Vraag & Antwoord

Beveiliging & privacy

PWS:Win32/Sinowal.gen!Y blijft maar terugkeren

27 antwoorden
  • Het probleem: Hoewel ik "zuinig" ben op onze PC (Gebruikers allen met "user" rechten (als beheerder alleen bij installatie van nieuwe software), Microsoft Firewall aan, Microsoft Essentials aktief, officiele Windows versie, updates van W7 altijd installeren) is IE sinds enkele weken zo traag als dikke stroop. Dit was de aanleiding om Chrome als browser te gaan gebruiken. Deze start ook traag op, maar daarna werkt het redelijk goed. Kort na het opstarten van Chrome (en alleen dan) geeft Microsoft de melding dat Sinowal.gen!Y is gedetecteerd en in quarantaine is geplaats. Na een herstart (door Essentials geadviseerd) volgt ook de aanbeveling om het hele systeem te scannen. Dit duurt ongeveer 2 uur, en daarbij worden geen nieuwe dreigingen gevonden. Hoe dan ook, zodra Chrome wordt opgestart begint het feest weer van voor af aan. Blijkbaar toch niet zuinig genoeg geweest :-( . Ik heb HijackThis gedraaid met het onderstaande resultaat. Vraag is nu: Hoe verder?? [list:2f596f30e7]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:40:49, on 17-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Users\Public\Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON BX600FW Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_SCBD7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus Office BX600FW(Netwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_S7E92.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: HyperWorkswin64Desktop Quick Launch.lnk = C:\Altairwin64\hw10.0\hw\bin\win64\hw.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1 O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Flexlm Service 1 - Flexera Software, Inc. - C:\Altairwin64\hw10.0\security\win64\lmgrd.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11091 bytes [/list:u:2f596f30e7]
  • Hallo bushmaster, hen je ondanks de waarschuwingen van MSE ook geïnternetbankierd? [b:d84f20f35e]Welk programma[/b:d84f20f35e]: Kaspersky [b:d84f20f35e]TDSSKiller[/b:d84f20f35e] [b:d84f20f35e]Waarvoor/waarom[/b:d84f20f35e]: Rootkitscanner [b:d84f20f35e]Moeilijkheidsgraad[/b:d84f20f35e]: geen [b:d84f20f35e]Downloadlokatie[/b:d84f20f35e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:d84f20f35e]Download[/b:d84f20f35e] [b:d84f20f35e]TDSSKiller[/b:d84f20f35e] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:d84f20f35e]hier[/b:d84f20f35e][/url]. [b:d84f20f35e]Installatie[/b:d84f20f35e]: [list:d84f20f35e][*:d84f20f35e] pak het bestand uit op je bureaublad.[/list:u:d84f20f35e] [b:d84f20f35e]TDSSKiller gebruiken[/b:d84f20f35e]: [list:d84f20f35e][*:d84f20f35e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:d84f20f35e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:d84f20f35e]Als Administrator uitvoeren[/b:d84f20f35e].[/list:u:d84f20f35e] [list:d84f20f35e][*:d84f20f35e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit, [*:d84f20f35e]klik daarvoor op de knop "Load update"[/list:u:d84f20f35e] [indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:d84f20f35e][/indent][/indent] [list:d84f20f35e][*:d84f20f35e]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op. [*:d84f20f35e]Start nu TDSSkiller opnieuw. [*:d84f20f35e] Klik op "[b:d84f20f35e]Change parameters[/b:d84f20f35e]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:d84f20f35e] [indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:d84f20f35e][/indent][/indent] [list:d84f20f35e][*:d84f20f35e]Klik vervolgens op de knop [b:d84f20f35e]"Start Scan"[/b:d84f20f35e] en volg de instructies. [*:d84f20f35e] Nadat de scan klaar is klik je op de knop [b:d84f20f35e]"Report"[/b:d84f20f35e]. [*:d84f20f35e]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:d84f20f35e] [list:d84f20f35e][*:d84f20f35e][b:d84f20f35e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:d84f20f35e] [*:d84f20f35e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:d84f20f35e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:d84f20f35e][/list:u:d84f20f35e] [color=#0000FF:d84f20f35e][b:d84f20f35e]Belangrijk:[/b:d84f20f35e][/color:d84f20f35e] [list:d84f20f35e][*:d84f20f35e]Indien je een waarschuwing krijgt over [b:d84f20f35e]sptd.sys[/b:d84f20f35e] dan mag je deze 'skippen' deze hoort bij Emulatiesoftware zoals bijv. DaemonTools. [*:d84f20f35e]De [b:d84f20f35e]unsigned files[/b:d84f20f35e] skip je, [*:d84f20f35e][b:d84f20f35e]TDSS File System[/b:d84f20f35e] laat je verwijderen of in quarantaine zetten, [b:d84f20f35e]delete[/b:d84f20f35e] of [b:d84f20f35e]copy to quarantine[/b:d84f20f35e]. [*:d84f20f35e][b:d84f20f35e]Rootkit.Boot.SST.b[/b:d84f20f35e] en anderen zoals [b:d84f20f35e]Sinowal[/b:d84f20f35e][/color], [b:d84f20f35e]ZeroAccess[/b:d84f20f35e] of [color=#FF0000][b:d84f20f35e]Whistler[/b:d84f20f35e] laat je herstellen [b:d84f20f35e]Cure[/b:d84f20f35e].[/list:u:d84f20f35e]
  • Hallo Abraham54, Bedankt voor de snelle reactie! Vanaf dat ik (!) de melding kreeg (vanaf gisteren, want toen ben IK pas voor het eerst Chrome gaan gebruiken), heb ik niet geïnternetbankierd. Maar bij navragen bij mijn kids (Chrome gebruikers) blijkt dat zij regelmatig een melding kregen. Op de vraag wat ze daarop deden kwam als antwoord "nou gewoon, de melding wegklikken" (zucht...). Dikke kans dus dat ik in die periode dit wel heb gedaan. Hoe serieus is het gevaar dat mijn rekening wordt "geplunderd"? Kan men iets zonder de Randomreader (Rabobank klant)? Ik zal in ieder geval snel (via een ander systeem) poolshoogte gaan nemen! Ik ga snel de TDSSkiller proberen. Bushmaster
  • Hierbij het resultaat van de scan. Behalve het laten genereren van dit rapport heb ik nog niets gedaan: 15:33:02.0058 1472 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 15:33:02.0230 1472 ============================================================ 15:33:02.0230 1472 Current date / time: 2012/07/17 15:33:02.0230 15:33:02.0230 1472 SystemInfo: 15:33:02.0230 1472 15:33:02.0230 1472 OS Version: 6.1.7601 ServicePack: 1.0 15:33:02.0230 1472 Product type: Workstation 15:33:02.0230 1472 ComputerName: CODYS-PC 15:33:02.0230 1472 UserName: Beheerder 15:33:02.0230 1472 Windows directory: C:\Windows 15:33:02.0230 1472 System windows directory: C:\Windows 15:33:02.0230 1472 Running under WOW64 15:33:02.0230 1472 Processor architecture: Intel x64 15:33:02.0230 1472 Number of processors: 4 15:33:02.0230 1472 Page size: 0x1000 15:33:02.0230 1472 Boot type: Normal boot 15:33:02.0230 1472 ============================================================ 15:33:03.0525 1472 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:33:03.0540 1472 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:33:03.0571 1472 ============================================================ 15:33:03.0571 1472 \Device\Harddisk0\DR0: 15:33:03.0571 1472 MBR partitions: 15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37643000 15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37675800, BlocksNum 0x3D090000 15:33:03.0571 1472 \Device\Harddisk1\DR1: 15:33:03.0571 1472 MBR partitions: 15:33:03.0571 1472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800 15:33:03.0571 1472 ============================================================ 15:33:03.0587 1472 C: <-> \Device\Harddisk0\DR0\Partition1 15:33:03.0618 1472 J: <-> \Device\Harddisk0\DR0\Partition0 15:33:03.0727 1472 D: <-> \Device\Harddisk0\DR0\Partition2 15:33:03.0727 1472 S: <-> \Device\Harddisk1\DR1\Partition0 15:33:03.0727 1472 ============================================================ 15:33:03.0727 1472 Initialize success 15:33:03.0727 1472 ============================================================ 15:34:44.0764 3672 ============================================================ 15:34:44.0764 3672 Scan started 15:34:44.0764 3672 Mode: Manual; SigCheck; TDLFS; 15:34:44.0764 3672 ============================================================ 15:34:45.0622 3672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:34:45.0684 3672 1394ohci - ok 15:34:45.0746 3672 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys 15:34:45.0824 3672 61883 - ok 15:34:45.0887 3672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:34:45.0918 3672 ACPI - ok 15:34:45.0949 3672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:34:45.0996 3672 AcpiPmi - ok 15:34:46.0121 3672 AcrSch2Svc (40864cd2f67e7b532d4e366ecb54e0cb) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 15:34:46.0152 3672 AcrSch2Svc - ok 15:34:46.0277 3672 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:34:46.0292 3672 AdobeFlashPlayerUpdateSvc - ok 15:34:46.0355 3672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:34:46.0386 3672 adp94xx - ok 15:34:46.0417 3672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:34:46.0433 3672 adpahci - ok 15:34:46.0464 3672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:34:46.0464 3672 adpu320 - ok 15:34:46.0511 3672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:34:46.0636 3672 AeLookupSvc - ok 15:34:46.0667 3672 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys 15:34:46.0682 3672 afcdp - ok 15:34:46.0823 3672 afcdpsrv (a530853e2b6d9061fa25fe8df308e08e) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 15:34:46.0854 3672 afcdpsrv - ok 15:34:46.0948 3672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 15:34:47.0010 3672 AFD - ok 15:34:47.0041 3672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:34:47.0072 3672 agp440 - ok 15:34:47.0275 3672 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll 15:34:47.0275 3672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22 15:34:47.0275 3672 Akamai ( HiddenFile.Multi.Generic ) - warning 15:34:47.0275 3672 Akamai - detected HiddenFile.Multi.Generic (1) 15:34:47.0322 3672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:34:47.0369 3672 ALG - ok 15:34:47.0384 3672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:34:47.0400 3672 aliide - ok 15:34:47.0447 3672 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe 15:34:47.0478 3672 AMD External Events Utility - ok 15:34:47.0556 3672 AMD FUEL Service - ok 15:34:47.0618 3672 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe 15:34:47.0634 3672 AMD Reservation Manager - ok 15:34:47.0650 3672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:34:47.0665 3672 amdide - ok 15:34:47.0681 3672 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 15:34:47.0681 3672 amdiox64 - ok 15:34:47.0728 3672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:34:47.0774 3672 AmdK8 - ok 15:34:48.0055 3672 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys 15:34:48.0180 3672 amdkmdag - ok 15:34:48.0320 3672 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys 15:34:48.0352 3672 amdkmdap - ok 15:34:48.0367 3672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:34:48.0398 3672 AmdPPM - ok 15:34:48.0430 3672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:34:48.0445 3672 amdsata - ok 15:34:48.0461 3672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:34:48.0476 3672 amdsbs - ok 15:34:48.0492 3672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:34:48.0492 3672 amdxata - ok 15:34:48.0539 3672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:34:48.0664 3672 AppID - ok 15:34:48.0695 3672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:34:48.0773 3672 AppIDSvc - ok 15:34:48.0804 3672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 15:34:48.0851 3672 Appinfo - ok 15:34:48.0944 3672 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:34:48.0976 3672 Apple Mobile Device - ok 15:34:49.0022 3672 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 15:34:49.0069 3672 AppMgmt - ok 15:34:49.0085 3672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:34:49.0116 3672 arc - ok 15:34:49.0132 3672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:34:49.0132 3672 arcsas - ok 15:34:49.0194 3672 ASKService (7b44f870fc2da172c5367d9e3f96f553) C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe 15:34:49.0225 3672 ASKService - ok 15:34:49.0241 3672 ASKUpgrade (367621cb272a8d9e7d910388916d5737) C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe 15:34:49.0256 3672 ASKUpgrade - ok 15:34:49.0272 3672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:34:49.0319 3672 AsyncMac - ok 15:34:49.0334 3672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:34:49.0350 3672 atapi - ok 15:34:49.0412 3672 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 15:34:49.0428 3672 AtiHDAudioService - ok 15:34:49.0459 3672 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 15:34:49.0490 3672 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning 15:34:49.0490 3672 AtiHdmiService - detected UnsignedFile.Multi.Generic (1) 15:34:49.0740 3672 atikmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys 15:34:49.0818 3672 atikmdag - ok 15:34:50.0114 3672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:34:50.0146 3672 AudioEndpointBuilder - ok 15:34:50.0161 3672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:34:50.0177 3672 AudioSrv - ok 15:34:50.0270 3672 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys 15:34:50.0302 3672 Avc - ok 15:34:50.0333 3672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 15:34:50.0411 3672 AxInstSV - ok 15:34:50.0458 3672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:34:50.0520 3672 b06bdrv - ok 15:34:50.0551 3672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:34:50.0598 3672 b57nd60a - ok 15:34:50.0629 3672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:34:50.0676 3672 BDESVC - ok 15:34:50.0692 3672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:34:50.0754 3672 Beep - ok 15:34:50.0832 3672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 15:34:50.0894 3672 BFE - ok 15:34:50.0957 3672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 15:34:51.0097 3672 BITS - ok 15:34:51.0113 3672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:34:51.0144 3672 blbdrive - ok 15:34:51.0238 3672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 15:34:51.0269 3672 Bonjour Service - ok 15:34:51.0316 3672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:34:51.0362 3672 bowser - ok 15:34:51.0378 3672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:34:51.0409 3672 BrFiltLo - ok 15:34:51.0409 3672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:34:51.0425 3672 BrFiltUp - ok 15:34:51.0456 3672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 15:34:51.0503 3672 Browser - ok 15:34:51.0534 3672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:34:51.0581 3672 Brserid - ok 15:34:51.0596 3672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:34:51.0612 3672 BrSerWdm - ok 15:34:51.0628 3672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:34:51.0659 3672 BrUsbMdm - ok 15:34:51.0674 3672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:34:51.0690 3672 BrUsbSer - ok 15:34:51.0706 3672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:34:51.0737 3672 BTHMODEM - ok 15:34:51.0768 3672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:34:51.0862 3672 bthserv - ok 15:34:51.0877 3672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:34:51.0924 3672 cdfs - ok 15:34:51.0955 3672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 15:34:51.0986 3672 cdrom - ok 15:34:52.0018 3672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:34:52.0049 3672 CertPropSvc - ok 15:34:52.0064 3672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:34:52.0080 3672 circlass - ok 15:34:52.0111 3672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:34:52.0127 3672 CLFS - ok 15:34:52.0205 3672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:34:52.0236 3672 clr_optimization_v2.0.50727_32 - ok 15:34:52.0283 3672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:34:52.0314 3672 clr_optimization_v2.0.50727_64 - ok 15:34:52.0392 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:34:52.0423 3672 clr_optimization_v4.0.30319_32 - ok 15:34:52.0470 3672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:34:52.0501 3672 clr_optimization_v4.0.30319_64 - ok 15:34:52.0501 3672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:34:52.0532 3672 CmBatt - ok 15:34:52.0548 3672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:34:52.0564 3672 cmdide - ok 15:34:52.0610 3672 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 15:34:52.0642 3672 CNG - ok 15:34:52.0642 3672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:34:52.0657 3672 Compbatt - ok 15:34:52.0673 3672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 15:34:52.0688 3672 CompositeBus - ok 15:34:52.0688 3672 COMSysApp - ok 15:34:52.0704 3672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:34:52.0704 3672 crcdisk - ok 15:34:52.0766 3672 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 15:34:52.0813 3672 CryptSvc - ok 15:34:52.0860 3672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 15:34:52.0891 3672 CSC - ok 15:34:52.0938 3672 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 15:34:52.0954 3672 CscService - ok 15:34:53.0000 3672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:34:53.0047 3672 DcomLaunch - ok 15:34:53.0078 3672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:34:53.0141 3672 defragsvc - ok 15:34:53.0219 3672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:34:53.0281 3672 DfsC - ok 15:34:53.0328 3672 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys 15:34:53.0344 3672 dg_ssudbus - ok 15:34:53.0375 3672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 15:34:53.0437 3672 Dhcp - ok 15:34:53.0437 3672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:34:53.0484 3672 discache - ok 15:34:53.0515 3672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:34:53.0546 3672 Disk - ok 15:34:53.0578 3672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 15:34:53.0624 3672 Dnscache - ok 15:34:53.0671 3672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 15:34:53.0702 3672 dot3svc - ok 15:34:53.0734 3672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 15:34:53.0780 3672 DPS - ok 15:34:53.0812 3672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:34:53.0827 3672 drmkaud - ok 15:34:53.0890 3672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:34:53.0921 3672 DXGKrnl - ok 15:34:53.0952 3672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:34:54.0030 3672 EapHost - ok 15:34:54.0139 3672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:34:54.0202 3672 ebdrv - ok 15:34:54.0295 3672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 15:34:54.0342 3672 EFS - ok 15:34:54.0436 3672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 15:34:54.0498 3672 ehRecvr - ok 15:34:54.0529 3672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:34:54.0576 3672 ehSched - ok 15:34:54.0654 3672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:34:54.0685 3672 elxstor - ok 15:34:54.0748 3672 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 15:34:54.0763 3672 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 15:34:54.0763 3672 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 15:34:54.0841 3672 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE 15:34:54.0872 3672 EPSON_EB_RPCV4_01 - ok 15:34:54.0904 3672 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 15:34:54.0919 3672 EPSON_PM_RPCV4_01 - ok 15:34:54.0935 3672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:34:54.0966 3672 ErrDev - ok 15:34:55.0013 3672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:34:55.0075 3672 EventSystem - ok 15:34:55.0106 3672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:34:55.0122 3672 exfat - ok 15:34:55.0138 3672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:34:55.0169 3672 fastfat - ok 15:34:55.0247 3672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 15:34:55.0278 3672 Fax - ok 15:34:55.0278 3672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:34:55.0309 3672 fdc - ok 15:34:55.0325 3672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:34:55.0356 3672 fdPHost - ok 15:34:55.0372 3672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:34:55.0403 3672 FDResPub - ok 15:34:55.0403 3672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:34:55.0418 3672 FileInfo - ok 15:34:55.0418 3672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:34:55.0450 3672 Filetrace - ok 15:34:55.0637 3672 Flexlm Service 1 (982c5349cb2777e90a7b4df6f1afd0de) C:\Altairwin64\hw10.0\security\win64\lmgrd.exe 15:34:55.0668 3672 Flexlm Service 1 - ok 15:34:55.0808 3672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:34:55.0824 3672 flpydisk - ok 15:34:55.0855 3672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:34:55.0871 3672 FltMgr - ok 15:34:55.0933 3672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 15:34:55.0980 3672 FontCache - ok 15:34:56.0089 3672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:34:56.0105 3672 FontCache3.0.0.0 - ok 15:34:56.0120 3672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:34:56.0120 3672 FsDepends - ok 15:34:56.0152 3672 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 15:34:56.0152 3672 Fs_Rec - ok 15:34:56.0214 3672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:34:56.0230 3672 fvevol - ok 15:34:56.0245 3672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:34:56.0261 3672 gagp30kx - ok 15:34:56.0292 3672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:34:56.0292 3672 GEARAspiWDM - ok 15:34:56.0339 3672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 15:34:56.0401 3672 gpsvc - ok 15:34:56.0510 3672 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:34:56.0526 3672 gupdate - ok 15:34:56.0557 3672 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:34:56.0588 3672 gupdatem - ok 15:34:56.0620 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:34:56.0635 3672 gusvc - ok 15:34:56.0635 3672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:34:56.0682 3672 hcw85cir - ok 15:34:56.0744 3672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 15:34:56.0776 3672 HdAudAddService - ok 15:34:56.0807 3672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 15:34:56.0838 3672 HDAudBus - ok 15:34:56.0854 3672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:34:56.0869 3672 HidBatt - ok 15:34:56.0885 3672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:34:56.0900 3672 HidBth - ok 15:34:56.0900 3672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:34:56.0916 3672 HidIr - ok 15:34:56.0947 3672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 15:34:57.0010 3672 hidserv - ok 15:34:57.0025 3672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 15:34:57.0041 3672 HidUsb - ok 15:34:57.0072 3672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 15:34:57.0103 3672 hkmsvc - ok 15:34:57.0134 3672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 15:34:57.0197 3672 HomeGroupListener - ok 15:34:57.0244 3672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 15:34:57.0275 3672 HomeGroupProvider - ok 15:34:57.0290 3672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:34:57.0306 3672 HpSAMD - ok 15:34:57.0384 3672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:34:57.0446 3672 HTTP - ok 15:34:57.0446 3672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:34:57.0462 3672 hwpolicy - ok 15:34:57.0493 3672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 15:34:57.0524 3672 i8042prt - ok 15:34:57.0587 3672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:34:57.0602 3672 iaStorV - ok 15:34:57.0743 3672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:34:57.0758 3672 idsvc - ok 15:34:57.0790 3672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:34:57.0790 3672 iirsp - ok 15:34:57.0821 3672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 15:34:57.0868 3672 IKEEXT - ok 15:34:57.0883 3672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:34:57.0883 3672 intelide - ok 15:34:57.0899 3672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:34:57.0914 3672 intelppm - ok 15:34:57.0946 3672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:34:58.0008 3672 IPBusEnum - ok 15:34:58.0039 3672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:34:58.0055 3672 IpFilterDriver - ok 15:34:58.0102 3672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 15:34:58.0148 3672 iphlpsvc - ok 15:34:58.0164 3672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:34:58.0180 3672 IPMIDRV - ok 15:34:58.0211 3672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:34:58.0273 3672 IPNAT - ok 15:34:58.0382 3672 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 15:34:58.0414 3672 iPod Service - ok 15:34:58.0445 3672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:34:58.0492 3672 IRENUM - ok 15:34:58.0523 3672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:34:58.0523 3672 isapnp - ok 15:34:58.0538 3672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:34:58.0554 3672 iScsiPrt - ok 15:34:58.0570 3672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 15:34:58.0585 3672 kbdclass - ok 15:34:58.0616 3672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:34:58.0648 3672 kbdhid - ok 15:34:58.0679 3672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:34:58.0694 3672 KeyIso - ok 15:34:58.0726 3672 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 15:34:58.0757 3672 KSecDD - ok 15:34:58.0804 3672 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 15:34:58.0804 3672 KSecPkg - ok 15:34:58.0835 3672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:34:58.0882 3672 ksthunk - ok 15:34:58.0928 3672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:34:58.0991 3672 KtmRm - ok 15:34:59.0022 3672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 15:34:59.0053 3672 LanmanServer - ok 15:34:59.0100 3672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 15:34:59.0162 3672 LanmanWorkstation - ok 15:34:59.0287 3672 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 15:34:59.0303 3672 LBTServ - ok 15:34:59.0334 3672 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys 15:34:59.0350 3672 LHidFilt - ok 15:34:59.0365 3672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:34:59.0412 3672 lltdio - ok 15:34:59.0443 3672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:34:59.0521 3672 lltdsvc - ok 15:34:59.0537 3672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:34:59.0568 3672 lmhosts - ok 15:34:59.0584 3672 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys 15:34:59.0584 3672 LMouFilt - ok 15:34:59.0646 3672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:34:59.0677 3672 LSI_FC - ok 15:34:59.0677 3672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:34:59.0693 3672 LSI_SAS - ok 15:34:59.0708 3672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:34:59.0724 3672 LSI_SAS2 - ok 15:34:59.0740 3672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:34:59.0740 3672 LSI_SCSI - ok 15:34:59.0771 3672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:34:59.0802 3672 luafv - ok 15:34:59.0849 3672 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys 15:34:59.0880 3672 MarvinBus - ok 15:34:59.0911 3672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 15:34:59.0927 3672 Mcx2Svc - ok 15:34:59.0942 3672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:34:59.0942 3672 megasas - ok 15:34:59.0958 3672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:34:59.0974 3672 MegaSR - ok 15:35:00.0005 3672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:00.0052 3672 MMCSS - ok 15:35:00.0067 3672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:35:00.0130 3672 Modem - ok 15:35:00.0145 3672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:35:00.0161 3672 monitor - ok 15:35:00.0208 3672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 15:35:00.0223 3672 mouclass - ok 15:35:00.0254 3672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:35:00.0270 3672 mouhid - ok 15:35:00.0301 3672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:35:00.0317 3672 mountmgr - ok 15:35:00.0379 3672 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 15:35:00.0410 3672 MpFilter - ok 15:35:00.0457 3672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:35:00.0473 3672 mpio - ok 15:35:00.0504 3672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:35:00.0535 3672 mpsdrv - ok 15:35:00.0582 3672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 15:35:00.0691 3672 MpsSvc - ok 15:35:00.0722 3672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:35:00.0754 3672 MRxDAV - ok 15:35:00.0785 3672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:35:00.0816 3672 mrxsmb - ok 15:35:00.0863 3672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:35:00.0894 3672 mrxsmb10 - ok 15:35:00.0910 3672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:35:00.0925 3672 mrxsmb20 - ok 15:35:00.0956 3672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:35:00.0972 3672 msahci - ok 15:35:00.0988 3672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:35:01.0003 3672 msdsm - ok 15:35:01.0034 3672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:35:01.0050 3672 MSDTC - ok 15:35:01.0112 3672 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys 15:35:01.0159 3672 MSDV - ok 15:35:01.0175 3672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:35:01.0206 3672 Msfs - ok 15:35:01.0222 3672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:35:01.0253 3672 mshidkmdf - ok 15:35:01.0284 3672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:35:01.0284 3672 msisadrv - ok 15:35:01.0331 3672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:35:01.0362 3672 MSiSCSI - ok 15:35:01.0362 3672 msiserver - ok 15:35:01.0393 3672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:35:01.0409 3672 MSKSSRV - ok 15:35:01.0502 3672 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 15:35:01.0534 3672 MsMpSvc - ok 15:35:01.0534 3672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:35:01.0565 3672 MSPCLOCK - ok 15:35:01.0580 3672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:35:01.0612 3672 MSPQM - ok 15:35:01.0658 3672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:35:01.0674 3672 MsRPC - ok 15:35:01.0690 3672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 15:35:01.0705 3672 mssmbios - ok 15:35:01.0705 3672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:35:01.0752 3672 MSTEE - ok 15:35:01.0783 3672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:35:01.0799 3672 MTConfig - ok 15:35:01.0877 3672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 15:35:01.0908 3672 MTsensor - ok 15:35:01.0924 3672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:35:01.0939 3672 Mup - ok 15:35:01.0986 3672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 15:35:02.0033 3672 napagent - ok 15:35:02.0080 3672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:35:02.0095 3672 NativeWifiP - ok 15:35:02.0142 3672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:35:02.0158 3672 NDIS - ok 15:35:02.0173 3672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:35:02.0204 3672 NdisCap - ok 15:35:02.0220 3672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:35:02.0298 3672 NdisTapi - ok 15:35:02.0329 3672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:35:02.0407 3672 Ndisuio - ok 15:35:02.0454 3672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:35:02.0532 3672 NdisWan - ok 15:35:02.0548 3672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:35:02.0579 3672 NDProxy - ok 15:35:02.0704 3672 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 15:35:02.0719 3672 Nero BackItUp Scheduler 4.0 - ok 15:35:02.0735 3672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:35:02.0766 3672 NetBIOS - ok 15:35:02.0797 3672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:35:02.0828 3672 NetBT - ok 15:35:02.0860 3672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:02.0875 3672 Netlogon - ok 15:35:02.0922 3672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:35:02.0969 3672 Netman - ok 15:35:03.0000 3672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:35:03.0031 3672 netprofm - ok 15:35:03.0094 3672 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys 15:35:03.0140 3672 netr28x - ok 15:35:03.0250 3672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:35:03.0265 3672 NetTcpPortSharing - ok 15:35:03.0296 3672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:35:03.0312 3672 nfrd960 - ok 15:35:03.0359 3672 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:35:03.0390 3672 NisDrv - ok 15:35:03.0484 3672 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 15:35:03.0530 3672 NisSrv - ok 15:35:03.0577 3672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 15:35:03.0624 3672 NlaSvc - ok 15:35:03.0640 3672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:35:03.0671 3672 Npfs - ok 15:35:03.0702 3672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:35:03.0718 3672 nsi - ok 15:35:03.0733 3672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:35:03.0764 3672 nsiproxy - ok 15:35:03.0858 3672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:35:03.0920 3672 Ntfs - ok 15:35:04.0030 3672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:35:04.0076 3672 Null - ok 15:35:04.0123 3672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:35:04.0154 3672 nvraid - ok 15:35:04.0186 3672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:35:04.0186 3672 nvstor - ok 15:35:04.0232 3672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:35:04.0264 3672 nv_agp - ok 15:35:04.0373 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:35:04.0420 3672 odserv - ok 15:35:04.0451 3672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:35:04.0451 3672 ohci1394 - ok 15:35:04.0482 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:35:04.0513 3672 ose - ok 15:35:04.0560 3672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:04.0591 3672 p2pimsvc - ok 15:35:04.0654 3672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:35:04.0685 3672 p2psvc - ok 15:35:04.0732 3672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:35:04.0778 3672 Parport - ok 15:35:04.0810 3672 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 15:35:04.0810 3672 partmgr - ok 15:35:04.0825 3672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:35:04.0856 3672 PcaSvc - ok 15:35:04.0872 3672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:35:04.0888 3672 pci - ok 15:35:04.0888 3672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:35:04.0903 3672 pciide - ok 15:35:04.0919 3672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:35:04.0919 3672 pcmcia - ok 15:35:04.0950 3672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:35:04.0950 3672 pcw - ok 15:35:04.0981 3672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:35:05.0012 3672 PEAUTH - ok 15:35:05.0106 3672 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 15:35:05.0137 3672 PeerDistSvc - ok 15:35:05.0231 3672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:35:05.0278 3672 PerfHost - ok 15:35:05.0402 3672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 15:35:05.0449 3672 pla - ok 15:35:05.0512 3672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 15:35:05.0543 3672 PlugPlay - ok 15:35:05.0558 3672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:35:05.0590 3672 PNRPAutoReg - ok 15:35:05.0621 3672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:05.0621 3672 PNRPsvc - ok 15:35:05.0652 3672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 15:35:05.0683 3672 PolicyAgent - ok 15:35:05.0730 3672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:35:05.0808 3672 Power - ok 15:35:05.0870 3672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:35:05.0948 3672 PptpMiniport - ok 15:35:05.0964 3672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:35:05.0995 3672 Processor - ok 15:35:06.0058 3672 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 15:35:06.0089 3672 ProfSvc - ok 15:35:06.0120 3672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:06.0136 3672 ProtectedStorage - ok 15:35:06.0198 3672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:35:06.0245 3672 Psched - ok 15:35:06.0292 3672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:35:06.0323 3672 ql2300 - ok 15:35:06.0416 3672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:35:06.0448 3672 ql40xx - ok 15:35:06.0494 3672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:35:06.0510 3672 QWAVE - ok 15:35:06.0526 3672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:35:06.0541 3672 QWAVEdrv - ok 15:35:06.0557 3672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:35:06.0588 3672 RasAcd - ok 15:35:06.0635 3672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:35:06.0682 3672 RasAgileVpn - ok 15:35:06.0697 3672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:35:06.0728 3672 RasAuto - ok 15:35:06.0760 3672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:35:06.0806 3672 Rasl2tp - ok 15:35:06.0853 3672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 15:35:06.0947 3672 RasMan - ok 15:35:06.0962 3672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:35:06.0994 3672 RasPppoe - ok 15:35:07.0009 3672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:35:07.0040 3672 RasSstp - ok 15:35:07.0072 3672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:35:07.0118 3672 rdbss - ok 15:35:07.0134 3672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:35:07.0150 3672 rdpbus - ok 15:35:07.0165 3672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:35:07.0196 3672 RDPCDD - ok 15:35:07.0228 3672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 15:35:07.0290 3672 RDPDR - ok 15:35:07.0306 3672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:35:07.0337 3672 RDPENCDD - ok 15:35:07.0352 3672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:35:07.0384 3672 RDPREFMP - ok 15:35:07.0430 3672 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 15:35:07.0462 3672 RdpVideoMiniport - ok 15:35:07.0508 3672 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 15:35:07.0540 3672 RDPWD - ok 15:35:07.0586 3672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:35:07.0602 3672 rdyboost - ok 15:35:07.0633 3672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:35:07.0696 3672 RemoteAccess - ok 15:35:07.0727 3672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:35:07.0805 3672 RemoteRegistry - ok 15:35:07.0836 3672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:35:07.0867 3672 RpcEptMapper - ok 15:35:07.0898 3672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:35:07.0898 3672 RpcLocator - ok 15:35:07.0945 3672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:35:07.0976 3672 RpcSs - ok 15:35:07.0976 3672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:35:08.0008 3672 rspndr - ok 15:35:08.0054 3672 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys 15:35:08.0054 3672 RTL8167 - ok 15:35:08.0086 3672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 15:35:08.0148 3672 s3cap - ok 15:35:08.0179 3672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:08.0195 3672 SamSs - ok 15:35:08.0210 3672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:35:08.0242 3672 sbp2port - ok 15:35:08.0257 3672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:35:08.0304 3672 SCardSvr - ok 15:35:08.0320 3672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:35:08.0366 3672 scfilter - ok 15:35:08.0444 3672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 15:35:08.0538 3672 Schedule - ok 15:35:08.0569 3672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:35:08.0585 3672 SCPolicySvc - ok 15:35:08.0632 3672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 15:35:08.0678 3672 SDRSVC - ok 15:35:08.0725 3672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:35:08.0772 3672 secdrv - ok 15:35:08.0803 3672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 15:35:08.0866 3672 seclogon - ok 15:35:08.0881 3672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:35:08.0912 3672 SENS - ok 15:35:08.0928 3672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:35:08.0959 3672 SensrSvc - ok 15:35:08.0975 3672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:35:08.0975 3672 Serenum - ok 15:35:09.0006 3672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:35:09.0022 3672 Serial - ok 15:35:09.0053 3672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:35:09.0068 3672 sermouse - ok 15:35:09.0100 3672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 15:35:09.0131 3672 SessionEnv - ok 15:35:09.0146 3672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 15:35:09.0193 3672 sffdisk - ok 15:35:09.0209 3672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:35:09.0224 3672 sffp_mmc - ok 15:35:09.0240 3672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 15:35:09.0256 3672 sffp_sd - ok 15:35:09.0271 3672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:35:09.0271 3672 sfloppy - ok 15:35:09.0318 3672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 15:35:09.0365 3672 SharedAccess - ok 15:35:09.0412 3672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 15:35:09.0443 3672 ShellHWDetection - ok 15:35:09.0458 3672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:35:09.0474 3672 SiSRaid2 - ok 15:35:09.0490 3672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:35:09.0490 3672 SiSRaid4 - ok 15:35:09.0521 3672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:35:09.0552 3672 Smb - ok 15:35:09.0614 3672 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys 15:35:09.0646 3672 snapman - ok 15:35:09.0677 3672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:35:09.0708 3672 SNMPTRAP - ok 15:35:09.0708 3672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:35:09.0724 3672 spldr - ok 15:35:09.0755 3672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 15:35:09.0786 3672 Spooler - ok 15:35:09.0989 3672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 15:35:10.0067 3672 sppsvc - ok 15:35:10.0145 3672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:35:10.0192 3672 sppuinotify - ok 15:35:10.0270 3672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:35:10.0316 3672 srv - ok 15:35:10.0363 3672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:35:10.0394 3672 srv2 - ok 15:35:10.0410 3672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:35:10.0426 3672 srvnet - ok 15:35:10.0441 3672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:35:10.0472 3672 SSDPSRV - ok 15:35:10.0504 3672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:35:10.0519 3672 SstpSvc - ok 15:35:10.0566 3672 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys 15:35:10.0582 3672 ssudmdm - ok 15:35:10.0613 3672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:35:10.0628 3672 stexstor - ok 15:35:10.0691 3672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 15:35:10.0722 3672 stisvc - ok 15:35:10.0753 3672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 15:35:10.0769 3672 storflt - ok 15:35:10.0800 3672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 15:35:10.0800 3672 storvsc - ok 15:35:10.0831 3672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 15:35:10.0847 3672 swenum - ok 15:35:10.0862 3672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:35:10.0909 3672 swprv - ok 15:35:10.0925 3672 Synth3dVsc - ok 15:35:11.0018 3672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 15:35:11.0065 3672 SysMain - ok 15:35:11.0159 3672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 15:35:11.0190 3672 TabletInputService - ok 15:35:11.0206 3672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 15:35:11.0252 3672 TapiSrv - ok 15:35:11.0284 3672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:35:11.0315 3672 TBS - ok 15:35:11.0424 3672 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 15:35:11.0471 3672 Tcpip - ok 15:35:11.0549 3672 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 15:35:11.0564 3672 TCPIP6 - ok 15:35:11.0627 3672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:35:11.0674 3672 tcpipreg - ok 15:35:11.0689 3672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:35:11.0736 3672 TDPIPE - ok 15:35:11.0845 3672 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys 15:35:11.0892 3672 tdrpman255 - ok 15:35:11.0939 3672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 15:35:11.0970 3672 TDTCP - ok 15:35:12.0001 3672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:35:12.0048 3672 tdx - ok 15:35:12.0079 3672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 15:35:12.0095 3672 TermDD - ok 15:35:12.0142 3672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 15:35:12.0188 3672 TermService - ok 15:35:12.0204 3672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:35:12.0204 3672 Themes - ok 15:35:12.0235 3672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:12.0266 3672 THREADORDER - ok 15:35:12.0298 3672 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys 15:35:12.0313 3672 timounter - ok 15:35:12.0344 3672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:35:12.0376 3672 TrkWks - ok 15:35:12.0407 3672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 15:35:12.0485 3672 TrustedInstaller - ok 15:35:12.0532 3672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:35:12.0563 3672 tssecsrv - ok 15:35:12.0578 3672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:35:12.0610 3672 TsUsbFlt - ok 15:35:12.0625 3672 tsusbhub - ok 15:35:12.0672 3672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:35:12.0734 3672 tunnel - ok 15:35:12.0766 3672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:35:12.0766 3672 uagp35 - ok 15:35:12.0797 3672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:35:12.0844 3672 udfs - ok 15:35:12.0859 3672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:35:12.0859 3672 UI0Detect - ok 15:35:12.0875 3672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:35:12.0890 3672 uliagpkx - ok 15:35:12.0922 3672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 15:35:12.0953 3672 umbus - ok 15:35:12.0968 3672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:35:12.0984 3672 UmPass - ok 15:35:13.0031 3672 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 15:35:13.0062 3672 UmRdpService - ok 15:35:13.0093 3672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:35:13.0124 3672 upnphost - ok 15:35:13.0187 3672 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 15:35:13.0187 3672 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 15:35:13.0187 3672 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 15:35:13.0234 3672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:35:13.0265 3672 usbccgp - ok 15:35:13.0296 3672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:35:13.0312 3672 usbcir - ok 15:35:13.0343 3672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 15:35:13.0374 3672 usbehci - ok 15:35:13.0405 3672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:35:13.0436 3672 usbhub - ok 15:35:13.0452 3672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 15:35:13.0468 3672 usbohci - ok 15:35:13.0514 3672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:35:13.0530 3672 usbprint - ok 15:35:13.0546 3672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 15:35:13.0577 3672 usbscan - ok 15:35:13.0592 3672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:35:13.0608 3672 USBSTOR - ok 15:35:13.0608 3672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 15:35:13.0639 3672 usbuhci - ok 15:35:13.0670 3672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:35:13.0733 3672 UxSms - ok 15:35:13.0764 3672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:13.0780 3672 VaultSvc - ok 15:35:13.0826 3672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:35:13.0826 3672 vdrvroot - ok 15:35:13.0873 3672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 15:35:13.0904 3672 vds - ok 15:35:13.0951 3672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:35:13.0951 3672 vga - ok 15:35:13.0982 3672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:35:14.0029 3672 VgaSave - ok 15:35:14.0045 3672 VGPU - ok 15:35:14.0060 3672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:35:14.0076 3672 vhdmp - ok 15:35:14.0092 3672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:35:14.0092 3672 viaide - ok 15:35:14.0138 3672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 15:35:14.0138 3672 vmbus - ok 15:35:14.0154 3672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 15:35:14.0170 3672 VMBusHID - ok 15:35:14.0185 3672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:35:14.0201 3672 volmgr - ok 15:35:14.0232 3672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:35:14.0279 3672 volmgrx - ok 15:35:14.0310 3672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:35:14.0341 3672 volsnap - ok 15:35:14.0388 3672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:35:14.0419 3672 vsmraid - ok 15:35:14.0497 3672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 15:35:14.0544 3672 VSS - ok 15:35:14.0653 3672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:35:14.0700 3672 vwifibus - ok 15:35:14.0716 3672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:35:14.0731 3672 vwififlt - ok 15:35:14.0762 3672 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 15:35:14.0762 3672 vwifimp - ok 15:35:14.0825 3672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:35:14.0872 3672 W32Time - ok 15:35:14.0887 3672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:35:14.0887 3672 WacomPen - ok 15:35:14.0934 3672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:15.0012 3672 WANARP - ok 15:35:15.0012 3672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:15.0028 3672 Wanarpv6 - ok 15:35:15.0090 3672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:35:15.0121 3672 WatAdminSvc - ok 15:35:15.0215 3672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 15:35:15.0262 3672 wbengine - ok 15:35:15.0308 3672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:35:15.0324 3672 WbioSrvc - ok 15:35:15.0371 3672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 15:35:15.0386 3672 wcncsvc - ok 15:35:15.0402 3672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:35:15.0433 3672 WcsPlugInService - ok 15:35:15.0464 3672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:35:15.0480 3672 Wd - ok 15:35:15.0511 3672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:35:15.0542 3672 Wdf01000 - ok 15:35:15.0542 3672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:15.0605 3672 WdiServiceHost - ok 15:35:15.0605 3672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:15.0620 3672 WdiSystemHost - ok 15:35:15.0667 3672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 15:35:15.0698 3672 WebClient - ok 15:35:15.0714 3672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:35:15.0761 3672 Wecsvc - ok 15:35:15.0776 3672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:35:15.0823 3672 wercplsupport - ok 15:35:15.0839 3672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:35:15.0870 3672 WerSvc - ok 15:35:15.0886 3672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:35:15.0901 3672 WfpLwf - ok 15:35:15.0901 3672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:35:15.0917 3672 WIMMount - ok 15:35:15.0948 3672 WinDefend - ok 15:35:15.0964 3672 WinHttpAutoProxySvc - ok 15:35:16.0042 3672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:35:16.0073 3672 Winmgmt - ok 15:35:16.0182 3672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 15:35:16.0244 3672 WinRM - ok 15:35:16.0369 3672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 15:35:16.0400 3672 WinUsb - ok 15:35:16.0478 3672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:35:16.0510 3672 Wlansvc - ok 15:35:16.0525 3672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 15:35:16.0541 3672 WmiAcpi - ok 15:35:16.0556 3672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:35:16.0572 3672 wmiApSrv - ok 15:35:16.0588 3672 WMPNetworkSvc - ok 15:35:16.0603 3672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:35:16.0619 3672 WPCSvc - ok 15:35:16.0650 3672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 15:35:16.0681 3672 WPDBusEnum - ok 15:35:16.0697 3672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:35:16.0728 3672 ws2ifsl - ok 15:35:16.0744 3672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 15:35:16.0759 3672 wscsvc - ok 15:35:16.0759 3672 WSearch - ok 15:35:16.0868 3672 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 15:35:16.0915 3672 wuauserv - ok 15:35:16.0962 3672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:35:16.0993 3672 WudfPf - ok 15:35:17.0009 3672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:35:17.0040 3672 WUDFRd - ok 15:35:17.0071 3672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 15:35:17.0102 3672 wudfsvc - ok 15:35:17.0149 3672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:35:17.0196 3672 WwanSvc - ok 15:35:17.0227 3672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:35:17.0430 3672 \Device\Harddisk0\DR0 - ok 15:35:17.0430
  • Het laatste deel van het rapport. Van een 2e scan, het rapport van de eerste scan had ik niet meer: 16:07:25.0593 5992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 16:07:25.0624 5992 \Device\Harddisk1\DR1 - ok 16:07:25.0624 5992 Boot (0x1200) (d659879f8c2f4bb63d25d9ddf9689af9) \Device\Harddisk0\DR0\Partition0 16:07:25.0624 5992 \Device\Harddisk0\DR0\Partition0 - ok 16:07:25.0656 5992 Boot (0x1200) (388ae9931ff1f69451597e3ed61dc608) \Device\Harddisk0\DR0\Partition1 16:07:25.0656 5992 \Device\Harddisk0\DR0\Partition1 - ok 16:07:25.0671 5992 Boot (0x1200) (957304436e2b890045b9ee8f91c86671) \Device\Harddisk0\DR0\Partition2 16:07:25.0671 5992 \Device\Harddisk0\DR0\Partition2 - ok 16:07:25.0687 5992 Boot (0x1200) (aff8c5db3d4afa454de834e72946c698) \Device\Harddisk1\DR1\Partition0 16:07:25.0687 5992 \Device\Harddisk1\DR1\Partition0 - ok 16:07:25.0687 5992 ============================================================ 16:07:25.0687 5992 Scan finished 16:07:25.0687 5992 ============================================================ 16:07:25.0687 5856 Detected object count: 4 16:07:25.0687 5856 Actual detected object count: 4 16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user 16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • Hoi, tenzij de webbeelden gefotografeerd zijn hoef jij je verder geen zorgen te maken. Vreemd dat Sinowal niet door TDSSkiller is gevonden. We zoeken verder: [b:c706286dd7]Welk programma[/b:c706286dd7]: [color=#008000:c706286dd7][b:c706286dd7]ComboFix[/b:c706286dd7][/color:c706286dd7] [b:c706286dd7]Waarvoor/waarom[/b:c706286dd7]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:c706286dd7]Moeilijkheidsgraad[/b:c706286dd7]: Lees alles eerst goed vanwege de voorbereidingsfase. [b:c706286dd7]Downloadlokatie[/b:c706286dd7]: Dit programma absoluut naar het bureaublad downloaden! [b:c706286dd7]Download ComboFix via één van deze locaties[/b:c706286dd7]: [list:c706286dd7][*:c706286dd7][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:c706286dd7]Bleepingcomputer[/b:c706286dd7][/url] [*:c706286dd7][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:c706286dd7]ForoSpyware[/b:c706286dd7][/url] [*:c706286dd7][url=http://subs.geekstogo.com/ComboFix.exe][b:c706286dd7]Geekstogo[/b:c706286dd7][/url][/list:u:c706286dd7] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:c706286dd7]Hier[/b:c706286dd7][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:c706286dd7][color=#0000FF:c706286dd7]Hier[/color:c706286dd7][/b:c706286dd7][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:c706286dd7][b:c706286dd7]hier[/b:c706286dd7][/color:c706286dd7][/url] kan je lezen hoe je dat doet. [b:c706286dd7]Opmerkingen[/b:c706286dd7]: [list:c706286dd7][*:c706286dd7][b:c706286dd7]Voor alle duidelijkheid nogmaals[/b:c706286dd7]: ComboFix dient vanaf het bureaublad gestart te worden. [*:c706286dd7] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:c706286dd7]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:c706286dd7]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:c706286dd7] [b:c706286dd7]ComboFix is opgestart[/b:c706286dd7]: [list:c706286dd7][*:c706286dd7]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:c706286dd7]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:c706286dd7]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:c706286dd7]Wanneer ComboFix gereed is, zal het een logbestand voor je maken. [*:c706286dd7]Post de inhoud van dit logbestand in je volgende bericht. [*:c706286dd7]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:c706286dd7] [b:c706286dd7]Belangrijke opmerking[/b:c706286dd7]: [list:c706286dd7][*:c706286dd7][b:c706286dd7][color=#0000FF:c706286dd7]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:c706286dd7][/b:c706286dd7] [*:c706286dd7][b:c706286dd7][color=#FF0000:c706286dd7]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:c706286dd7][/b:c706286dd7] [*:c706286dd7][b:c706286dd7][color=#008000:c706286dd7]Start dan de computer opnieuw op.[/color:c706286dd7][/b:c706286dd7][/list:u:c706286dd7]
  • Hallo, Ik heb ComboFix op mijn bureaublad gezet en vlg. instructies laten lopen. Het leek goed te gaan tot dat het systeem (door het programma) opnieuw werd opgestart. Na opnieuw in te hebben gelogd "vliegt" het blauwe window over mijn scherm. Het systeem lijkt ook nergens meer op te reageren. Is dit normaal? Zo nee, hoe kan ik dit stoppen???
  • PC opnieuw opstarten.
  • Afsluiten en weer opstarten help niet. Het "vliegende" blauwe window komt gewoon weer terug :-( :( :(
  • Kan je daar een screenprint van posten?
  • Helaas, de PC reageert bijna nergens meer op. Laatste backup terugzetten (als het lukt)?
  • Update: Ik heb de PC opnieuw opgestart, maar nu als Beheerder. Het blauwe window staat nu gelukig stil en laat de volgende tekst zien: [b:a4e5a6dd02]log rapport wordt voorbereid. Start geen andere programma's tot ComboFix klaar is.[/b:a4e5a6dd02] Staat al enkele minuten in deze vorm. Er is constant activiteit van de HDD.
  • Oef.... Het systeem reageert weer, en ik heb een logfile. En nu?: [code:1:9626c2c389]ComboFix 12-07-16.01 - Beheerder 17-07-2012 17:16:54.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.16383.13108 [GMT 2:00] Gestart vanuit: c:\users\Freddy\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Windows c:\programdata\windows\ccdxmmde.dat c:\programdata\windows\drss.dat c:\programdata\Windows\msseedir.dll c:\programdata\Windows\xessmsxe.dat . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))) . . 2012-07-17 15:22 . 2012-07-17 16:43 -------- d-----w- c:\users\Beheerder\AppData\Local\temp 2012-07-17 15:22 . 2012-07-17 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 15:22 . 2012-07-17 15:22 -------- d-----w- c:\users\Siri\AppData\Local\temp 2012-07-17 15:22 . 2012-07-17 15:22 -------- d-----w- c:\users\Patrick\AppData\Local\temp 2012-07-17 15:22 . 2012-07-17 15:22 -------- d-----w- c:\users\Marjolein\AppData\Local\temp 2012-07-17 07:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EF2E5CD-0814-4501-97CD-7E4FED57E6A5}\mpengine.dll 2012-07-17 07:40 . 2012-07-17 07:40 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-17 07:40 . 2012-07-17 07:40 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-17 07:40 . 2012-07-17 07:40 -------- d-----w- c:\program files\Java 2012-07-17 07:33 . 2012-07-17 07:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-17 07:32 . 2012-07-17 07:32 -------- d-----w- c:\program files (x86)\Oracle 2012-07-17 07:32 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-17 07:24 . 2012-07-17 07:25 -------- d-----w- c:\program files\iTunes 2012-07-17 07:24 . 2012-07-17 07:25 -------- d-----w- c:\program files (x86)\iTunes 2012-07-17 07:24 . 2012-07-17 07:24 -------- d-----w- c:\program files\iPod 2012-07-17 07:22 . 2012-07-17 07:22 -------- d-----w- c:\program files\Bonjour 2012-07-17 07:22 . 2012-07-17 07:22 -------- d-----w- c:\program files (x86)\Bonjour 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-07-17 07:22 . 2012-07-17 07:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-07-17 07:22 . 2012-07-17 07:22 -------- d-----w- c:\program files (x86)\QuickTime 2012-07-17 07:19 . 2012-07-17 07:19 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-07-17 00:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-16 19:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 18:03 . 2012-07-16 18:03 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-07-16 18:03 . 2012-07-16 18:03 -------- d-----w- c:\windows\system32\wbem\en-US 2012-07-16 17:55 . 2012-07-16 17:59 -------- d--h--w- c:\windows\msdownld.tmp 2012-07-16 15:27 . 2012-02-10 16:04 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D792564E-1141-46C5-A7D5-53ED53683D52}\gapaengine.dll 2012-06-21 06:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 17:43 . 2012-06-19 17:43 -------- d-----w- c:\program files (x86)\IDM Computer Solutions . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-16 15:50 . 2012-04-14 16:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-16 15:50 . 2011-05-15 04:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 14:15 . 2012-05-06 14:15 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06 . 2012-06-14 05:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 05:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 05:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 05:26 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 05:32 . 2012-06-14 05:26 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-04-28 03:55 . 2012-06-14 05:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 05:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 05:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 05:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 05:26 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 05:26 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 05:26 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 05:26 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 05:26 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 05:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 11:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HyperWorkswin64Desktop Quick Launch.lnk - c:\altairwin64\hw10.0\hw\bin\win64\hw.exe [2011-6-27 1132544] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-30 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-01-02 1477152] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-02 2475952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] S2 Flexlm Service 1;Flexlm Service 1;c:\altairwin64\hw10.0\security\win64\lmgrd.exe [2011-06-24 1778512] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-02 250464] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 netr28x;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:50] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009Core.job - c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009UA.job - c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011Core.job - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011UA.job - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012Core.job - c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012UA.job - c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: Interfaces\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab . - - - - ORPHANS VERWIJDERD - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\altairwin64\hw10.0\security\win64\altair_lm.exe . ************************************************************************** . Voltooingstijd: 2012-07-17 18:48:43 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-17 16:48 . Pre-Run: 154.347.192.320 bytes beschikbaar Post-Run: 160.613.642.240 bytes beschikbaar . - - End Of File - - 3E9ACDAF2594B2C5D730C0CFC6BD7248 [/code:1:9626c2c389]
  • Logs svp gewoon posten, niet via "Code". [b:046f3bfbfb][url=http://www.eset.com/home/products/online-scanner/]Doe de ESET online scan (Klik).[/url][/b:046f3bfbfb] [list:046f3bfbfb] [*:046f3bfbfb]Klik op de knop [b:046f3bfbfb]ESET Online Scanner[/b:046f3bfbfb] [*:046f3bfbfb]Zet een vinkje bij [b:046f3bfbfb]YES, I accept the Terms of Use[/b:046f3bfbfb] [*:046f3bfbfb]Klik op [b:046f3bfbfb]Start[/b:046f3bfbfb] [*:046f3bfbfb]Sta het ActiveX control toe om te installeren. [*:046f3bfbfb]Zet een vinkje bij de volgende opties: [list:046f3bfbfb][*:046f3bfbfb][b:046f3bfbfb]Remove found threats[/b:046f3bfbfb] [*:046f3bfbfb][b:046f3bfbfb]Scan archives[/b:046f3bfbfb][/list:u:046f3bfbfb] [*:046f3bfbfb]Klik vervolgens op [b:046f3bfbfb][color=#0000FF:046f3bfbfb]"Advanced Settings"[/color:046f3bfbfb][/b:046f3bfbfb] [list:046f3bfbfb][*:046f3bfbfb][b:046f3bfbfb]Scan for potentially unwanted applications[/b:046f3bfbfb] [*:046f3bfbfb][b:046f3bfbfb]Scan for potentially unsafe applications[/b:046f3bfbfb] [*:046f3bfbfb][b:046f3bfbfb]Enable Anti-Stealth technology [/b:046f3bfbfb][/list:u:046f3bfbfb] [*:046f3bfbfb]Klik op [b:046f3bfbfb]Start[/b:046f3bfbfb] [*:046f3bfbfb]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:046f3bfbfb]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:046f3bfbfb]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:046f3bfbfb]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:046f3bfbfb] [color=#0000FF:046f3bfbfb][b:046f3bfbfb]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:046f3bfbfb][/color:046f3bfbfb]
  • ESET online scan gedraaid volgens instructies. Ik kon geen log.txt file vinden op de aangegeven plaats, maar heb de meldingen van ESET hieronder weergegeven: C:\Users\Corwin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\79a45a3b-20f4a4c3 Java/TrojanDownloader.OpenStream.NBW trojan deleted - quarantined C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3caf1d90-254535f1 a variant of Java/Exploit.Blacole.AN trojan deleted - quarantined C:\Users\Freddy\Documents\saved_siri_pc\myWebFace.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined C:\Users\Freddy\Downloads\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined C:\Users\Marjolein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\4621f903-13f68523 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined C:\Users\Patrick\Downloads\BlackFloor_downloader_by_Wallpaperstocknet.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined C:\Users\Patrick\Downloads\DownloadSetup (1).exe Win32/InstallMate application cleaned by deleting - quarantined C:\Users\Patrick\Downloads\DownloadSetup (2).exe Win32/InstallMate application cleaned by deleting - quarantined C:\Users\Patrick\Downloads\DownloadSetup.exe Win32/InstallMate application cleaned by deleting - quarantined C:\Users\Public\Documents\CrystalDiskMark3_0_1b-en.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Users\Public\Documents\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined Wat is nu de volgende stap?
  • We doen nog een scan: [b:f8533c30d3]Welk programma[/b:f8533c30d3]: [color=#008000:f8533c30d3][b:f8533c30d3]Emsisoft Emergency Kit 1.0[/b:f8533c30d3][/color:f8533c30d3] [b:f8533c30d3]Waarvoor/waarom[/b:f8533c30d3]: Detecteert en verwijdert malware [b:f8533c30d3]Moeilijkheidsgraad[/b:f8533c30d3]: geen. Download: [b:f8533c30d3][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:f8533c30d3]Emsisoft Emergency Kit[/color:f8533c30d3][/url][/b:f8533c30d3] [b:f8533c30d3]Opmerkingen[/b:f8533c30d3]:[list:f8533c30d3][*:f8533c30d3]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:f8533c30d3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f8533c30d3] [b:f8533c30d3]Emsisoft Emergency Kit opstarten[/b:f8533c30d3] door de map "[b:f8533c30d3]EmsisoftEmergencyKit[/b:f8533c30d3]" te openen [list:f8533c30d3][list:f8533c30d3][*:f8533c30d3][b:f8533c30d3][color=#0000FF:f8533c30d3]Windows 2000[/color:f8533c30d3][/b:f8533c30d3] en [color=#0000FF:f8533c30d3][b:f8533c30d3]Windows XP[/b:f8533c30d3][/color:f8533c30d3]: dubbelklik op "Start.exe". [*:f8533c30d3][color=#0000FF:f8533c30d3][b:f8533c30d3]Windows Vista[/b:f8533c30d3][/color:f8533c30d3] en [color=#0000FF:f8533c30d3][b:f8533c30d3]Windows 7[/b:f8533c30d3][/color:f8533c30d3]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:f8533c30d3][/list:u:f8533c30d3] [b:f8533c30d3]Scannen[/b:f8533c30d3]: [list:f8533c30d3][*:f8533c30d3] Klik nu in het keuzescherm op "[b:f8533c30d3]Emergency Kit Scanner[/b:f8533c30d3]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:f8533c30d3]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:f8533c30d3] [*:f8533c30d3]Doe dit dan ook door te klikken op "[b:f8533c30d3]Ja[/b:f8533c30d3]" [*:f8533c30d3]Wanneer het updaten gereed is volgt de melding "[b:f8533c30d3]Update proces is succesvol afgerond[/b:f8533c30d3]" [*:f8533c30d3]Klik nu op"[b:f8533c30d3]Menu[/b:f8533c30d3]" en dan op "[b:f8533c30d3]Scan PC[/b:f8533c30d3]" [*:f8533c30d3] Selecteer de optie "[b:f8533c30d3]Diep[/b:f8533c30d3]" als deze niet standaard al zo is ingesteld. [*:f8533c30d3] Klik aansluitend op de knop "[b:f8533c30d3]Scan[/b:f8533c30d3]" [list:f8533c30d3][*:f8533c30d3]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:f8533c30d3] [*:f8533c30d3] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:f8533c30d3] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:f8533c30d3]Verwijder geselecteerde[/b:f8533c30d3]" - dan zal de volgende melding komen: [img:f8533c30d3]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:f8533c30d3] [*:f8533c30d3]Klik aansluitend dus op "[b:f8533c30d3]Ja[/b:f8533c30d3]" [*:f8533c30d3] Wanneer het verwijderen klaar is, klik dan op de knop "[b:f8533c30d3]View report[/b:f8533c30d3]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:f8533c30d3]a2scan_110730-111615.txt[/b:f8533c30d3] [*:f8533c30d3] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:f8533c30d3] [color=#008000:f8533c30d3][b:f8533c30d3]Notabene:[/b:f8533c30d3][/color:f8533c30d3] Herstart nu de computer.
  • Bij deze het rapport van Emsisoft. 1 object herken ik, het is afkomstig van de geredde inhoud van onze oude PC. In die tijd was ik nog niet zo voorzichtig met als gevolg dat deze uiteindelijk is bezweken aan alle "ellende" die aanwezig was. Hier heb ik wel van geleerd! Bij deze het scanrapport: Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 18-7-2012 7:42:36 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, J:\, S:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 18-7-2012 7:43:26 Key: hkey_current_user\software\whitesmoke Ontdekt: Trace.Registry.whitesmoke!E1 C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Ester.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2 C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Glocker.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2 C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\huiak$1.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2 C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Stremer.class Ontdekt: Trojan-Downloader.Java.OpenConnection!E2 C:\Users\Freddy\Documents\save_toshiba\Freddy\Diverse Software\Tmpgenc v2.524.63.181 Plus Keygen.rar -> Keygen.exe Ontdekt: not-a-virus.Hacktool.Keygen.TMPGEnc!E2 C:\Qoobox\Quarantine\C\ProgramData\Windows\msseedir.dll.vir Ontdekt: Trojan.Win32.Agent!E2 Gescand 881207 Gevonden 7 Scan geëindigd: 18-7-2012 9:10:43 Scantijd: 1:27:17
  • Wat ik nu mis: heb je ook alles laten verwijderen - want dat staat niet in het log.
  • Jawel, alles laten verwijderen en opnieuw opgestart. Als dit de laatste actie zou zijn geweest: Ik houd ervan mijn systeem "schoon" te houden. Ik neem aan dat ik de gebruikte programma's zonder meer kan verwijderen? Ik zie verder dat ik op C: een map Qoobox heb met daarin wat data die door ComboFix is aangemaakt. O.a. staat daar een map Quarantine. Wat met deze map te doen? Nog enige tips/adviezen?
  • Nu eerst het volgende: een test, om te kijken hoe goed de veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:e7cb9730ec][color=#0000FF:e7cb9730ec]Security Check[/color:e7cb9730ec][/b:e7cb9730ec][/url]. [list:e7cb9730ec][*:e7cb9730ec] Klik/dubbelklik op [b:e7cb9730ec]SecurityCheck.exe[/b:e7cb9730ec] en let op de instrukties in het zwarte venster. [*:e7cb9730ec] Een Kladblok document genaamd [b:e7cb9730ec]checkup.txt[/b:e7cb9730ec] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:e7cb9730ec] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:e7cb9730ec] Post de inhoud van [b:e7cb9730ec]checkup.txt [/b:e7cb9730ec]in je volgende post.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.