Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wie kan mij helpen, krijg deze virussen niet weg

None
15 antwoorden
  • Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.09.10.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Thea :: PC_VAN_THEA [administrator]

    Realtime bescherming: Ingeschakeld

    10-9-2012 20:25:45
    mbam-log-2012-09-10 (20-25-45).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 188877
    Verstreken tijd: 6 minuut/minuten, 37 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\80000000.@ (Trojan.Small) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\800000cb.@ (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Hallo Henk, dat ziet er niet goed uit!

    [b:9fa74b595c]Welk programma[/b:9fa74b595c]: [b:9fa74b595c]TDSSStarter .exe[/b:9fa74b595c][/color:9fa74b595c]
    [b:9fa74b595c]Waarvoor/waarom[/b:9fa74b595c]: Rootkitscanner
    [b:9fa74b595c]Moeilijkheidsgraad[/b:9fa74b595c]: geen
    Download [b:9fa74b595c]TDSSStarter [/b:9fa74b595c] naar het bureaublad.

    [b:9fa74b595c]"TDSSSStarter.exe" gebruiken[/b:9fa74b595c]:
    [list:9fa74b595c][*:9fa74b595c] [b:9fa74b595c]Sluit nu eerst alle nog openstaande programmavensters![/color:9fa74b595c][/b:9fa74b595c]
    [list:9fa74b595c][*:9fa74b595c][b:9fa74b595c]Windows 2000[/color:9fa74b595c][/b:9fa74b595c] en [b:9fa74b595c]Windows XP[/b:9fa74b595c][/color:9fa74b595c]: start "[b:9fa74b595c] TDSSStarter .exe[/b:9fa74b595c]" middels dubbelklikken er op .
    [*:9fa74b595c][b:9fa74b595c]Windows Vista[/b:9fa74b595c][/color:9fa74b595c] en [b:9fa74b595c]Windows 7[/b:9fa74b595c][/color:9fa74b595c]: start "[b:9fa74b595c] TDSSStarter .exe[/b:9fa74b595c]" middels rechtsklik en kies dan voor [b:9fa74b595c]Als Administrator uitvoeren[/b:9fa74b595c].[/list:u:9fa74b595c]
    [*:9fa74b595c]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:9fa74b595c]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:9fa74b595c]
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:01:50.0429 1272 AcerMemUsageCheckService - detected UnsignedFile.Multi.Generic (1)
    12:01:50.0632 1272 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    12:01:50.0741 1272 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:01:50.0803 1272 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    12:01:50.0866 1272 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    12:01:50.0897 1272 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    12:01:50.0959 1272 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    12:01:51.0053 1272 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:01:51.0162 1272 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    12:01:51.0287 1272 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:01:51.0334 1272 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    12:01:51.0412 1272 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    12:01:51.0630 1272 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:01:51.0677 1272 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    12:01:51.0708 1272 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
    12:01:51.0771 1272 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    12:01:51.0849 1272 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    12:01:51.0989 1272 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    12:01:52.0363 1272 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:01:52.0410 1272 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    12:01:52.0519 1272 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    12:01:52.0613 1272 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:01:52.0707 1272 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    12:01:52.0769 1272 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:01:52.0831 1272 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    12:01:53.0097 1272 [ D30B785AB801A0E2B0AD922D66F971F3 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
    12:01:53.0128 1272 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:01:53.0221 1272 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:01:53.0268 1272 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:01:53.0315 1272 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    12:01:53.0331 1272 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    12:01:53.0440 1272 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    12:01:53.0518 1272 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    12:01:53.0580 1272 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    12:01:53.0658 1272 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    12:01:53.0736 1272 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    12:01:53.0830 1272 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    12:01:53.0908 1272 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:01:53.0970 1272 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:01:54.0001 1272 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    12:01:54.0048 1272 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    12:01:54.0189 1272 [ 0E235B002F8FE58DA92566AE53DF6681 ] CLCapSvc C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
    12:01:54.0189 1272 CLCapSvc ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:01:54.0189 1272 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
    12:01:54.0235 1272 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    12:01:54.0329 1272 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:01:54.0391 1272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:01:54.0454 1272 [ CC8E19BF16B69DCF04F5B4C609AA7CD6 ] CLSched C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
    12:01:54.0454 1272 CLSched ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:01:54.0454 1272 CLSched - detected UnsignedFile.Multi.Generic (1)
    12:01:54.0501 1272 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:01:54.0532 1272 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    12:01:54.0579 1272 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    12:01:54.0610 1272 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    12:01:54.0735 1272 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:01:54.0781 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:01:54.0859 1272 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:01:54.0969 1272 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    12:01:55.0249 1272 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    12:01:55.0296 1272 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    12:01:55.0343 1272 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:01:55.0374 1272 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:01:55.0437 1272 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    12:01:55.0499 1272 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:01:55.0561 1272 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:01:55.0639 1272 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    12:01:55.0717 1272 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    12:01:55.0780 1272 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    12:01:55.0827 1272 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    12:01:55.0873 1272 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    12:01:55.0936 1272 [ F841F6ED752CC5F346039D5551931A7B ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    12:01:55.0936 1272 eRecoveryService ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:01:55.0936 1272 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
    12:01:55.0983 1272 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    12:01:56.0045 1272 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    12:01:56.0107 1272 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:01:56.0201 1272 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    12:01:56.0326 1272 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    12:01:56.0388 1272 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    12:01:56.0482 1272 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:01:56.0513 1272 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:01:56.0560 1272 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    12:01:56.0638 1272 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:01:56.0716 1272 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    12:01:56.0794 1272 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    12:01:56.0841 1272 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:01:56.0887 1272 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    12:01:56.0950 1272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:01:57.0043 1272 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    12:01:57.0137 1272 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cae320eb92de6c C:\Program Files\Google\Update\GoogleUpdate.exe
    12:01:57.0184 1272 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    12:01:57.0215 1272 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:01:57.0309 1272 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:01:57.0355 1272 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    12:01:57.0418 1272 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    12:01:57.0511 1272 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    12:01:57.0543 1272 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:01:57.0605 1272 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:01:57.0667 1272 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    12:01:57.0792 1272 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:01:58.0042 1272 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    12:01:58.0104 1272 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:01:58.0167 1272 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    12:01:58.0260 1272 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:01:58.0354 1272 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    12:01:58.0416 1272 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    12:01:58.0494 1272 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
    12:01:58.0650 1272 [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    12:01:58.0806 1272 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
    12:01:58.0869 1272 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:01:58.0947 1272 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:01:58.0993 1272 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:01:59.0056 1272 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    12:01:59.0134 1272 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    12:01:59.0212 1272 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    12:01:59.0243 1272 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:01:59.0305 1272 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:01:59.0352 1272 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    12:01:59.0399 1272 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    12:01:59.0415 1272 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    12:01:59.0446 1272 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:01:59.0461 1272 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:01:59.0508 1272 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    12:01:59.0571 1272 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:01:59.0633 1272 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:01:59.0711 1272 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    12:01:59.0758 1272 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:01:59.0805 1272 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    12:01:59.0805 1272 LightScribeService ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:01:59.0805 1272 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    12:01:59.0836 1272 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:01:59.0883 1272 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:01:59.0945 1272 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:02:00.0023 1272 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    12:02:00.0039 1272 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    12:02:00.0070 1272 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    12:02:00.0101 1272 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    12:02:00.0163 1272 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    12:02:00.0226 1272 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    12:02:00.0319 1272 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    12:02:00.0366 1272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    12:02:00.0460 1272 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    12:02:00.0553 1272 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:02:00.0616 1272 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:02:00.0663 1272 [ B1058290728F8CDF53FF9BE8A4417223 ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys
    12:02:00.0663 1272 moufiltr ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:00.0663 1272 moufiltr - detected UnsignedFile.Multi.Generic (1)
    12:02:00.0678 1272 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:02:00.0772 1272 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    12:02:00.0850 1272 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:02:00.0897 1272 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:02:00.0943 1272 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    12:02:01.0006 1272 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:02:01.0053 1272 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:02:01.0099 1272 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:02:01.0146 1272 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:02:01.0193 1272 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
    12:02:01.0224 1272 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:02:01.0287 1272 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    12:02:01.0380 1272 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:02:01.0427 1272 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:02:01.0458 1272 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:02:01.0521 1272 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:02:01.0552 1272 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:02:01.0599 1272 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:02:01.0645 1272 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:02:01.0677 1272 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    12:02:01.0692 1272 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:02:01.0755 1272 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    12:02:01.0817 1272 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    12:02:01.0879 1272 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS
    wifi.sys
    12:02:01.0942 1272 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers
    dis.sys
    12:02:01.0989 1272 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS
    distapi.sys
    12:02:02.0020 1272 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS
    disuio.sys
    12:02:02.0082 1272 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS
    diswan.sys
    12:02:02.0129 1272 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:02:02.0176 1272 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS
    etbios.sys
    12:02:02.0223 1272 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS
    etbt.sys
    12:02:02.0269 1272 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    12:02:02.0316 1272 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32
    etman.dll
    12:02:02.0394 1272 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32
    etprofm.dll
    12:02:02.0457 1272 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:02:02.0581 1272 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers
    frd960.sys
    12:02:03.0003 1272 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32
    lasvc.dll
    12:02:03.0330 1272 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:02:03.0439 1272 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32
    sisvc.dll
    12:02:03.0533 1272 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers
    siproxy.sys
    12:02:03.0627 1272 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:02:03.0767 1272 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
    12:02:03.0767 1272 NTIDrvr ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:03.0767 1272 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
    12:02:03.0798 1272 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers
    trigdigi.sys
    12:02:04.0141 1272 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    12:02:05.0748 1272 [ FF58C7A7DA6116C1F71E883CB088D598 ] nvlddmkm C:\Windows\system32\DRIVERS
    vlddmkm.sys
    12:02:07.0215 1272 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers
    vraid.sys
    12:02:07.0246 1272 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\DRIVERS
    vstor.sys
    12:02:07.0277 1272 [ 86B1B96806829066982ED67B7ABA74EF ] nvstor32 C:\Windows\system32\drivers
    vstor32.sys
    12:02:07.0371 1272 [ 56407B8616E4206EE02892A2AC712EF3 ] nvsvc C:\Windows\system32
    vvsvc.exe
    12:02:07.0464 1272 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers
    v_agp.sys
    12:02:07.0558 1272 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    12:02:07.0792 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    12:02:07.0948 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    12:02:08.0026 1272 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    12:02:08.0119 1272 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:02:08.0151 1272 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    12:02:08.0260 1272 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:02:08.0307 1272 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    12:02:08.0353 1272 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    12:02:08.0416 1272 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    12:02:08.0619 1272 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:02:09.0024 1272 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    12:02:09.0289 1272 [ C0E25BB0E6A159D332048AFAA2ED24CE ] Planner voor Automatische LiveUpdate C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    12:02:09.0399 1272 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:02:09.0477 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    12:02:09.0523 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    12:02:09.0601 1272 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:02:09.0679 1272 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:02:09.0742 1272 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    12:02:09.0804 1272 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    12:02:09.0851 1272 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:02:09.0882 1272 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    12:02:09.0945 1272 [ 88B72D2A800300EB05C69F3C6C3180F2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
    12:02:09.0945 1272 PSDFilter ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:09.0945 1272 PSDFilter - detected UnsignedFile.Multi.Generic (1)
    12:02:09.0976 1272 [ 9649E11FC5459BF6B2C9E8E327E45C3A ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
    12:02:09.0976 1272 PSDNServ ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:09.0976 1272 PSDNServ - detected UnsignedFile.Multi.Generic (1)
    12:02:09.0976 1272 [ 3D0BE1373B9DFE9FC7B64F090E4D59E3 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
    12:02:09.0991 1272 psdvdisk ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:09.0991 1272 psdvdisk - detected UnsignedFile.Multi.Generic (1)
    12:02:10.0023 1272 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    12:02:10.0101 1272 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    12:02:10.0179 1272 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    12:02:10.0257 1272 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:02:10.0319 1272 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:02:10.0413 1272 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    12:02:10.0522 1272 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:02:10.0615 1272 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    12:02:10.0678 1272 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:02:10.0709 1272 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:02:10.0818 1272 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:02:10.0943 1272 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:02:11.0083 1272 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    12:02:11.0224 1272 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:02:11.0333 1272 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:02:11.0380 1272 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:02:11.0458 1272 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:02:11.0629 1272 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    12:02:11.0676 1272 RichVideo ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:11.0676 1272 RichVideo - detected UnsignedFile.Multi.Generic (1)
    12:02:11.0707 1272 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    12:02:11.0785 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    12:02:11.0848 1272 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:02:11.0957 1272 [ C9B9B3219322786EF82745E09FE9CBE8 ] RTL85n86 C:\Windows\system32\DRIVERS\RTL85n86.sys
    12:02:12.0019 1272 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    12:02:12.0051 1272 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:02:12.0113 1272 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:02:12.0207 1272 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    12:02:12.0253 1272 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:02:12.0316 1272 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:02:12.0378 1272 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:02:12.0503 1272 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    12:02:12.0565 1272 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    12:02:12.0628 1272 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    12:02:12.0690 1272 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    12:02:12.0737 1272 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    12:02:12.0799 1272 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    12:02:12.0846 1272 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:02:12.0909 1272 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:02:12.0971 1272 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:02:13.0049 1272 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    12:02:13.0111 1272 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:02:13.0143 1272 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    12:02:13.0174 1272 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    12:02:13.0205 1272 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    12:02:13.0720 1272 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    12:02:14.0905 1272 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    12:02:14.0983 1272 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:02:15.0093 1272 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:02:15.0139 1272 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    12:02:15.0202 1272 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    12:02:15.0389 1272 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:02:15.0451 1272 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:02:15.0498 1272 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:02:15.0545 1272 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:02:15.0592 1272 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:02:15.0639 1272 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    12:02:15.0685 1272 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    12:02:15.0732 1272 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    12:02:15.0779 1272 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    12:02:15.0810 1272 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    12:02:15.0841 1272 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    12:02:15.0935 1272 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    12:02:16.0013 1272 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:02:16.0060 1272 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:02:16.0107 1272 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    12:02:16.0185 1272 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:02:16.0247 1272 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:02:16.0309 1272 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:02:16.0341 1272 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:02:16.0387 1272 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:02:16.0434 1272 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:02:16.0465 1272 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    12:02:16.0512 1272 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    12:02:16.0590 1272 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    12:02:16.0621 1272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    12:02:16.0684 1272 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    12:02:16.0746 1272 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:02:16.0793 1272 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:02:16.0824 1272 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    12:02:16.0855 1272 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:02:16.0902 1272 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    12:02:16.0918 1272 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    12:02:16.0933 1272 UBHelper ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:16.0933 1272 UBHelper - detected UnsignedFile.Multi.Generic (1)
    12:02:16.0965 1272 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:02:17.0027 1272 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:02:17.0074 1272 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:02:17.0105 1272 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    12:02:17.0136 1272 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    12:02:17.0152 1272 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    12:02:17.0183 1272 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:02:17.0245 1272 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    12:02:17.0323 1272 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    12:02:17.0370 1272 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:02:17.0417 1272 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:02:17.0495 1272 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:02:17.0526 1272 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:02:17.0557 1272 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    12:02:17.0604 1272 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:02:17.0667 1272 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    12:02:17.0713 1272 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:02:17.0745 1272 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    12:02:17.0838 1272 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    12:02:17.0885 1272 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    12:02:17.0947 1272 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:02:18.0010 1272 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:02:18.0057 1272 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    12:02:18.0072 1272 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    12:02:18.0150 1272 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
    12:02:18.0181 1272 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:02:18.0228 1272 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:02:18.0275 1272 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:02:18.0337 1272 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    12:02:18.0415 1272 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    12:02:18.0540 1272 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    12:02:18.0618 1272 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    12:02:18.0696 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:18.0727 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:18.0774 1272 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:02:18.0821 1272 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:02:18.0868 1272 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    12:02:18.0915 1272 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:02:18.0961 1272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:02:19.0008 1272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:02:19.0071 1272 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    12:02:19.0133 1272 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:02:19.0164 1272 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:02:19.0227 1272 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:02:19.0305 1272 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:02:19.0398 1272 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    12:02:19.0539 1272 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:02:19.0663 1272 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    12:02:19.0679 1272 WLSetupSvc ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]warning[/color:e6ed417ac7][/b:e6ed417ac7]
    12:02:19.0679 1272 WLSetupSvc - detected UnsignedFile.Multi.Generic (1)
    12:02:19.0710 1272 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    12:02:19.0835 1272 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:02:19.0913 1272 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    12:02:19.0975 1272 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:02:20.0022 1272 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:02:20.0147 1272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:02:20.0225 1272 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:02:20.0319 1272 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:02:20.0381 1272 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:02:20.0459 1272 [ BFAB14D10543963DBDA7128ADABFA51D ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
    12:02:20.0475 1272 ================ Scan global ===============================
    12:02:20.0506 1272 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    12:02:20.0568 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    12:02:20.0584 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    12:02:20.0631 1272 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    12:02:20.0646 1272 ================ Scan MBR ==================================
    12:02:20.0646 1272 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
    12:02:24.0031 1272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
    12:02:24.0125 1272 ================ Scan VBR ==================================
    12:02:24.0141 1272 [ 1D3D4078E8CB2723EA67C1A8E50A01FD ] \Device\Harddisk0\DR0\Partition1
    12:02:24.0187 1272 [ 8A00BE32ACB59523E366AAD9E39B1A8C ] \Device\Harddisk0\DR0\Partition2
    12:02:24.0187 1272 [ B585F3998252C2217F8BC23430F224F4 ] \Device\Harddisk5\DR5\Partition1
    12:02:24.0187 1272 ================ Scan UEFI extensions ======================
    12:02:24.0187 1272 ================ Scan active images ========================
    12:02:24.0187 1272 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
    12:02:24.0187 1272 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] C:\Windows\System32\drivers\amdk8.sys
    12:02:24.0187 1272 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
    12:02:24.0187 1272 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
    12:02:24.0187 1272 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
    12:02:24.0187 1272 [ CE697FEE0D479290D89BEC80DFE793B7 ] C:\Windows\System32\drivers\usbohci.sys
    12:02:24.0187 1272 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
    12:02:24.0187 1272 [ C9B9B3219322786EF82745E09FE9CBE8 ] C:\Windows\System32\drivers\RTL85n86.sys
    12:02:24.0187 1272 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
    12:02:24.0187 1272 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
    12:02:24.0187 1272 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
    12:02:24.0187 1272 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
    12:02:24.0187 1272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
    12:02:24.0187 1272 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] C:\Windows\System32\drivers\NTIDrvr.sys
    12:02:24.0187 1272 [ BFAB14D10543963DBDA7128ADABFA51D ] C:\Windows\System32\drivers\yk60x86.sys
    12:02:24.0187 1272 [ FF58C7A7DA6116C1F71E883CB088D598 ] C:\Windows\System32\drivers
    vlddmkm.sys
    12:02:24.0187 1272 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
    12:02:24.0187 1272 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
    12:02:24.0203 1272 [ 6D663022DB3E7058907784AE14B69898 ] C:\Windows\System32\drivers\serial.sys
    12:02:24.0203 1272 [ CE9EC966638EF0B10B864DDEDF62A099 ] C:\Windows\System32\drivers\serenum.sys
    12:02:24.0203 1272 [ 8A79FDF04A73428597E2CAF9D0D67850 ] C:\Windows\System32\drivers\parport.sys
    12:02:24.0203 1272 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
    12:02:24.0203 1272 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
    12:02:24.0203 1272 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
    12:02:24.0203 1272 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers
    distapi.sys
    12:02:24.0203 1272 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers
    diswan.sys
    12:02:24.0203 1272 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
    12:02:24.0203 1272 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
    12:02:24.0203 1272 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
    12:02:24.0203 1272 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
    12:02:24.0203 1272 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
    12:02:24.0203 1272 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
    12:02:24.0203 1272 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
    12:02:24.0203 1272 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
    12:02:24.0203 1272 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
    12:02:24.0203 1272 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
    12:02:24.0203 1272 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
    12:02:24.0203 1272 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers
    dproxy.sys
    12:02:24.0203 1272 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
    12:02:24.0203 1272 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
    12:02:24.0203 1272 [ A47B2875680AD67B35C6150BD0203056 ] C:\Windows\System32\drivers\RTKVHDA.sys
    12:02:24.0203 1272 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
    12:02:24.0203 1272 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
    12:02:24.0203 1272 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers
    ull.sys
    12:02:24.0203 1272 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
    12:02:24.0203 1272 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
    12:02:24.0203 1272 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
    12:02:24.0203 1272 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
    12:02:24.0203 1272 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
    12:02:24.0203 1272 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
    12:02:24.0203 1272 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
    12:02:24.0203 1272 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
    12:02:24.0203 1272 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers
    pfs.sys
    12:02:24.0219 1272 [ D30B785AB801A0E2B0AD922D66F971F3 ] C:\Windows\System32\drivers\avgfwd6x.sys
    12:02:24.0219 1272 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
    12:02:24.0219 1272 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
    12:02:24.0219 1272 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers
    etbt.sys
    12:02:24.0219 1272 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
    12:02:24.0219 1272 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
    12:02:24.0219 1272 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
    12:02:24.0219 1272 [ B1058290728F8CDF53FF9BE8A4417223 ] C:\Windows\System32\drivers\moufiltr.sys
    12:02:24.0219 1272 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers
    etbios.sys
    12:02:24.0219 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
    12:02:24.0219 1272 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers
    siproxy.sys
    12:02:24.0219 1272 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
    12:02:24.0219 1272 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
    12:02:24.0219 1272 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32
    tdll.dll
    12:02:24.0219 1272 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
    12:02:24.0219 1272 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
    12:02:24.0219 1272 [ D9728AF68C4C7693CB100B8441CBDEC6 ] C:\Windows\System32\drivers\udfs.sys
    12:02:24.0219 1272 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
    12:02:24.0219 1272 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
    12:02:24.0219 1272 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
    12:02:24.0219 1272 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
    12:02:24.0219 1272 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
    12:02:24.0219 1272 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS
    12:02:24.0219 1272 [ 78DF8195BB75C45AA00484850C2F76F8 ] C:\Windows\System32\wininet.dll
    12:02:24.0219 1272 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
    12:02:24.0219 1272 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
    12:02:24.0219 1272 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
    12:02:24.0219 1272 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
    12:02:24.0219 1272 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
    12:02:24.0219 1272 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
    12:02:24.0219 1272 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
    12:02:24.0219 1272 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32
    ormaliz.dll
    12:02:24.0219 1272 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
    12:02:24.0219 1272 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32
    si.dll
    12:02:24.0219 1272 [ FC510FD52ED9E7C7A9F9C0E71FAD9C3D ] C:\Windows\System32\urlmon.dll
    12:02:24.0234 1272 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
    12:02:24.0234 1272 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
    12:02:24.0234 1272 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
    12:02:24.0234 1272 [ 11C78CD84843ED400AF7EADF1E1473B6 ] C:\Windows\System32\iertutil.dll
    12:02:24.0234 1272 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
    12:02:24.0234 1272 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
    12:02:24.0234 1272 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
    12:02:24.0234 1272 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
    12:02:24.0234 1272 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
    12:02:24.0234 1272 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
    12:02:24.0234 1272 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
    12:02:24.0234 1272 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
    12:02:24.0234 1272 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
    12:02:24.0234 1272 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
    12:02:24.0234 1272 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
    12:02:24.0234 1272 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
    12:02:24.0234 1272 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys
    12:02:24.0234 1272 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
    12:02:24.0234 1272 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
    12:02:24.0234 1272 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
    12:02:24.0234 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
    12:02:24.0234 1272 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
    12:02:24.0234 1272 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
    12:02:24.0234 1272 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
    12:02:24.0234 1272 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
    12:02:24.0234 1272 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
    12:02:24.0234 1272 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
    12:02:24.0234 1272 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
    12:02:24.0234 1272 [ 575DA686EDB1B8C1516181ACFA1FAF7D ] C:\Windows\System32\KBDNE.DLL
    12:02:24.0234 1272 [ 44648ADBF7BB2D1D0F8EAE71A1E6DA71 ] C:\Windows\System32\KBDUSX.DLL
    12:02:24.0234 1272 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
    12:02:24.0234 1272 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
    12:02:24.0234 1272 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
    12:02:24.0250 1272 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
    12:02:24.0250 1272 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
    12:02:24.0250 1272 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
    12:02:24.0250 1272 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
    12:02:24.0250 1272 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
    12:02:24.0250 1272 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
    12:02:24.0250 1272 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
    12:02:24.0250 1272 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
    12:02:24.0250 1272 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
    12:02:24.0250 1272 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32
    etapi32.dll
    12:02:24.0250 1272 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
    12:02:24.0250 1272 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
    12:02:24.0250 1272 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
    12:02:24.0250 1272 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
    12:02:24.0250 1272 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
    12:02:24.0250 1272 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
    12:02:24.0250 1272 [ F180EDE9CFC3FF218D4B45155119F4D9 ] C:\Windows\System32\crypt32.dll
    12:02:24.0250 1272 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
    12:02:24.0250 1272 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
    12:02:24.0250 1272 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32
    cobjapi.dll
    12:02:24.0250 1272 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32
    tdsapi.dll
    12:02:24.0250 1272 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
    12:02:24.0250 1272 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
    12:02:24.0250 1272 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
    12:02:24.0250 1272 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
    12:02:24.0250 1272 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
    12:02:24.0250 1272 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
    12:02:24.0250 1272 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
    12:02:24.0250 1272 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
    12:02:24.0250 1272 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
    12:02:24.0250 1272 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
    12:02:24.0250 1272 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32
    crypt.dll
    12:02:24.0250 1272 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
    12:02:24.0250 1272 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
    12:02:24.0250 1272 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
    12:02:24.0265 1272 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
    12:02:24.0265 1272 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
    12:02:24.0265 1272 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
    12:02:24.0265 1272 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
    12:02:24.0265 1272 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
    12:02:24.0265 1272 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
    12:02:24.0265 1272 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
    12:02:24.0265 1272 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
    12:02:24.0265 1272 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
    12:02:24.0265 1272 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
    12:02:24.0265 1272 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
    12:02:24.0265 1272 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32
    lasvc.dll
    12:02:24.0265 1272 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
    12:02:24.0265 1272 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
    12:02:24.0265 1272 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
    12:02:24.0265 1272 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
    12:02:24.0265 1272 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
    12:02:24.0265 1272 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
    12:02:24.0265 1272 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32
    etlogon.dll
    12:02:24.0265 1272 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
    12:02:24.0265 1272 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
    12:02:24.0265 1272 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
    12:02:24.0265 1272 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
    12:02:24.0265 1272 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
    12:02:24.0265 1272 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
    12:02:24.0265 1272 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32
    tmarta.dll
    12:02:24.0265 1272 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
    12:02:24.0265 1272 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
    12:02:24.0265 1272 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
    12:02:24.0265 1272 [ 56407B8616E4206EE02892A2AC712EF3 ] C:\Windows\System32
    vvsvc.exe
    12:02:24.0265 1272 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
    12:02:24.0265 1272 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    12:02:24.0265 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
    12:02:24.0265 1272 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
    12:02:24.0265 1272 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
    12:02:24.0281 1272 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
    12:02:24.0281 1272 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
    12:02:24.0281 1272 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
    12:02:24.0281 1272 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
    12:02:24.0281 1272 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
    12:02:24.0281 1272 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
    12:02:24.0281 1272 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
    12:02:24.0281 1272 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
    12:02:24.0281 1272 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
    12:02:24.0281 1272 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
    12:02:24.0281 1272 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
    12:02:24.0281 1272 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
    12:02:24.0281 1272 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
    12:02:24.0281 1272 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
    12:02:24.0281 1272 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
    12:02:24.0281
  • Helaas - het log is niet compleet.
    De eindconclusie mist.
    Post het nogmaals.
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:01:50.0429 1272 AcerMemUsageCheckService - detected UnsignedFile.Multi.Generic (1)
    12:01:50.0632 1272 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    12:01:50.0741 1272 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:01:50.0803 1272 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    12:01:50.0866 1272 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    12:01:50.0897 1272 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    12:01:50.0959 1272 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    12:01:51.0053 1272 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:01:51.0162 1272 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    12:01:51.0287 1272 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:01:51.0334 1272 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    12:01:51.0412 1272 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    12:01:51.0630 1272 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:01:51.0677 1272 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    12:01:51.0708 1272 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
    12:01:51.0771 1272 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    12:01:51.0849 1272 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    12:01:51.0989 1272 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    12:01:52.0363 1272 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:01:52.0410 1272 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    12:01:52.0519 1272 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    12:01:52.0613 1272 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:01:52.0707 1272 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    12:01:52.0769 1272 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:01:52.0831 1272 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    12:01:53.0097 1272 [ D30B785AB801A0E2B0AD922D66F971F3 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
    12:01:53.0128 1272 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:01:53.0221 1272 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:01:53.0268 1272 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:01:53.0315 1272 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    12:01:53.0331 1272 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    12:01:53.0440 1272 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    12:01:53.0518 1272 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    12:01:53.0580 1272 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    12:01:53.0658 1272 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    12:01:53.0736 1272 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    12:01:53.0830 1272 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    12:01:53.0908 1272 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:01:53.0970 1272 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:01:54.0001 1272 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    12:01:54.0048 1272 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    12:01:54.0189 1272 [ 0E235B002F8FE58DA92566AE53DF6681 ] CLCapSvc C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
    12:01:54.0189 1272 CLCapSvc ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:01:54.0189 1272 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
    12:01:54.0235 1272 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    12:01:54.0329 1272 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:01:54.0391 1272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:01:54.0454 1272 [ CC8E19BF16B69DCF04F5B4C609AA7CD6 ] CLSched C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
    12:01:54.0454 1272 CLSched ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:01:54.0454 1272 CLSched - detected UnsignedFile.Multi.Generic (1)
    12:01:54.0501 1272 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:01:54.0532 1272 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    12:01:54.0579 1272 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    12:01:54.0610 1272 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    12:01:54.0735 1272 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:01:54.0781 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:01:54.0859 1272 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:01:54.0969 1272 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    12:01:55.0249 1272 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    12:01:55.0296 1272 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    12:01:55.0343 1272 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:01:55.0374 1272 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:01:55.0437 1272 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    12:01:55.0499 1272 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:01:55.0561 1272 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:01:55.0639 1272 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    12:01:55.0717 1272 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    12:01:55.0780 1272 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    12:01:55.0827 1272 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    12:01:55.0873 1272 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    12:01:55.0936 1272 [ F841F6ED752CC5F346039D5551931A7B ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    12:01:55.0936 1272 eRecoveryService ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:01:55.0936 1272 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
    12:01:55.0983 1272 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    12:01:56.0045 1272 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    12:01:56.0107 1272 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:01:56.0201 1272 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    12:01:56.0326 1272 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    12:01:56.0388 1272 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    12:01:56.0482 1272 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:01:56.0513 1272 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:01:56.0560 1272 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    12:01:56.0638 1272 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:01:56.0716 1272 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    12:01:56.0794 1272 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    12:01:56.0841 1272 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:01:56.0887 1272 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    12:01:56.0950 1272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:01:57.0043 1272 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    12:01:57.0137 1272 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cae320eb92de6c C:\Program Files\Google\Update\GoogleUpdate.exe
    12:01:57.0184 1272 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    12:01:57.0215 1272 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:01:57.0309 1272 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:01:57.0355 1272 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    12:01:57.0418 1272 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    12:01:57.0511 1272 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    12:01:57.0543 1272 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:01:57.0605 1272 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:01:57.0667 1272 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    12:01:57.0792 1272 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:01:58.0042 1272 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    12:01:58.0104 1272 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:01:58.0167 1272 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    12:01:58.0260 1272 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:01:58.0354 1272 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    12:01:58.0416 1272 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    12:01:58.0494 1272 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
    12:01:58.0650 1272 [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    12:01:58.0806 1272 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
    12:01:58.0869 1272 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:01:58.0947 1272 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:01:58.0993 1272 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:01:59.0056 1272 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    12:01:59.0134 1272 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    12:01:59.0212 1272 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    12:01:59.0243 1272 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:01:59.0305 1272 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:01:59.0352 1272 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    12:01:59.0399 1272 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    12:01:59.0415 1272 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    12:01:59.0446 1272 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:01:59.0461 1272 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:01:59.0508 1272 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    12:01:59.0571 1272 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:01:59.0633 1272 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:01:59.0711 1272 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    12:01:59.0758 1272 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:01:59.0805 1272 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    12:01:59.0805 1272 LightScribeService ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:01:59.0805 1272 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    12:01:59.0836 1272 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:01:59.0883 1272 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:01:59.0945 1272 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:02:00.0023 1272 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    12:02:00.0039 1272 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    12:02:00.0070 1272 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    12:02:00.0101 1272 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    12:02:00.0163 1272 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    12:02:00.0226 1272 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    12:02:00.0319 1272 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    12:02:00.0366 1272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    12:02:00.0460 1272 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    12:02:00.0553 1272 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:02:00.0616 1272 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:02:00.0663 1272 [ B1058290728F8CDF53FF9BE8A4417223 ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys
    12:02:00.0663 1272 moufiltr ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:00.0663 1272 moufiltr - detected UnsignedFile.Multi.Generic (1)
    12:02:00.0678 1272 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:02:00.0772 1272 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    12:02:00.0850 1272 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:02:00.0897 1272 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:02:00.0943 1272 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    12:02:01.0006 1272 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:02:01.0053 1272 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:02:01.0099 1272 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:02:01.0146 1272 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:02:01.0193 1272 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
    12:02:01.0224 1272 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:02:01.0287 1272 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    12:02:01.0380 1272 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:02:01.0427 1272 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:02:01.0458 1272 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:02:01.0521 1272 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:02:01.0552 1272 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:02:01.0599 1272 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:02:01.0645 1272 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:02:01.0677 1272 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    12:02:01.0692 1272 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:02:01.0755 1272 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    12:02:01.0817 1272 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    12:02:01.0879 1272 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS
    wifi.sys
    12:02:01.0942 1272 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers
    dis.sys
    12:02:01.0989 1272 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS
    distapi.sys
    12:02:02.0020 1272 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS
    disuio.sys
    12:02:02.0082 1272 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS
    diswan.sys
    12:02:02.0129 1272 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:02:02.0176 1272 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS
    etbios.sys
    12:02:02.0223 1272 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS
    etbt.sys
    12:02:02.0269 1272 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    12:02:02.0316 1272 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32
    etman.dll
    12:02:02.0394 1272 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32
    etprofm.dll
    12:02:02.0457 1272 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:02:02.0581 1272 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers
    frd960.sys
    12:02:03.0003 1272 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32
    lasvc.dll
    12:02:03.0330 1272 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:02:03.0439 1272 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32
    sisvc.dll
    12:02:03.0533 1272 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers
    siproxy.sys
    12:02:03.0627 1272 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:02:03.0767 1272 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
    12:02:03.0767 1272 NTIDrvr ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:03.0767 1272 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
    12:02:03.0798 1272 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers
    trigdigi.sys
    12:02:04.0141 1272 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    12:02:05.0748 1272 [ FF58C7A7DA6116C1F71E883CB088D598 ] nvlddmkm C:\Windows\system32\DRIVERS
    vlddmkm.sys
    12:02:07.0215 1272 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers
    vraid.sys
    12:02:07.0246 1272 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\DRIVERS
    vstor.sys
    12:02:07.0277 1272 [ 86B1B96806829066982ED67B7ABA74EF ] nvstor32 C:\Windows\system32\drivers
    vstor32.sys
    12:02:07.0371 1272 [ 56407B8616E4206EE02892A2AC712EF3 ] nvsvc C:\Windows\system32
    vvsvc.exe
    12:02:07.0464 1272 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers
    v_agp.sys
    12:02:07.0558 1272 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    12:02:07.0792 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    12:02:07.0948 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    12:02:08.0026 1272 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    12:02:08.0119 1272 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:02:08.0151 1272 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    12:02:08.0260 1272 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:02:08.0307 1272 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    12:02:08.0353 1272 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    12:02:08.0416 1272 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    12:02:08.0619 1272 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:02:09.0024 1272 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    12:02:09.0289 1272 [ C0E25BB0E6A159D332048AFAA2ED24CE ] Planner voor Automatische LiveUpdate C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    12:02:09.0399 1272 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:02:09.0477 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    12:02:09.0523 1272 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    12:02:09.0601 1272 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:02:09.0679 1272 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:02:09.0742 1272 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    12:02:09.0804 1272 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    12:02:09.0851 1272 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:02:09.0882 1272 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    12:02:09.0945 1272 [ 88B72D2A800300EB05C69F3C6C3180F2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
    12:02:09.0945 1272 PSDFilter ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:09.0945 1272 PSDFilter - detected UnsignedFile.Multi.Generic (1)
    12:02:09.0976 1272 [ 9649E11FC5459BF6B2C9E8E327E45C3A ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
    12:02:09.0976 1272 PSDNServ ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:09.0976 1272 PSDNServ - detected UnsignedFile.Multi.Generic (1)
    12:02:09.0976 1272 [ 3D0BE1373B9DFE9FC7B64F090E4D59E3 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
    12:02:09.0991 1272 psdvdisk ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:09.0991 1272 psdvdisk - detected UnsignedFile.Multi.Generic (1)
    12:02:10.0023 1272 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    12:02:10.0101 1272 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    12:02:10.0179 1272 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    12:02:10.0257 1272 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:02:10.0319 1272 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:02:10.0413 1272 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    12:02:10.0522 1272 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:02:10.0615 1272 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    12:02:10.0678 1272 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:02:10.0709 1272 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:02:10.0818 1272 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:02:10.0943 1272 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:02:11.0083 1272 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    12:02:11.0224 1272 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:02:11.0333 1272 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:02:11.0380 1272 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:02:11.0458 1272 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:02:11.0629 1272 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    12:02:11.0676 1272 RichVideo ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:11.0676 1272 RichVideo - detected UnsignedFile.Multi.Generic (1)
    12:02:11.0707 1272 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    12:02:11.0785 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    12:02:11.0848 1272 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:02:11.0957 1272 [ C9B9B3219322786EF82745E09FE9CBE8 ] RTL85n86 C:\Windows\system32\DRIVERS\RTL85n86.sys
    12:02:12.0019 1272 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    12:02:12.0051 1272 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:02:12.0113 1272 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:02:12.0207 1272 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    12:02:12.0253 1272 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:02:12.0316 1272 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:02:12.0378 1272 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:02:12.0503 1272 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    12:02:12.0565 1272 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    12:02:12.0628 1272 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    12:02:12.0690 1272 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    12:02:12.0737 1272 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    12:02:12.0799 1272 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    12:02:12.0846 1272 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:02:12.0909 1272 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:02:12.0971 1272 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:02:13.0049 1272 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    12:02:13.0111 1272 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:02:13.0143 1272 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    12:02:13.0174 1272 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    12:02:13.0205 1272 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    12:02:13.0720 1272 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    12:02:14.0905 1272 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    12:02:14.0983 1272 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:02:15.0093 1272 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:02:15.0139 1272 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    12:02:15.0202 1272 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    12:02:15.0389 1272 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:02:15.0451 1272 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:02:15.0498 1272 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:02:15.0545 1272 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:02:15.0592 1272 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:02:15.0639 1272 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    12:02:15.0685 1272 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    12:02:15.0732 1272 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    12:02:15.0779 1272 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    12:02:15.0810 1272 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    12:02:15.0841 1272 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    12:02:15.0935 1272 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    12:02:16.0013 1272 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:02:16.0060 1272 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:02:16.0107 1272 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    12:02:16.0185 1272 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:02:16.0247 1272 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:02:16.0309 1272 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:02:16.0341 1272 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:02:16.0387 1272 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:02:16.0434 1272 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:02:16.0465 1272 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    12:02:16.0512 1272 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    12:02:16.0590 1272 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    12:02:16.0621 1272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    12:02:16.0684 1272 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    12:02:16.0746 1272 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:02:16.0793 1272 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:02:16.0824 1272 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    12:02:16.0855 1272 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:02:16.0902 1272 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    12:02:16.0918 1272 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    12:02:16.0933 1272 UBHelper ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:16.0933 1272 UBHelper - detected UnsignedFile.Multi.Generic (1)
    12:02:16.0965 1272 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:02:17.0027 1272 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:02:17.0074 1272 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:02:17.0105 1272 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    12:02:17.0136 1272 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    12:02:17.0152 1272 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    12:02:17.0183 1272 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:02:17.0245 1272 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    12:02:17.0323 1272 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    12:02:17.0370 1272 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:02:17.0417 1272 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:02:17.0495 1272 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:02:17.0526 1272 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:02:17.0557 1272 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    12:02:17.0604 1272 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:02:17.0667 1272 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    12:02:17.0713 1272 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:02:17.0745 1272 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    12:02:17.0838 1272 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    12:02:17.0885 1272 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    12:02:17.0947 1272 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:02:18.0010 1272 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:02:18.0057 1272 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    12:02:18.0072 1272 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    12:02:18.0150 1272 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
    12:02:18.0181 1272 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:02:18.0228 1272 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:02:18.0275 1272 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:02:18.0337 1272 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    12:02:18.0415 1272 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    12:02:18.0540 1272 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    12:02:18.0618 1272 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    12:02:18.0696 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:18.0727 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:18.0774 1272 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:02:18.0821 1272 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:02:18.0868 1272 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    12:02:18.0915 1272 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:02:18.0961 1272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:02:19.0008 1272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:02:19.0071 1272 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    12:02:19.0133 1272 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:02:19.0164 1272 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:02:19.0227 1272 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:02:19.0305 1272 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:02:19.0398 1272 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    12:02:19.0539 1272 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:02:19.0663 1272 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    12:02:19.0679 1272 WLSetupSvc ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]warning[/color:03932c4bcf][/b:03932c4bcf]
    12:02:19.0679 1272 WLSetupSvc - detected UnsignedFile.Multi.Generic (1)
    12:02:19.0710 1272 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    12:02:19.0835 1272 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:02:19.0913 1272 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    12:02:19.0975 1272 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:02:20.0022 1272 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:02:20.0147 1272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:02:20.0225 1272 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:02:20.0319 1272 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:02:20.0381 1272 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:02:20.0459 1272 [ BFAB14D10543963DBDA7128ADABFA51D ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
    12:02:20.0475 1272 ================ Scan global ===============================
    12:02:20.0506 1272 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    12:02:20.0568 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    12:02:20.0584 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    12:02:20.0631 1272 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    12:02:20.0646 1272 ================ Scan MBR ==================================
    12:02:20.0646 1272 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
    12:02:24.0031 1272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
    12:02:24.0125 1272 ================ Scan VBR ==================================
    12:02:24.0141 1272 [ 1D3D4078E8CB2723EA67C1A8E50A01FD ] \Device\Harddisk0\DR0\Partition1
    12:02:24.0187 1272 [ 8A00BE32ACB59523E366AAD9E39B1A8C ] \Device\Harddisk0\DR0\Partition2
    12:02:24.0187 1272 [ B585F3998252C2217F8BC23430F224F4 ] \Device\Harddisk5\DR5\Partition1
    12:02:24.0187 1272 ================ Scan UEFI extensions ======================
    12:02:24.0187 1272 ================ Scan active images ========================
    12:02:24.0187 1272 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
    12:02:24.0187 1272 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] C:\Windows\System32\drivers\amdk8.sys
    12:02:24.0187 1272 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
    12:02:24.0187 1272 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
    12:02:24.0187 1272 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
    12:02:24.0187 1272 [ CE697FEE0D479290D89BEC80DFE793B7 ] C:\Windows\System32\drivers\usbohci.sys
    12:02:24.0187 1272 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
    12:02:24.0187 1272 [ C9B9B3219322786EF82745E09FE9CBE8 ] C:\Windows\System32\drivers\RTL85n86.sys
    12:02:24.0187 1272 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
    12:02:24.0187 1272 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
    12:02:24.0187 1272 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
    12:02:24.0187 1272 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
    12:02:24.0187 1272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
    12:02:24.0187 1272 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] C:\Windows\System32\drivers\NTIDrvr.sys
    12:02:24.0187 1272 [ BFAB14D10543963DBDA7128ADABFA51D ] C:\Windows\System32\drivers\yk60x86.sys
    12:02:24.0187 1272 [ FF58C7A7DA6116C1F71E883CB088D598 ] C:\Windows\System32\drivers
    vlddmkm.sys
    12:02:24.0187 1272 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
    12:02:24.0187 1272 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
    12:02:24.0203 1272 [ 6D663022DB3E7058907784AE14B69898 ] C:\Windows\System32\drivers\serial.sys
    12:02:24.0203 1272 [ CE9EC966638EF0B10B864DDEDF62A099 ] C:\Windows\System32\drivers\serenum.sys
    12:02:24.0203 1272 [ 8A79FDF04A73428597E2CAF9D0D67850 ] C:\Windows\System32\drivers\parport.sys
    12:02:24.0203 1272 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
    12:02:24.0203 1272 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
    12:02:24.0203 1272 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
    12:02:24.0203 1272 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers
    distapi.sys
    12:02:24.0203 1272 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers
    diswan.sys
    12:02:24.0203 1272 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
    12:02:24.0203 1272 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
    12:02:24.0203 1272 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
    12:02:24.0203 1272 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
    12:02:24.0203 1272 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
    12:02:24.0203 1272 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
    12:02:24.0203 1272 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
    12:02:24.0203 1272 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
    12:02:24.0203 1272 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
    12:02:24.0203 1272 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
    12:02:24.0203 1272 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
    12:02:24.0203 1272 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers
    dproxy.sys
    12:02:24.0203 1272 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
    12:02:24.0203 1272 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
    12:02:24.0203 1272 [ A47B2875680AD67B35C6150BD0203056 ] C:\Windows\System32\drivers\RTKVHDA.sys
    12:02:24.0203 1272 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
    12:02:24.0203 1272 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
    12:02:24.0203 1272 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers
    ull.sys
    12:02:24.0203 1272 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
    12:02:24.0203 1272 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
    12:02:24.0203 1272 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
    12:02:24.0203 1272 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
    12:02:24.0203 1272 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
    12:02:24.0203 1272 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
    12:02:24.0203 1272 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
    12:02:24.0203 1272 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
    12:02:24.0203 1272 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers
    pfs.sys
    12:02:24.0219 1272 [ D30B785AB801A0E2B0AD922D66F971F3 ] C:\Windows\System32\drivers\avgfwd6x.sys
    12:02:24.0219 1272 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
    12:02:24.0219 1272 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
    12:02:24.0219 1272 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers
    etbt.sys
    12:02:24.0219 1272 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
    12:02:24.0219 1272 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
    12:02:24.0219 1272 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
    12:02:24.0219 1272 [ B1058290728F8CDF53FF9BE8A4417223 ] C:\Windows\System32\drivers\moufiltr.sys
    12:02:24.0219 1272 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers
    etbios.sys
    12:02:24.0219 1272 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
    12:02:24.0219 1272 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers
    siproxy.sys
    12:02:24.0219 1272 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
    12:02:24.0219 1272 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
    12:02:24.0219 1272 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32
    tdll.dll
    12:02:24.0219 1272 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
    12:02:24.0219 1272 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
    12:02:24.0219 1272 [ D9728AF68C4C7693CB100B8441CBDEC6 ] C:\Windows\System32\drivers\udfs.sys
    12:02:24.0219 1272 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
    12:02:24.0219 1272 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
    12:02:24.0219 1272 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
    12:02:24.0219 1272 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
    12:02:24.0219 1272 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
    12:02:24.0219 1272 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS
    12:02:24.0219 1272 [ 78DF8195BB75C45AA00484850C2F76F8 ] C:\Windows\System32\wininet.dll
    12:02:24.0219 1272 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
    12:02:24.0219 1272 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
    12:02:24.0219 1272 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
    12:02:24.0219 1272 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
    12:02:24.0219 1272 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
    12:02:24.0219 1272 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
    12:02:24.0219 1272 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
    12:02:24.0219 1272 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32
    ormaliz.dll
    12:02:24.0219 1272 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
    12:02:24.0219 1272 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32
    si.dll
    12:02:24.0219 1272 [ FC510FD52ED9E7C7A9F9C0E71FAD9C3D ] C:\Windows\System32\urlmon.dll
    12:02:24.0234 1272 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
    12:02:24.0234 1272 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
    12:02:24.0234 1272 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
    12:02:24.0234 1272 [ 11C78CD84843ED400AF7EADF1E1473B6 ] C:\Windows\System32\iertutil.dll
    12:02:24.0234 1272 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
    12:02:24.0234 1272 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
    12:02:24.0234 1272 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
    12:02:24.0234 1272 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
    12:02:24.0234 1272 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
    12:02:24.0234 1272 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
    12:02:24.0234 1272 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
    12:02:24.0234 1272 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
    12:02:24.0234 1272 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
    12:02:24.0234 1272 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
    12:02:24.0234 1272 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
    12:02:24.0234 1272 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
    12:02:24.0234 1272 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys
    12:02:24.0234 1272 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
    12:02:24.0234 1272 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
    12:02:24.0234 1272 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
    12:02:24.0234 1272 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
    12:02:24.0234 1272 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
    12:02:24.0234 1272 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
    12:02:24.0234 1272 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
    12:02:24.0234 1272 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
    12:02:24.0234 1272 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
    12:02:24.0234 1272 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
    12:02:24.0234 1272 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
    12:02:24.0234 1272 [ 575DA686EDB1B8C1516181ACFA1FAF7D ] C:\Windows\System32\KBDNE.DLL
    12:02:24.0234 1272 [ 44648ADBF7BB2D1D0F8EAE71A1E6DA71 ] C:\Windows\System32\KBDUSX.DLL
    12:02:24.0234 1272 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
    12:02:24.0234 1272 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
    12:02:24.0234 1272 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
    12:02:24.0250 1272 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
    12:02:24.0250 1272 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
    12:02:24.0250 1272 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
    12:02:24.0250 1272 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
    12:02:24.0250 1272 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
    12:02:24.0250 1272 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
    12:02:24.0250 1272 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
    12:02:24.0250 1272 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
    12:02:24.0250 1272 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
    12:02:24.0250 1272 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32
    etapi32.dll
    12:02:24.0250 1272 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
    12:02:24.0250 1272 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
    12:02:24.0250 1272 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
    12:02:24.0250 1272 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
    12:02:24.0250 1272 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
    12:02:24.0250 1272 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
    12:02:24.0250 1272 [ F180EDE9CFC3FF218D4B45155119F4D9 ] C:\Windows\System32\crypt32.dll
    12:02:24.0250 1272 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
    12:02:24.0250 1272 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
    12:02:24.0250 1272 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32
    cobjapi.dll
    12:02:24.0250 1272 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32
    tdsapi.dll
    12:02:24.0250 1272 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
    12:02:24.0250 1272 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
    12:02:24.0250 1272 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
    12:02:24.0250 1272 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
    12:02:24.0250 1272 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
    12:02:24.0250 1272 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
    12:02:24.0250 1272 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
    12:02:24.0250 1272 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
    12:02:24.0250 1272 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
    12:02:24.0250 1272 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
    12:02:24.0250 1272 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32
    crypt.dll
    12:02:24.0250 1272 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
    12:02:24.0250 1272 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
    12:02:24.0250 1272 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
    12:02:24.0265 1272 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
    12:02:24.0265 1272 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
    12:02:24.0265 1272 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
    12:02:24.0265 1272 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
    12:02:24.0265 1272 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
    12:02:24.0265 1272 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
    12:02:24.0265 1272 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
    12:02:24.0265 1272 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
    12:02:24.0265 1272 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
    12:02:24.0265 1272 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
    12:02:24.0265 1272 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
    12:02:24.0265 1272 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32
    lasvc.dll
    12:02:24.0265 1272 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
    12:02:24.0265 1272 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
    12:02:24.0265 1272 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
    12:02:24.0265 1272 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
    12:02:24.0265 1272 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
    12:02:24.0265 1272 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
    12:02:24.0265 1272 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32
    etlogon.dll
    12:02:24.0265 1272 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
    12:02:24.0265 1272 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
    12:02:24.0265 1272 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
    12:02:24.0265 1272 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
    12:02:24.0265 1272 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
    12:02:24.0265 1272 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
    12:02:24.0265 1272 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32
    tmarta.dll
    12:02:24.0265 1272 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
    12:02:24.0265 1272 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
    12:02:24.0265 1272 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
    12:02:24.0265 1272 [ 56407B8616E4206EE02892A2AC712EF3 ] C:\Windows\System32
    vvsvc.exe
    12:02:24.0265 1272 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
    12:02:24.0265 1272 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    12:02:24.0265 1272 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
    12:02:24.0265 1272 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
    12:02:24.0265 1272 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
    12:02:24.0281 1272 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
    12:02:24.0281 1272 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
    12:02:24.0281 1272 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
    12:02:24.0281 1272 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
    12:02:24.0281 1272 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
    12:02:24.0281 1272 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
    12:02:24.0281 1272 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
    12:02:24.0281 1272 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
    12:02:24.0281 1272 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
    12:02:24.0281 1272 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
    12:02:24.0281 1272 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
    12:02:24.0281 1272 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
    12:02:24.0281 1272 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
    12:02:24.0281 1272 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
    12:02:24.0281 1272 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
    12:02:24.0281
  • Sorry, maar ik selecteer echt alles…
  • 12:02:24.0499 1272 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\71329616.sys
    12:02:24.0499 1272 ============================================================
    12:02:24.0499 1272 Scan finished
    12:02:24.0499 1272 ============================================================
    12:02:25.0217 3552 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_11-09-2012_1156_.log
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Dat is mooi, geen rootkit in de MBR.
    We kijken verder:

    [b:47067ae390]Stap 1[/b:47067ae390][/color:47067ae390]
    [b:47067ae390]Welk programma[/b:47067ae390]: [b:47067ae390]AdwCleaner[/b:47067ae390][/color:47067ae390]
    [b:47067ae390]Waarvoor/waarom[/b:47067ae390]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:47067ae390]Moeilijkheidsgraad[/b:47067ae390]: Geen.
    [b:47067ae390]Downloadlokatie[/b:47067ae390]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:47067ae390]Download[/b:47067ae390]: AdwCleaner by Xplode.

    [b:47067ae390]Opmerkingen[/b:47067ae390]:
    [list:47067ae390][*:47067ae390][b:47067ae390] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:47067ae390][/color:47067ae390].
    [*:47067ae390]Dat na opstarten van [b:47067ae390]AdwCleaner[/b:47067ae390][/color:47067ae390] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:47067ae390]
    [b:47067ae390]AdwCleaner[/color:47067ae390] opstarten[/b:47067ae390]:
    [list:47067ae390][*:47067ae390][b:47067ae390]Windows 2000[/color:47067ae390][/b:47067ae390] en [b:47067ae390]Windows XP[/b:47067ae390][/color:47067ae390]: dubbelklik op adwcleaner.exe.
    [*:47067ae390][b:47067ae390]Windows Vista[/b:47067ae390][/color:47067ae390] en [b:47067ae390]Windows 7[/b:47067ae390][/color:47067ae390]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:47067ae390]
    [b:47067ae390]AdwCleaner[/color:47067ae390] is opgestart[/b:47067ae390]:
    [list:47067ae390][*:47067ae390]Klik nu eerst op de knop [b:47067ae390]Zoeken[/b:47067ae390][/color:47067ae390]; klik daarna het geopende log weg.
    [*:47067ae390]Klik vervolgens op de knop [b:47067ae390]Verwijderen[/b:47067ae390][/color:47067ae390]
    [*:47067ae390]Klik bij [b:47067ae390]AdwCleaner Afsluiting van de programma's[/b:47067ae390][/color:47067ae390] op [b:47067ae390]OK[/b:47067ae390]
    [*:47067ae390]Klik bij [b:47067ae390]AdwCleaner Herstarten noodzakelijk[/b:47067ae390][/color:47067ae390] op [b:47067ae390]OK[/b:47067ae390][/list:u:47067ae390]
    [b:47067ae390]AdwCleaner[/color:47067ae390] logbestand[/b:47067ae390]:
    [list:47067ae390][*:47067ae390]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:47067ae390]Post vervolgens aansluitend de inhoud van dit log in je volgende bericht.[/list:u:47067ae390]

    [b:47067ae390]Stap 2[/b:47067ae390][/color:47067ae390]
    [b:47067ae390]Welk programma[/b:47067ae390]: [b:47067ae390]ComboFix[/b:47067ae390][/color:47067ae390]
    [b:47067ae390]Waarvoor/waarom[/b:47067ae390]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:47067ae390]Moeilijkheidsgraad[/b:47067ae390]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:47067ae390]Downloadlokatie[/b:47067ae390]: Dit programma absoluut naar het bureaublad downloaden!
    [b:47067ae390]Download ComboFix via één van deze locaties[/b:47067ae390]:
    [list:47067ae390][*:47067ae390][b:47067ae390]Bleepingcomputer[/b:47067ae390]
    [*:47067ae390][b:47067ae390]ForoSpyware[/b:47067ae390]
    [*:47067ae390][b:47067ae390]Geekstogo[/b:47067ae390][/list:u:47067ae390]
    [b:47067ae390]Hier[/b:47067ae390] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:47067ae390]Hier[/b:47067ae390] en [b:47067ae390]hier[/b:47067ae390] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:47067ae390]Opmerkingen[/b:47067ae390]:
    [list:47067ae390][*:47067ae390] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:47067ae390]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:47067ae390]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:47067ae390]
    [b:47067ae390]ComboFix opstarten[/b:47067ae390]:
    [list:47067ae390][*:47067ae390][b:47067ae390]Windows 2000[/b:47067ae390] en [b:47067ae390]Windows XP[/b:47067ae390]: dubbelklik op ComboFix.exe.
    [*:47067ae390][b:47067ae390]Windows Vista[/b:47067ae390] en [b:47067ae390]Windows 7[/b:47067ae390]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:47067ae390]
    [b:47067ae390]ComboFix is opgestart[/b:47067ae390]:
    [list:47067ae390][*:47067ae390]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:47067ae390]Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
    [*:47067ae390]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:47067ae390]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:47067ae390]Post de inhoud van dit logbestand via [b:47067ae390] DDRMMR's kleurcodeerder[/b:47067ae390] in je volgende bericht.
    [*:47067ae390]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:47067ae390]
    [b:47067ae390]Belangrijke opmerking[/b:47067ae390]:
    [list:47067ae390][*:47067ae390][b:47067ae390]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:47067ae390][/b:47067ae390]
    [*:47067ae390][b:47067ae390]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:47067ae390][/b:47067ae390]
    [*:47067ae390][b:47067ae390]Start dan de computer opnieuw op.[/color:47067ae390][/b:47067ae390][/list:u:47067ae390]
  • [hjt]
    combofix 12-09-11.02 - thea 11-09-2012 20:34:14.1.1 - x86
    microsoft® windows vista™ home basic 6.0.6002.2.1252.31.1043.18.767.273 [b:38b21de92e][gmt 2:00][/b:38b21de92e]
    gestart vanuit: c:\users\thea\desktop\[/color:38b21de92e]combofix.exe[/color:38b21de92e]
    sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}[/color:38b21de92e]
    .
    .
    (((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\luinstall.liveupdate
    c:\programdata
    vidia
    c:\programdata
    vidia
    vapps.xml
    c:\programdata
    vidia
    vstarted
    c:\users\thea\appdata\roaming\microsoft\windows\recent\[/color:38b21de92e]morejongg.url[/color:38b21de92e]
    .
    .
    ((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\legacy_mywebsearchservice
    .
    .
    (((((((((((((((((((( bestanden gemaakt van 2012-08-11 to 2012-09-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-09-11 18:43 . 2012-09-11 18:48 ——– d—–w- c:\users\thea\appdata\local\temp
    2012-09-11 12:44 . 2012-09-11 18:04 ——– d—–w- c:\users\thea\appdata\roaming\browsercompanion
    2012-09-11 09:56 . 2012-09-11 09:56 ——– d—–w- c:\tdsskiller_quarantine
    2012-09-11 09:55 . 2012-09-11 10:02 ——– d—–w- c:\tdssstarter
    2012-09-11 08:15 . 2012-09-11 08:15 3584 —-a-r- c:\users\thea\appdata\roaming\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}[/color:38b21de92e]\icon386ed4e3.exe[/color:38b21de92e]
    2012-09-11 08:15 . 2012-09-11 08:15 ——– d—–w- c:\program files\windows installer clean up
    2012-09-11 08:09 . 2012-09-11 08:15 ——– d—–w- c:\program files\msecache
    2012-09-10 13:42 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\[/color:38b21de92e]mbam.sys[/color:38b21de92e]
    2012-09-10 12:46 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6f63a5bb0009b45a0c17ea48e56c34e5
    2012-09-09 18:32 . 2012-09-09 19:03 ——– d—–w- c:\programdata\clp
    2012-09-09 15:11 . 2012-09-09 15:11 ——– d—–w- c:\users\thea\appdata\local\elevateddiagnostics
    2012-09-08 18:31 . 2012-09-08 18:31 ——– d—–w- c:\users\thea\appdata\local\fixitcenter
    2012-09-08 18:29 . 2012-09-08 18:29 ——– d—–w- c:\program files\microsoft fix it center
    2012-09-08 07:59 . 2012-09-10 13:06 ——– d—–w- c:\program files\microsoft security client
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\users\thea\appdata\roaming\malwarebytes
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\programdata\malwarebytes
    2012-09-08 07:47 . 2012-09-10 13:42 ——– d—–w- c:\program files\malwarebytes' anti-malware
    2012-08-16 08:59 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6f63a5bb0009b45a0c17ea482f3b707c
    2012-08-16 08:58 . 2012-09-10 13:57 ——– d—–w- c:\users\thea\appdata\roaming\tuosgy
    2012-08-16 08:58 . 2012-09-08 06:17 ——– d—–w- c:\users\thea\appdata\roaming\biird
    2012-08-16 08:58 . 2012-08-16 08:58 ——– d—–w- c:\users\thea\appdata\roaming\idve
    2012-08-16 08:28 . 2012-07-04 14:02 2047488 —-a-w- c:\windows\system32\[/color:38b21de92e]win32k.sys[/color:38b21de92e]
    2012-08-14 09:21 . 2012-06-29 08:44 6891424 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{1bc9c01c-8aba-45bf-b18e-a245902c94d6}[/color:38b21de92e]\mpengine.dll[/color:38b21de92e]
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 09:58 . 2009-09-24 08:51 279552 —-a-w- c:\windows\system32\[/color:38b21de92e]services.exe[/color:38b21de92e]
    2012-08-15 16:24 . 2012-05-06 09:13 426184 —-a-w- c:\windows\system32\[/color:38b21de92e]flashplayerapp.exe[/color:38b21de92e]
    2012-08-15 16:24 . 2011-11-03 09:45 70344 —-a-w- c:\windows\system32\flashplayercplapp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    regedit4
    .
    [b:38b21de92e][hkey_current_user\software\microsoft\windows\currentversion\run][/b:38b21de92e]
    "????r"="" [b:38b21de92e][?][/b:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\windows\currentversion\run][/b:38b21de92e]
    "malwarebytes' anti-malware"=c:\program files\malwarebytes' anti-malware\[/color:38b21de92e]mbamgui.exe[/color:38b21de92e] [b:38b21de92e][2012-07-03 462920][/b:38b21de92e]
    .
    c:\users\thea\appdata\roaming\microsoft\windows\start menu\programs\startup\
    tcbhn.lnk - c:\users\thea\appdata\roaming\browsercompanion\[/color:38b21de92e]tcbhn.exe[/color:38b21de92e] [b:38b21de92e][2012-6-28 695448][/b:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\windows\currentversion\policies\system][/b:38b21de92e]
    "enableuiadesktoptoggle"= 0 (0x0)
    .
    [b:38b21de92e][hkey_local_machine\system\currentcontrolset\control\session manager][/b:38b21de92e]
    bootexecute reg_multi_sz autocheck autochk *\0c:\progra~1\avg\avg10\[/color:38b21de92e]avgchsvx.exe[/color:38b21de92e] /sync\0c:\progra~1\avg\avg10\[/color:38b21de92e]avgrsx.exe[/color:38b21de92e] /sync
    estart
    .
    [b:38b21de92e][hklm\~\startupfolder\c:^programdata^microsoft^windows^start menu^programs^startup^winzip quick pick.lnk][/b:38b21de92e]
    path=c:\programdata\microsoft\windows\start menu\programs\startup\[/color:38b21de92e]winzip quick pick.lnk[/color:38b21de92e]
    backup=c:\windows\pss\[/color:38b21de92e]winzip quick pick.lnk[/color:38b21de92e].commonstartup
    backupextension=.commonstartup
    .
    [b:38b21de92e][hklm\~\startupfolder\c:^users^thea^appdata^roaming^microsoft^windows^start menu^programs^startup^openoffice.org 2.3 .lnk][/b:38b21de92e]
    path=c:\users\thea\appdata\roaming\microsoft\windows\start menu\programs\startup\[/color:38b21de92e]openoffice.org 2.3 .lnk[/color:38b21de92e]
    backup=c:\windows\pss\[/color:38b21de92e]openoffice.org 2.3 .lnk[/color:38b21de92e].startup
    backupextension=.startup
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\?????????][/b:38b21de92e]
    ??????????????e [b:38b21de92e][?][/b:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\acer empowering technology monitor][/b:38b21de92e]
    2006-11-23 14:24 319488 —-a-w- c:\windows\system32\[/color:38b21de92e]sysmonitor.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher][/b:38b21de92e]
    2008-10-14 23:04 39792 —-a-w- c:\program files\adobe\reader 8.0\reader\[/color:38b21de92e]reader_sl.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\edatasecurity loader][/b:38b21de92e]
    2006-11-17 07:26 453120 —-a-w- c:\acer\empowering technology\edatasecurity\[/color:38b21de92e]edsloader.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\google desktop search][/b:38b21de92e]
    2007-06-28 17:54 120320 —-a-w- c:\program files\google\google desktop search\[/color:38b21de92e]googledesktop.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\isuspm startup][/b:38b21de92e]
    2005-08-11 14:30 249856 —-a-w- c:\program files\common files\installshield\updateservice\[/color:38b21de92e]isuspm.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ituneshelper][/b:38b21de92e]
    2010-07-21 13:53 141608 —-a-w- c:\program files\itunes\[/color:38b21de92e]ituneshelper.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg
    vcpldaemon][/b:38b21de92e]
    2008-06-19 23:04 13535776 —-a-w- c:\windows\system32\[/color:38b21de92e]nvcpl.dll[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg
    vmediacenter][/b:38b21de92e]
    2008-06-19 23:04 92704 —-a-w- c:\windows\system32\[/color:38b21de92e]nvmctray.dll[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\pcmservice][/b:38b21de92e]
    2006-11-25 00:57 151552 ——w- c:\acer\empowering technology\emode\pcm\[/color:38b21de92e]pcmservice.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\quicktime task][/b:38b21de92e]
    2010-03-18 20:16 421888 —-a-w- c:\program files\quicktime\[/color:38b21de92e]qttask.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\rthdvcpl][/b:38b21de92e]
    2006-11-09 02:57 3784704 —-a-w- c:\windows\[/color:38b21de92e]rthdvcpl.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched][/b:38b21de92e]
    2011-04-08 10:59 254696 —-a-w- c:\program files\common files\java\java update\[/color:38b21de92e]jusched.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\warreg_popup][/b:38b21de92e]
    2006-11-05 20:48 57344 —-a-w- c:\acer\wr_popup\[/color:38b21de92e]warreg_popup.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg][/b:38b21de92e]
    2008-01-19 07:33 202240 —-a-w- c:\program files\windows media player\[/color:38b21de92e]wmpnscfg.exe[/color:38b21de92e]
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\security center\monitoring][/b:38b21de92e]
    "disablemonitoring"=dword:00000001
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus][/b:38b21de92e]
    "disablemonitoring"=dword:00000001
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall][/b:38b21de92e]
    "disablemonitoring"=dword:00000001
    .
    r2 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\system32\macromed\flash\[/color:38b21de92e]flashplayerupdateservice.exe[/color:38b21de92e] [b:38b21de92e][x][/b:38b21de92e]
    .
    .
    — andere services/drivers in geheugen —
    .
    *newlycreated* - ws2ifsl
    .
    [b:38b21de92e][hkey_local_machine\software\microsoft\windows nt\currentversion\svchost][/b:38b21de92e]
    localservicenonetwork reg_multi_sz pla dps bfe mpssvc
    localserviceandnoimpersonation reg_multi_sz fontcache
    .
    inhoud van de 'gedeelde taken' map
    .
    2012-09-11 c:\windows\tasks\[/color:38b21de92e]adobe flash player updater.job[/color:38b21de92e]
    - c:\windows\system32\macromed\flash\[/color:38b21de92e]flashplayerupdateservice.exe[/color:38b21de92e] [b:38b21de92e][2012-05-06 16:24][/b:38b21de92e]
    .
    2012-09-11 c:\windows\tasks\[/color:38b21de92e]googleupdatetaskmachinecore.job[/color:38b21de92e]
    - c:\program files\google\update\[/color:38b21de92e]googleupdate.exe[/color:38b21de92e] [b:38b21de92e][2010-04-23 20:09][/b:38b21de92e]
    .
    2012-09-11 c:\windows\tasks\[/color:38b21de92e]googleupdatetaskmachineua.job[/color:38b21de92e]
    - c:\program files\google\update\[/color:38b21de92e]googleupdate.exe[/color:38b21de92e] [b:38b21de92e][2010-04-23 20:09][/b:38b21de92e]
    .
    .
    ——- bijkomende scan ——-
    .
    usearchmigrateddefaulturl = hxxp://search.yahoo.com/search?p={searchterms}&ei=utf-8&fr=b1ie7
    ustart page = hxxp://www.google.nl/
    mstart page = hxxp://nl.intl.acer.yahoo.com
    uinternet settings,proxyoverride = *.local
    tcp: dhcpnameserver = 212.54.40.25 212.54.35.25
    dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe}[/color:38b21de92e] - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    - - - - orphans verwijderd - - - -
    .
    webbrowser-{37e17185-b07a-47b3-bd86-c675e4e4b89a}[/color:38b21de92e] - (no file)
    safeboot-94425425.sys
    msconfigstartup-msnmsgr - c:\program files\windows live\messenger\[/color:38b21de92e]msnmsgr.exe[/color:38b21de92e]
    msconfigstartup-my web search bar search scope monitor - c:\progra~1\mywebs~1\bar\[/color:38b21de92e]1.bin[/color:38b21de92e]\m3srchmn.exe
    msconfigstartup-mywebsearch email plugin - c:\progra~1\mywebs~1\bar\[/color:38b21de92e]1.bin[/color:38b21de92e]\mwsoemon.exe
    msconfigstartup-swg - c:\program files\google\googletoolbarnotifier\[/color:38b21de92e]googletoolbarnotifier.exe[/color:38b21de92e]
    msconfigstartup-yxseheuryv - c:\users\thea\appdata\roaming\tuosgy\[/color:38b21de92e]uwezn.exe[/color:38b21de92e]
    addremove-zylom games player plugin - c:\program files\zylom games\[/color:38b21de92e]uninstallplugin.exe[/color:38b21de92e]
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [u:38b21de92e][noparse]http://www.gmer.net[/noparse][/u:38b21de92e]
    rootkit scan 2012-09-11 20:49
    windows 6.0.6002 service pack 2 ntfs
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ———————— andere aktieve processen ————————
    .
    c:\windows\system32\[/color:38b21de92e]nvvsvc.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]rundll32.exe[/color:38b21de92e]
    c:\acer\empowering technology\eperformance\[/color:38b21de92e]memcheck.exe[/color:38b21de92e]
    c:\program files\common files\apple\mobile device support\[/color:38b21de92e]applemobiledeviceservice.exe[/color:38b21de92e]
    c:\program files\bonjour\[/color:38b21de92e]mdnsresponder.exe[/color:38b21de92e]
    c:\acer\empowering technology\emode\pcm\kernel\tv\[/color:38b21de92e]clcapsvc.exe[/color:38b21de92e]
    c:\windows\microsoft.net\framework\v3.0\wpf\[/color:38b21de92e]presentationfontcache.exe[/color:38b21de92e]
    c:\windows\microsoft.net\framework\v3.0\windows communication foundation\[/color:38b21de92e]infocard.exe[/color:38b21de92e]
    c:\program files\ipod\bin\[/color:38b21de92e]ipodservice.exe[/color:38b21de92e]
    c:\program files\common files\lightscribe\[/color:38b21de92e]lssrvc.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]lxbtcoms.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]msdtc.exe[/color:38b21de92e]
    c:\windows\microsoft.net\framework\v3.0\windows communication foundation\[/color:38b21de92e]smsvchost.exe[/color:38b21de92e]
    c:\program files\cyberlink\shared files\[/color:38b21de92e]richvideo.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]locator.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]snmptrap.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]ui0detect.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]vds.exe[/color:38b21de92e]
    c:\program files\windows live\installer\[/color:38b21de92e]wlsetupsvc.exe[/color:38b21de92e]
    c:\windows\system32\wbem\[/color:38b21de92e]wmiapsrv.exe[/color:38b21de92e]
    c:\program files\windows media player\[/color:38b21de92e]wmpnetwk.exe[/color:38b21de92e]
    c:\windows\microsoft.net\framework\v4.0.30319\wpf\[/color:38b21de92e]wpffontcache_v0400.exe[/color:38b21de92e]
    c:\acer\empowering technology\emode\pcm\kernel\tv\[/color:38b21de92e]clsched.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]wudfhost.exe[/color:38b21de92e]
    c:\acer\empowering technology\erecovery\[/color:38b21de92e]erecoveryservice.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]iashost.exe[/color:38b21de92e]
    c:\windows\system32\[/color:38b21de92e]conime.exe[/color:38b21de92e]
    c:\program files\malwarebytes' anti-malware\[/color:38b21de92e]mbamservice.exe[/color:38b21de92e]
    .
    **************************************************************************
    .
    voltooingstijd: 2012-09-11 20:57:13 - machine werd herstart
    combofix-quarantined-files.txt 2012-09-11 18:56
    .
    pre-run: 37.185.064.960 bytes beschikbaar
    post-run: 37.241.081.856 bytes beschikbaar
    .
    - - end of file - - e415dfca1a3828dca071f9760a204bce

    [/hjt]
  • Bedankt!!!!!!!!!!!!!!!! Door alle tips van abraham54 is het mij gelukt de computer weer helemaal schoon te krijgen!
  • We zijn nog niet klaar hoor!

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:b46eb805ac]Kladblok (of Notepad)[/b:b46eb805ac]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:b46eb805ac]ClearJavaCache::

    File::
    C:\Windows\System32\drivers\avgfwd6x.sys

    Folder::
    c:\users\thea\appdata\roaming\browsercompanion
    c:\progra~1\mywebs~1
    c:\users\thea\appdata\roaming\tuosgy


    Driver::
    avgfwd6x[/color:b46eb805ac][/b:b46eb805ac]

    Sla dit kladblokbestand op je bureaublad op als [b:b46eb805ac]CFScript.txt[/b:b46eb805ac].

    [b:b46eb805ac]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:b46eb805ac][/b:b46eb805ac]
    [b:b46eb805ac]Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.[/b:b46eb805ac][/color:b46eb805ac]


    Sleep CFScript.txt in ComboFix.exe


    [img:b46eb805ac]http://crew.nucia.eu/smeenk/CFScript.gif[/img:b46eb805ac]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix-log dat na het opnieuw starten.
    Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:b46eb805ac]C:\Combofix.txt[/b:b46eb805ac]

    [b:b46eb805ac]Belangrijke opmerking[/b:b46eb805ac]:
    [list:b46eb805ac][*:b46eb805ac][b:b46eb805ac]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:b46eb805ac][/b:b46eb805ac]
    [*:b46eb805ac][b:b46eb805ac]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:b46eb805ac][/b:b46eb805ac]
    [*:b46eb805ac][b:b46eb805ac]Start dan de computer opnieuw op.[/color:b46eb805ac][/b:b46eb805ac][/list:u:b46eb805ac]
  • Hier het gevraagde combofix log. Heel erg bedankt voor je hulp:
    ComboFix 12-09-12.03 - Thea 13-09-2012 8:52.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.767.256 [GMT 2:00]
    Gestart vanuit: c:\users\Thea\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-08-13 to 2012-09-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Thea\AppData\Local\temp
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-09-12 22:09 . 2012-09-13 06:22 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\offreg.dll
    2012-09-12 10:15 . 2012-02-09 12:17 713784 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A54E6B8-28E3-45F1-816A-CAB774D67C4F}\gapaengine.dll
    2012-09-12 10:01 . 2012-08-27 23:50 7022536 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\mpengine.dll
    2012-09-12 09:51 . 2010-04-05 20:00 221568 —-a-w- c:\windows\system32\drivers
    etio.sys
    2012-09-11 12:44 . 2012-09-13 06:34 ——– d—–w- c:\users\Thea\AppData\Roaming\BrowserCompanion
    2012-09-11 09:56 . 2012-09-11 09:56 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-09-11 09:55 . 2012-09-11 10:02 ——– d—–w- C:\TDSSStarter
    2012-09-11 08:15 . 2012-09-11 08:15 3584 —-a-r- c:\users\Thea\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-09-11 08:15 . 2012-09-11 08:15 ——– d—–w- c:\program files\Windows Installer Clean Up
    2012-09-11 08:09 . 2012-09-11 08:15 ——– d—–w- c:\program files\MSECACHE
    2012-09-10 13:42 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-10 12:46 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA48E56C34E5
    2012-09-09 18:32 . 2012-09-09 19:03 ——– d—–w- c:\programdata\clp
    2012-09-09 15:11 . 2012-09-09 15:11 ——– d—–w- c:\users\Thea\AppData\Local\ElevatedDiagnostics
    2012-09-08 18:31 . 2012-09-08 18:31 ——– d—–w- c:\users\Thea\AppData\Local\FixItCenter
    2012-09-08 18:29 . 2012-09-08 18:29 ——– d—–w- c:\program files\Microsoft Fix it Center
    2012-09-08 07:59 . 2012-09-12 09:52 ——– d—–w- c:\program files\Microsoft Security Client
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\users\Thea\AppData\Roaming\Malwarebytes
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\programdata\Malwarebytes
    2012-09-08 07:47 . 2012-09-10 13:42 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-16 08:59 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA482F3B707C
    2012-08-16 08:58 . 2012-09-10 13:57 ——– d—–w- c:\users\Thea\AppData\Roaming\Tuosgy
    2012-08-16 08:58 . 2012-09-08 06:17 ——– d—–w- c:\users\Thea\AppData\Roaming\Biird
    2012-08-16 08:58 . 2012-08-16 08:58 ——– d—–w- c:\users\Thea\AppData\Roaming\Idve
    2012-08-16 08:28 . 2012-07-04 14:02 2047488 —-a-w- c:\windows\system32\win32k.sys
    2012-08-14 09:21 . 2012-06-29 08:44 6891424 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC9C01C-8ABA-45BF-B18E-A245902C94D6}\mpengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 09:58 . 2009-09-24 08:51 279552 —-a-w- c:\windows\system32\services.exe
    2012-08-15 16:24 . 2012-05-06 09:13 426184 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 16:24 . 2011-11-03 09:45 70344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    tcbhn.lnk - c:\users\Thea\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Thea^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3 .lnk]
    path=c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.3 .lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
    ??????????????e [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    2006-11-23 14:24 319488 —-a-w- c:\windows\System32\SysMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 23:04 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2006-11-17 07:26 453120 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-06-28 17:54 120320 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 14:30 249856 —-a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-06-19 23:04 13535776 —-a-w- c:\windows\System32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-06-19 23:04 92704 —-a-w- c:\windows\System32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2006-11-25 00:57 151552 ——w- c:\acer\Empowering Technology\eMode\PCM\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2006-11-09 02:57 3784704 —-a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 20:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:24]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-13 09:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-09-13 09:12:12
    ComboFix-quarantined-files.txt 2012-09-13 07:12
    ComboFix2.txt 2012-09-11 19:23
    .
    Pre-Run: 37.031.575.552 bytes beschikbaar
    Post-Run: 36.607.512.576 bytes beschikbaar
    .
    - - End Of File - - 6D797C3AF4A286C378239A86D481D882
  • Hoe gaat het nu?
  • Volgens mij gaat het goed! Bedankt!
  • Doe nu dan maar het volgende: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:6017761037]Security Check[/color:6017761037][/b:6017761037].
    [list:6017761037][*:6017761037] Klik/dubbelklik op [b:6017761037]SecurityCheck.exe[/b:6017761037] en let op de instrukties in het zwarte venster.
    [*:6017761037] Een Kladblok document genaamd [b:6017761037]checkup.txt[/b:6017761037] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:6017761037] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:6017761037]
    Post de inhoud van [b:6017761037]checkup.txt [/b:6017761037]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.