - ok
    15:35:03.0250 3672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:35:03.0265 3672 NetTcpPortSharing - ok
    15:35:03.0296 3672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    15:35:03.0312 3672 nfrd960 - ok
    15:35:03.0359 3672 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:35:03.0390 3672 NisDrv - ok
    15:35:03.0484 3672 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
    15:35:03.0530 3672 NisSrv - ok
    15:35:03.0577 3672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32
    lasvc.dll
    15:35:03.0624 3672 NlaSvc - ok
    15:35:03.0640 3672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:35:03.0671 3672 Npfs - ok
    15:35:03.0702 3672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32
    sisvc.dll
    15:35:03.0718 3672 nsi - ok
    15:35:03.0733 3672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    15:35:03.0764 3672 nsiproxy - ok
    15:35:03.0858 3672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    15:35:03.0920 3672 Ntfs - ok
    15:35:04.0030 3672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:35:04.0076 3672 Null - ok
    15:35:04.0123 3672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    15:35:04.0154 3672 nvraid - ok
    15:35:04.0186 3672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    15:35:04.0186 3672 nvstor - ok
    15:35:04.0232 3672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    15:35:04.0264 3672 nv_agp - ok
    15:35:04.0373 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:35:04.0420 3672 odserv - ok
    15:35:04.0451 3672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    15:35:04.0451 3672 ohci1394 - ok
    15:35:04.0482 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:35:04.0513 3672 ose - ok
    15:35:04.0560 3672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:35:04.0591 3672 p2pimsvc - ok
    15:35:04.0654 3672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    15:35:04.0685 3672 p2psvc - ok
    15:35:04.0732 3672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:35:04.0778 3672 Parport - ok
    15:35:04.0810 3672 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    15:35:04.0810 3672 partmgr - ok
    15:35:04.0825 3672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    15:35:04.0856 3672 PcaSvc - ok
    15:35:04.0872 3672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    15:35:04.0888 3672 pci - ok
    15:35:04.0888 3672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    15:35:04.0903 3672 pciide - ok
    15:35:04.0919 3672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:35:04.0919 3672 pcmcia - ok
    15:35:04.0950 3672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:35:04.0950 3672 pcw - ok
    15:35:04.0981 3672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:35:05.0012 3672 PEAUTH - ok
    15:35:05.0106 3672 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    15:35:05.0137 3672 PeerDistSvc - ok
    15:35:05.0231 3672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    15:35:05.0278 3672 PerfHost - ok
    15:35:05.0402 3672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    15:35:05.0449 3672 pla - ok
    15:35:05.0512 3672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    15:35:05.0543 3672 PlugPlay - ok
    15:35:05.0558 3672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    15:35:05.0590 3672 PNRPAutoReg - ok
    15:35:05.0621 3672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:35:05.0621 3672 PNRPsvc - ok
    15:35:05.0652 3672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    15:35:05.0683 3672 PolicyAgent - ok
    15:35:05.0730 3672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    15:35:05.0808 3672 Power - ok
    15:35:05.0870 3672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    15:35:05.0948 3672 PptpMiniport - ok
    15:35:05.0964 3672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:35:05.0995 3672 Processor - ok
    15:35:06.0058 3672 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    15:35:06.0089 3672 ProfSvc - ok
    15:35:06.0120 3672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:35:06.0136 3672 ProtectedStorage - ok
    15:35:06.0198 3672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    15:35:06.0245 3672 Psched - ok
    15:35:06.0292 3672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:35:06.0323 3672 ql2300 - ok
    15:35:06.0416 3672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:35:06.0448 3672 ql40xx - ok
    15:35:06.0494 3672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    15:35:06.0510 3672 QWAVE - ok
    15:35:06.0526 3672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:35:06.0541 3672 QWAVEdrv - ok
    15:35:06.0557 3672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:35:06.0588 3672 RasAcd - ok
    15:35:06.0635 3672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:35:06.0682 3672 RasAgileVpn - ok
    15:35:06.0697 3672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    15:35:06.0728 3672 RasAuto - ok
    15:35:06.0760 3672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:35:06.0806 3672 Rasl2tp - ok
    15:35:06.0853 3672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    15:35:06.0947 3672 RasMan - ok
    15:35:06.0962 3672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:35:06.0994 3672 RasPppoe - ok
    15:35:07.0009 3672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:35:07.0040 3672 RasSstp - ok
    15:35:07.0072 3672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    15:35:07.0118 3672 rdbss - ok
    15:35:07.0134 3672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:35:07.0150 3672 rdpbus - ok
    15:35:07.0165 3672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:35:07.0196 3672 RDPCDD - ok
    15:35:07.0228 3672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    15:35:07.0290 3672 RDPDR - ok
    15:35:07.0306 3672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:35:07.0337 3672 RDPENCDD - ok
    15:35:07.0352 3672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:35:07.0384 3672 RDPREFMP - ok
    15:35:07.0430 3672 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    15:35:07.0462 3672 RdpVideoMiniport - ok
    15:35:07.0508 3672 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    15:35:07.0540 3672 RDPWD - ok
    15:35:07.0586 3672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    15:35:07.0602 3672 rdyboost - ok
    15:35:07.0633 3672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    15:35:07.0696 3672 RemoteAccess - ok
    15:35:07.0727 3672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    15:35:07.0805 3672 RemoteRegistry - ok
    15:35:07.0836 3672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    15:35:07.0867 3672 RpcEptMapper - ok
    15:35:07.0898 3672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    15:35:07.0898 3672 RpcLocator - ok
    15:35:07.0945 3672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:35:07.0976 3672 RpcSs - ok
    15:35:07.0976 3672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:35:08.0008 3672 rspndr - ok
    15:35:08.0054 3672 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:35:08.0054 3672 RTL8167 - ok
    15:35:08.0086 3672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    15:35:08.0148 3672 s3cap - ok
    15:35:08.0179 3672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:35:08.0195 3672 SamSs - ok
    15:35:08.0210 3672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    15:35:08.0242 3672 sbp2port - ok
    15:35:08.0257 3672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    15:35:08.0304 3672 SCardSvr - ok
    15:35:08.0320 3672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    15:35:08.0366 3672 scfilter - ok
    15:35:08.0444 3672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    15:35:08.0538 3672 Schedule - ok
    15:35:08.0569 3672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:35:08.0585 3672 SCPolicySvc - ok
    15:35:08.0632 3672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    15:35:08.0678 3672 SDRSVC - ok
    15:35:08.0725 3672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:35:08.0772 3672 secdrv - ok
    15:35:08.0803 3672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    15:35:08.0866 3672 seclogon - ok
    15:35:08.0881 3672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    15:35:08.0912 3672 SENS - ok
    15:35:08.0928 3672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    15:35:08.0959 3672 SensrSvc - ok
    15:35:08.0975 3672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:35:08.0975 3672 Serenum - ok
    15:35:09.0006 3672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:35:09.0022 3672 Serial - ok
    15:35:09.0053 3672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:35:09.0068 3672 sermouse - ok
    15:35:09.0100 3672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    15:35:09.0131 3672 SessionEnv - ok
    15:35:09.0146 3672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    15:35:09.0193 3672 sffdisk - ok
    15:35:09.0209 3672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    15:35:09.0224 3672 sffp_mmc - ok
    15:35:09.0240 3672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    15:35:09.0256 3672 sffp_sd - ok
    15:35:09.0271 3672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:35:09.0271 3672 sfloppy - ok
    15:35:09.0318 3672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    15:35:09.0365 3672 SharedAccess - ok
    15:35:09.0412 3672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    15:35:09.0443 3672 ShellHWDetection - ok
    15:35:09.0458 3672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:35:09.0474 3672 SiSRaid2 - ok
    15:35:09.0490 3672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:35:09.0490 3672 SiSRaid4 - ok
    15:35:09.0521 3672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:35:09.0552 3672 Smb - ok
    15:35:09.0614 3672 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
    15:35:09.0646 3672 snapman - ok
    15:35:09.0677 3672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    15:35:09.0708 3672 SNMPTRAP - ok
    15:35:09.0708 3672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:35:09.0724 3672 spldr - ok
    15:35:09.0755 3672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    15:35:09.0786 3672 Spooler - ok
    15:35:09.0989 3672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    15:35:10.0067 3672 sppsvc - ok
    15:35:10.0145 3672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    15:35:10.0192 3672 sppuinotify - ok
    15:35:10.0270 3672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    15:35:10.0316 3672 srv - ok
    15:35:10.0363 3672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    15:35:10.0394 3672 srv2 - ok
    15:35:10.0410 3672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    15:35:10.0426 3672 srvnet - ok
    15:35:10.0441 3672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    15:35:10.0472 3672 SSDPSRV - ok
    15:35:10.0504 3672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    15:35:10.0519 3672 SstpSvc - ok
    15:35:10.0566 3672 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
    15:35:10.0582 3672 ssudmdm - ok
    15:35:10.0613 3672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:35:10.0628 3672 stexstor - ok
    15:35:10.0691 3672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    15:35:10.0722 3672 stisvc - ok
    15:35:10.0753 3672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    15:35:10.0769 3672 storflt - ok
    15:35:10.0800 3672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    15:35:10.0800 3672 storvsc - ok
    15:35:10.0831 3672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    15:35:10.0847 3672 swenum - ok
    15:35:10.0862 3672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    15:35:10.0909 3672 swprv - ok
    15:35:10.0925 3672 Synth3dVsc - ok
    15:35:11.0018 3672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    15:35:11.0065 3672 SysMain - ok
    15:35:11.0159 3672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    15:35:11.0190 3672 TabletInputService - ok
    15:35:11.0206 3672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    15:35:11.0252 3672 TapiSrv - ok
    15:35:11.0284 3672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    15:35:11.0315 3672 TBS - ok
    15:35:11.0424 3672 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    15:35:11.0471 3672 Tcpip - ok
    15:35:11.0549 3672 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    15:35:11.0564 3672 TCPIP6 - ok
    15:35:11.0627 3672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    15:35:11.0674 3672 tcpipreg - ok
    15:35:11.0689 3672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:35:11.0736 3672 TDPIPE - ok
    15:35:11.0845 3672 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys
    15:35:11.0892 3672 tdrpman255 - ok
    15:35:11.0939 3672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    15:35:11.0970 3672 TDTCP - ok
    15:35:12.0001 3672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    15:35:12.0048 3672 tdx - ok
    15:35:12.0079 3672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    15:35:12.0095 3672 TermDD - ok
    15:35:12.0142 3672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    15:35:12.0188 3672 TermService - ok
    15:35:12.0204 3672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    15:35:12.0204 3672 Themes - ok
    15:35:12.0235 3672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:35:12.0266 3672 THREADORDER - ok
    15:35:12.0298 3672 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
    15:35:12.0313 3672 timounter - ok
    15:35:12.0344 3672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    15:35:12.0376 3672 TrkWks - ok
    15:35:12.0407 3672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    15:35:12.0485 3672 TrustedInstaller - ok
    15:35:12.0532 3672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:35:12.0563 3672 tssecsrv - ok
    15:35:12.0578 3672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    15:35:12.0610 3672 TsUsbFlt - ok
    15:35:12.0625 3672 tsusbhub - ok
    15:35:12.0672 3672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    15:35:12.0734 3672 tunnel - ok
    15:35:12.0766 3672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:35:12.0766 3672 uagp35 - ok
    15:35:12.0797 3672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    15:35:12.0844 3672 udfs - ok
    15:35:12.0859 3672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    15:35:12.0859 3672 UI0Detect - ok
    15:35:12.0875 3672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    15:35:12.0890 3672 uliagpkx - ok
    15:35:12.0922 3672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    15:35:12.0953 3672 umbus - ok
    15:35:12.0968 3672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:35:12.0984 3672 UmPass - ok
    15:35:13.0031 3672 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    15:35:13.0062 3672 UmRdpService - ok
    15:35:13.0093 3672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    15:35:13.0124 3672 upnphost - ok
    15:35:13.0187 3672 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    15:35:13.0187 3672 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
    15:35:13.0187 3672 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
    15:35:13.0234 3672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:35:13.0265 3672 usbccgp - ok
    15:35:13.0296 3672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    15:35:13.0312 3672 usbcir - ok
    15:35:13.0343 3672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    15:35:13.0374 3672 usbehci - ok
    15:35:13.0405 3672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    15:35:13.0436 3672 usbhub - ok
    15:35:13.0452 3672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    15:35:13.0468 3672 usbohci - ok
    15:35:13.0514 3672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:35:13.0530 3672 usbprint - ok
    15:35:13.0546 3672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    15:35:13.0577 3672 usbscan - ok
    15:35:13.0592 3672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:35:13.0608 3672 USBSTOR - ok
    15:35:13.0608 3672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    15:35:13.0639 3672 usbuhci - ok
    15:35:13.0670 3672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    15:35:13.0733 3672 UxSms - ok
    15:35:13.0764 3672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:35:13.0780 3672 VaultSvc - ok
    15:35:13.0826 3672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    15:35:13.0826 3672 vdrvroot - ok
    15:35:13.0873 3672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    15:35:13.0904 3672 vds - ok
    15:35:13.0951 3672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:35:13.0951 3672 vga - ok
    15:35:13.0982 3672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:35:14.0029 3672 VgaSave - ok
    15:35:14.0045 3672 VGPU - ok
    15:35:14.0060 3672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    15:35:14.0076 3672 vhdmp - ok
    15:35:14.0092 3672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    15:35:14.0092 3672 viaide - ok
    15:35:14.0138 3672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    15:35:14.0138 3672 vmbus - ok
    15:35:14.0154 3672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    15:35:14.0170 3672 VMBusHID - ok
    15:35:14.0185 3672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    15:35:14.0201 3672 volmgr - ok
    15:35:14.0232 3672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    15:35:14.0279 3672 volmgrx - ok
    15:35:14.0310 3672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    15:35:14.0341 3672 volsnap - ok
    15:35:14.0388 3672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:35:14.0419 3672 vsmraid - ok
    15:35:14.0497 3672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    15:35:14.0544 3672 VSS - ok
    15:35:14.0653 3672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:35:14.0700 3672 vwifibus - ok
    15:35:14.0716 3672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:35:14.0731 3672 vwififlt - ok
    15:35:14.0762 3672 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    15:35:14.0762 3672 vwifimp - ok
    15:35:14.0825 3672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    15:35:14.0872 3672 W32Time - ok
    15:35:14.0887 3672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:35:14.0887 3672 WacomPen - ok
    15:35:14.0934 3672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:35:15.0012 3672 WANARP - ok
    15:35:15.0012 3672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:35:15.0028 3672 Wanarpv6 - ok
    15:35:15.0090 3672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    15:35:15.0121 3672 WatAdminSvc - ok
    15:35:15.0215 3672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    15:35:15.0262 3672 wbengine - ok
    15:35:15.0308 3672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    15:35:15.0324 3672 WbioSrvc - ok
    15:35:15.0371 3672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    15:35:15.0386 3672 wcncsvc - ok
    15:35:15.0402 3672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    15:35:15.0433 3672 WcsPlugInService - ok
    15:35:15.0464 3672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:35:15.0480 3672 Wd - ok
    15:35:15.0511 3672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:35:15.0542 3672 Wdf01000 - ok
    15:35:15.0542 3672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:35:15.0605 3672 WdiServiceHost - ok
    15:35:15.0605 3672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:35:15.0620 3672 WdiSystemHost - ok
    15:35:15.0667 3672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    15:35:15.0698 3672 WebClient - ok
    15:35:15.0714 3672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    15:35:15.0761 3672 Wecsvc - ok
    15:35:15.0776 3672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    15:35:15.0823 3672 wercplsupport - ok
    15:35:15.0839 3672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    15:35:15.0870 3672 WerSvc - ok
    15:35:15.0886 3672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:35:15.0901 3672 WfpLwf - ok
    15:35:15.0901 3672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:35:15.0917 3672 WIMMount - ok
    15:35:15.0948 3672 WinDefend - ok
    15:35:15.0964 3672 WinHttpAutoProxySvc - ok
    15:35:16.0042 3672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    15:35:16.0073 3672 Winmgmt - ok
    15:35:16.0182 3672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    15:35:16.0244 3672 WinRM - ok
    15:35:16.0369 3672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    15:35:16.0400 3672 WinUsb - ok
    15:35:16.0478 3672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    15:35:16.0510 3672 Wlansvc - ok
    15:35:16.0525 3672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    15:35:16.0541 3672 WmiAcpi - ok
    15:35:16.0556 3672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    15:35:16.0572 3672 wmiApSrv - ok
    15:35:16.0588 3672 WMPNetworkSvc - ok
    15:35:16.0603 3672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    15:35:16.0619 3672 WPCSvc - ok
    15:35:16.0650 3672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    15:35:16.0681 3672 WPDBusEnum - ok
    15:35:16.0697 3672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:35:16.0728 3672 ws2ifsl - ok
    15:35:16.0744 3672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    15:35:16.0759 3672 wscsvc - ok
    15:35:16.0759 3672 WSearch - ok
    15:35:16.0868 3672 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    15:35:16.0915 3672 wuauserv - ok
    15:35:16.0962 3672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    15:35:16.0993 3672 WudfPf - ok
    15:35:17.0009 3672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:35:17.0040 3672 WUDFRd - ok
    15:35:17.0071 3672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    15:35:17.0102 3672 wudfsvc - ok
    15:35:17.0149 3672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    15:35:17.0196 3672 WwanSvc - ok
    15:35:17.0227 3672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    15:35:17.0430 3672 \Device\Harddisk0\DR0 - ok
    15:35:17.0430

















  • Het laatste deel van het rapport. Van een 2e scan, het rapport van de eerste scan had ik niet meer:

    16:07:25.0593 5992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    16:07:25.0624 5992 \Device\Harddisk1\DR1 - ok
    16:07:25.0624 5992 Boot (0x1200) (d659879f8c2f4bb63d25d9ddf9689af9) \Device\Harddisk0\DR0\Partition0
    16:07:25.0624 5992 \Device\Harddisk0\DR0\Partition0 - ok
    16:07:25.0656 5992 Boot (0x1200) (388ae9931ff1f69451597e3ed61dc608) \Device\Harddisk0\DR0\Partition1
    16:07:25.0656 5992 \Device\Harddisk0\DR0\Partition1 - ok
    16:07:25.0671 5992 Boot (0x1200) (957304436e2b890045b9ee8f91c86671) \Device\Harddisk0\DR0\Partition2
    16:07:25.0671 5992 \Device\Harddisk0\DR0\Partition2 - ok
    16:07:25.0687 5992 Boot (0x1200) (aff8c5db3d4afa454de834e72946c698) \Device\Harddisk1\DR1\Partition0
    16:07:25.0687 5992 \Device\Harddisk1\DR1\Partition0 - ok
    16:07:25.0687 5992 ============================================================
    16:07:25.0687 5992 Scan finished
    16:07:25.0687 5992 ============================================================
    16:07:25.0687 5856 Detected object count: 4
    16:07:25.0687 5856 Actual detected object count: 4
    16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
    16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
    16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
    16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • Hoi, tenzij de webbeelden gefotografeerd zijn hoef jij je verder geen zorgen te maken.

    Vreemd dat Sinowal niet door TDSSkiller is gevonden.
    We zoeken verder:

    [b:c706286dd7]Welk programma[/b:c706286dd7]:
  • Hallo,

    Ik heb ComboFix op mijn bureaublad gezet en vlg. instructies laten lopen. Het leek goed te gaan tot dat het systeem (door het programma) opnieuw werd opgestart. Na opnieuw in te hebben gelogd "vliegt" het blauwe window over mijn scherm. Het systeem lijkt ook nergens meer op te reageren. Is dit normaal? Zo nee, hoe kan ik dit stoppen???
  • PC opnieuw opstarten.
  • Afsluiten en weer opstarten help niet. Het "vliegende" blauwe window komt gewoon weer terug :-( :( :(
  • Kan je daar een screenprint van posten?
  • Helaas, de PC reageert bijna nergens meer op. Laatste backup terugzetten (als het lukt)?
  • Update:

    Ik heb de PC opnieuw opgestart, maar nu als Beheerder. Het blauwe window staat nu gelukig stil en laat de volgende tekst zien:

    [b:a4e5a6dd02]log rapport wordt voorbereid.

    Start geen andere programma's tot ComboFix klaar is.[/b:a4e5a6dd02]

    Staat al enkele minuten in deze vorm. Er is constant activiteit van de HDD.
  • Oef….

    Het systeem reageert weer, en ik heb een logfile. En nu?:

    [code:1:9626c2c389]ComboFix 12-07-16.01 - Beheerder 17-07-2012 17:16:54.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.16383.13108 [GMT 2:00]
    Gestart vanuit: c:\users\Freddy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Windows
    c:\programdata\windows\ccdxmmde.dat
    c:\programdata\windows\drss.dat
    c:\programdata\Windows\msseedir.dll
    c:\programdata\Windows\xessmsxe.dat
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))
    .
    .
    2012-07-17 15:22 . 2012-07-17 16:43 ——– d—–w- c:\users\Beheerder\AppData\Local\temp
    2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Siri\AppData\Local\temp
    2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Patrick\AppData\Local\temp
    2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Marjolein\AppData\Local\temp
    2012-07-17 07:42 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EF2E5CD-0814-4501-97CD-7E4FED57E6A5}\mpengine.dll
    2012-07-17 07:40 . 2012-07-17 07:40 839152 —-a-w- c:\windows\system32\deployJava1.dll
    2012-07-17 07:40 . 2012-07-17 07:40 955888 —-a-w- c:\windows\system32
    pDeployJava1.dll
    2012-07-17 07:40 . 2012-07-17 07:40 ——– d—–w- c:\program files\Java
    2012-07-17 07:33 . 2012-07-17 07:33 ——– d—–w- c:\program files (x86)\Common Files\Java
    2012-07-17 07:32 . 2012-07-17 07:32 ——– d—–w- c:\program files (x86)\Oracle
    2012-07-17 07:32 . 2012-07-05 20:06 772544 —-a-w- c:\windows\SysWow64
    pDeployJava1.dll
    2012-07-17 07:24 . 2012-07-17 07:25 ——– d—–w- c:\program files\iTunes
    2012-07-17 07:24 . 2012-07-17 07:25 ——– d—–w- c:\program files (x86)\iTunes
    2012-07-17 07:24 . 2012-07-17 07:24 ——– d—–w- c:\program files\iPod
    2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files\Bonjour
    2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files (x86)\Bonjour
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin7.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin6.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin5.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin4.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin3.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin2.dll
    2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    pqtplugin.dll
    2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files (x86)\QuickTime
    2012-07-17 07:19 . 2012-07-17 07:19 ——– d—–w- c:\program files (x86)\Apple Software Update
    2012-07-17 00:01 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-16 19:12 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
    2012-07-16 18:03 . 2012-07-16 18:03 ——– d—–w- c:\windows\SysWow64\wbem\en-US
    2012-07-16 18:03 . 2012-07-16 18:03 ——– d—–w- c:\windows\system32\wbem\en-US
    2012-07-16 17:55 . 2012-07-16 17:59 ——– d–h–w- c:\windows\msdownld.tmp
    2012-07-16 15:27 . 2012-02-10 16:04 927800 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D792564E-1141-46C5-A7D5-53ED53683D52}\gapaengine.dll
    2012-06-21 06:41 . 2012-06-02 22:19 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 06:41 . 2012-06-02 22:19 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 06:41 . 2012-06-02 22:19 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-21 06:41 . 2012-06-02 22:15 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-21 06:41 . 2012-06-02 22:19 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-21 06:41 . 2012-06-02 22:19 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-21 06:41 . 2012-06-02 22:15 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-21 06:40 . 2012-06-02 13:19 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 06:40 . 2012-06-02 13:15 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-06-19 17:43 . 2012-06-19 17:43 ——– d—–w- c:\program files (x86)\IDM Computer Solutions
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-16 15:50 . 2012-04-14 16:33 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-16 15:50 . 2011-05-15 04:36 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 14:15 . 2012-05-06 14:15 8769696 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06 . 2012-06-14 05:26 5559664 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-05-04 10:03 . 2012-06-14 05:26 3968368 —-a-w- c:\windows\SysWow64
    tkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 05:26 3913072 —-a-w- c:\windows\SysWow64
    toskrnl.exe
    2012-05-01 05:40 . 2012-06-14 05:26 209920 —-a-w- c:\windows\system32\profsvc.dll
    2012-04-28 05:32 . 2012-06-14 05:26 1112064 —-a-w- c:\windows\system32\rdpcorets.dll
    2012-04-28 03:55 . 2012-06-14 05:26 210944 —-a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-14 05:26 77312 —-a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-14 05:26 149504 —-a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-14 05:26 9216 —-a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-14 05:26 184320 —-a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-14 05:26 140288 —-a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-14 05:26 1462272 —-a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 05:26 140288 —-a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-14 05:26 1158656 —-a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 05:26 103936 —-a-w- c:\windows\SysWow64\cryptnet.dll
    2012-04-18 18:56 . 2012-04-18 18:56 94208 —-a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 18:56 . 2012-04-18 18:56 69632 —-a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2009-04-02 11:47 333192 —-a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 14:26 3908192 —-a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-11-29 14:26 3908192 —-a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HyperWorkswin64Desktop Quick Launch.lnk - c:\altairwin64\hw10.0\hw\bin\win64\hw.exe [2011-6-27 1132544]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-30 1207312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
    S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-01-02 1477152]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-02 2475952]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
    S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
    S2 Flexlm Service 1;Flexlm Service 1;c:\altairwin64\hw10.0\security\win64\lmgrd.exe [2011-06-24 1778512]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-02 250464]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 netr28x;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS
    etr28x.sys [2009-06-10 620544]
    S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:50]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009Core.job
    - c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009UA.job
    - c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011Core.job
    - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011UA.job
    - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012Core.job
    - c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012UA.job
    - c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: Interfaces\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1
    DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\altairwin64\hw10.0\security\win64\altair_lm.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-07-17 18:48:43 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-07-17 16:48
    .
    Pre-Run: 154.347.192.320 bytes beschikbaar
    Post-Run: 160.613.642.240 bytes beschikbaar
    .
    - - End Of File - - 3E9ACDAF2594B2C5D730C0CFC6BD7248
    [/code:1:9626c2c389]












  • Logs svp gewoon posten, niet via "Code".

    [b:046f3bfbfb]Doe de ESET online scan (Klik).[/b:046f3bfbfb]
    [list:046f3bfbfb]
    [*:046f3bfbfb]Klik op de knop [b:046f3bfbfb]ESET Online Scanner[/b:046f3bfbfb]
    [*:046f3bfbfb]Zet een vinkje bij [b:046f3bfbfb]YES, I accept the Terms of Use[/b:046f3bfbfb]
    [*:046f3bfbfb]Klik op [b:046f3bfbfb]Start[/b:046f3bfbfb]
    [*:046f3bfbfb]Sta het ActiveX control toe om te installeren.
    [*:046f3bfbfb]Zet een vinkje bij de volgende opties:
    [list:046f3bfbfb][*:046f3bfbfb][b:046f3bfbfb]Remove found threats[/b:046f3bfbfb]
    [*:046f3bfbfb][b:046f3bfbfb]Scan archives[/b:046f3bfbfb][/list:u:046f3bfbfb]
    [*:046f3bfbfb]Klik vervolgens op [b:046f3bfbfb]
  • ESET online scan gedraaid volgens instructies. Ik kon geen log.txt file vinden op de aangegeven plaats, maar heb de meldingen van ESET hieronder weergegeven:

    C:\Users\Corwin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\79a45a3b-20f4a4c3 Java/TrojanDownloader.OpenStream.NBW trojan deleted - quarantined
    C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3caf1d90-254535f1 a variant of Java/Exploit.Blacole.AN trojan deleted - quarantined
    C:\Users\Freddy\Documents\saved_siri_pc\myWebFace.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
    C:\Users\Freddy\Downloads\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined
    C:\Users\Marjolein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\4621f903-13f68523 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
    C:\Users\Patrick\Downloads\BlackFloor_downloader_by_Wallpaperstocknet.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
    C:\Users\Patrick\Downloads\DownloadSetup (1).exe Win32/InstallMate application cleaned by deleting - quarantined
    C:\Users\Patrick\Downloads\DownloadSetup (2).exe Win32/InstallMate application cleaned by deleting - quarantined
    C:\Users\Patrick\Downloads\DownloadSetup.exe Win32/InstallMate application cleaned by deleting - quarantined
    C:\Users\Public\Documents\CrystalDiskMark3_0_1b-en.exe Win32/OpenCandy application cleaned by deleting - quarantined
    C:\Users\Public\Documents\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined

    Wat is nu de volgende stap?
  • We doen nog een scan:

    [b:f8533c30d3]Welk programma[/b:f8533c30d3]:
  • Bij deze het rapport van Emsisoft. 1 object herken ik, het is afkomstig van de geredde inhoud van onze oude PC. In die tijd was ik nog niet zo voorzichtig met als gevolg dat deze uiteindelijk is bezweken aan alle "ellende" die aanwezig was. Hier heb ik wel van geleerd!

    Bij deze het scanrapport:

    Emsisoft Emergency Kit - Versie 2.0
    Laatste Update: 18-7-2012 7:42:36

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, J:\, S:\
    Scan archieven: Aan
    ADS Scan: Aan

    Scan gestart: 18-7-2012 7:43:26

    Key: hkey_current_user\software\whitesmoke Ontdekt: Trace.Registry.whitesmoke!E1
    C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Ester.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
    C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Glocker.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
    C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\huiak$1.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
    C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Stremer.class Ontdekt: Trojan-Downloader.Java.OpenConnection!E2
    C:\Users\Freddy\Documents\save_toshiba\Freddy\Diverse Software\Tmpgenc v2.524.63.181 Plus Keygen.rar -> Keygen.exe Ontdekt: not-a-virus.Hacktool.Keygen.TMPGEnc!E2
    C:\Qoobox\Quarantine\C\ProgramData\Windows\msseedir.dll.vir Ontdekt: Trojan.Win32.Agent!E2


    Gescand 881207
    Gevonden 7

    Scan geëindigd: 18-7-2012 9:10:43
    Scantijd: 1:27:17
  • Wat ik nu mis: heb je ook alles laten verwijderen - want dat staat niet in het log.
  • Jawel, alles laten verwijderen en opnieuw opgestart. Als dit de laatste actie zou zijn geweest: Ik houd ervan mijn systeem "schoon" te houden. Ik neem aan dat ik de gebruikte programma's zonder meer kan verwijderen? Ik zie verder dat ik op C: een map Qoobox heb met daarin wat data die door ComboFix is aangemaakt. O.a. staat daar een map Quarantine. Wat met deze map te doen?

    Nog enige tips/adviezen?
  • Nu eerst het volgende: een test, om te kijken hoe goed de veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:e7cb9730ec].
    [list:e7cb9730ec][*:e7cb9730ec] Klik/dubbelklik op [b:e7cb9730ec]SecurityCheck.exe[/b:e7cb9730ec] en let op de instrukties in het zwarte venster.
    [*:e7cb9730ec] Een Kladblok document genaamd [b:e7cb9730ec]checkup.txt[/b:e7cb9730ec] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:e7cb9730ec] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:e7cb9730ec]
    Post de inhoud van [b:e7cb9730ec]checkup.txt [/b:e7cb9730ec]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.