Vraag & Antwoord

27 antwoorden

Het probleem:

Hoewel ik "zuinig" ben op onze PC (Gebruikers allen met "user" rechten (als beheerder alleen bij installatie van nieuwe software), Microsoft Firewall aan, Microsoft Essentials aktief, officiele Windows versie, updates van W7 altijd installeren) is IE sinds enkele weken zo traag als dikke stroop. Dit was de aanleiding om Chrome als browser te gaan gebruiken. Deze start ook traag op, maar daarna werkt het redelijk goed. Kort na het opstarten van Chrome (en alleen dan) geeft Microsoft de melding dat Sinowal.gen!Y is gedetecteerd en in quarantaine is geplaats. Na een herstart (door Essentials geadviseerd) volgt ook de aanbeveling om het hele systeem te scannen. Dit duurt ongeveer 2 uur, en daarbij worden geen nieuwe dreigingen gevonden. Hoe dan ook, zodra Chrome wordt opgestart begint het feest weer van voor af aan.

Blijkbaar toch niet zuinig genoeg geweest :-( .

Ik heb HijackThis gedraaid met het onderstaande resultaat. Vraag is nu: Hoe verder??

[list:2f596f30e7]Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:49, on 17-7-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Public\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON BX600FW Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_SCBD7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Office BX600FW(Netwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKU.EXE /FU "C:\Windows\TEMP\E_S7E92.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HyperWorkswin64Desktop Quick Launch.lnk = C:\Altairwin64\hw10.0\hw\bin\win64\hw.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Flexlm Service 1 - Flexera Software, Inc. - C:\Altairwin64\hw10.0\security\win64\lmgrd.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 11091 bytes
[/list:u:2f596f30e7]

Anoniem 17 juli 2012 12:10

Hallo bushmaster, hen je ondanks de waarschuwingen van MSE ook geïnternetbankierd?

[b:d84f20f35e]Welk programma[/b:d84f20f35e]: Kaspersky [b:d84f20f35e]TDSSKiller[/b:d84f20f35e]
[b:d84f20f35e]Waarvoor/waarom[/b:d84f20f35e]: Rootkitscanner
[b:d84f20f35e]Moeilijkheidsgraad[/b:d84f20f35e]: geen
[b:d84f20f35e]Downloadlokatie[/b:d84f20f35e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
[b:d84f20f35e]Download[/b:d84f20f35e] [b:d84f20f35e]TDSSKiller[/b:d84f20f35e] [b:d84f20f35e]hier[/b:d84f20f35e].

[b:d84f20f35e]Installatie[/b:d84f20f35e]:
[list:d84f20f35e][*:d84f20f35e] pak het bestand uit op je bureaublad.[/list:u:d84f20f35e]

[b:d84f20f35e]TDSSKiller gebruiken[/b:d84f20f35e]:
[list:d84f20f35e][*:d84f20f35e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
[*:d84f20f35e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:d84f20f35e]Als Administrator uitvoeren[/b:d84f20f35e].[/list:u:d84f20f35e]
[list:d84f20f35e][*:d84f20f35e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit,
[*:d84f20f35e]klik daarvoor op de knop "Load update"[/list:u:d84f20f35e]
[indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:d84f20f35e][/indent][/indent]

[list:d84f20f35e][*:d84f20f35e]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
[*:d84f20f35e]Start nu TDSSkiller opnieuw.
[*:d84f20f35e] Klik op "[b:d84f20f35e]Change parameters[/b:d84f20f35e]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:d84f20f35e]

[indent][indent][img:d84f20f35e]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:d84f20f35e][/indent][/indent]

[list:d84f20f35e][*:d84f20f35e]Klik vervolgens op de knop [b:d84f20f35e]"Start Scan"[/b:d84f20f35e] en volg de instructies.
[*:d84f20f35e] Nadat de scan klaar is klik je op de knop [b:d84f20f35e]"Report"[/b:d84f20f35e].
[*:d84f20f35e]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:d84f20f35e]
[list:d84f20f35e][*:d84f20f35e][b:d84f20f35e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:d84f20f35e]
[*:d84f20f35e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:d84f20f35e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:d84f20f35e][/list:u:d84f20f35e]

, [b:d84f20f35e]ZeroAccess[/b:d84f20f35e] of

Anoniem 17 juli 2012 12:25

Hallo Abraham54,

Bedankt voor de snelle reactie!

Vanaf dat ik (!) de melding kreeg (vanaf gisteren, want toen ben IK pas voor het eerst Chrome gaan gebruiken), heb ik niet geïnternetbankierd. Maar bij navragen bij mijn kids (Chrome gebruikers) blijkt dat zij regelmatig een melding kregen. Op de vraag wat ze daarop deden kwam als antwoord "nou gewoon, de melding wegklikken" (zucht…). Dikke kans dus dat ik in die periode dit wel heb gedaan.

Hoe serieus is het gevaar dat mijn rekening wordt "geplunderd"? Kan men iets zonder de Randomreader (Rabobank klant)? Ik zal in ieder geval snel (via een ander systeem) poolshoogte gaan nemen!

Ik ga snel de TDSSkiller proberen.

Bushmaster

Anoniem 17 juli 2012 13:08

Hierbij het resultaat van de scan. Behalve het laten genereren van dit rapport heb ik nog niets gedaan:

15:33:02.0058 1472 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:33:02.0230 1472 ============================================================
15:33:02.0230 1472 Current date / time: 2012/07/17 15:33:02.0230
15:33:02.0230 1472 SystemInfo:
15:33:02.0230 1472
15:33:02.0230 1472 OS Version: 6.1.7601 ServicePack: 1.0
15:33:02.0230 1472 Product type: Workstation
15:33:02.0230 1472 ComputerName: CODYS-PC
15:33:02.0230 1472 UserName: Beheerder
15:33:02.0230 1472 Windows directory: C:\Windows
15:33:02.0230 1472 System windows directory: C:\Windows
15:33:02.0230 1472 Running under WOW64
15:33:02.0230 1472 Processor architecture: Intel x64
15:33:02.0230 1472 Number of processors: 4
15:33:02.0230 1472 Page size: 0x1000
15:33:02.0230 1472 Boot type: Normal boot
15:33:02.0230 1472 ============================================================
15:33:03.0525 1472 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:33:03.0540 1472 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:33:03.0571 1472 ============================================================
15:33:03.0571 1472 \Device\Harddisk0\DR0:
15:33:03.0571 1472 MBR partitions:
15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37643000
15:33:03.0571 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37675800, BlocksNum 0x3D090000
15:33:03.0571 1472 \Device\Harddisk1\DR1:
15:33:03.0571 1472 MBR partitions:
15:33:03.0571 1472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
15:33:03.0571 1472 ============================================================
15:33:03.0587 1472 C: <-> \Device\Harddisk0\DR0\Partition1
15:33:03.0618 1472 J: <-> \Device\Harddisk0\DR0\Partition0
15:33:03.0727 1472 D: <-> \Device\Harddisk0\DR0\Partition2
15:33:03.0727 1472 S: <-> \Device\Harddisk1\DR1\Partition0
15:33:03.0727 1472 ============================================================
15:33:03.0727 1472 Initialize success
15:33:03.0727 1472 ============================================================
15:34:44.0764 3672 ============================================================
15:34:44.0764 3672 Scan started
15:34:44.0764 3672 Mode: Manual; SigCheck; TDLFS;
15:34:44.0764 3672 ============================================================
15:34:45.0622 3672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:34:45.0684 3672 1394ohci - ok
15:34:45.0746 3672 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
15:34:45.0824 3672 61883 - ok
15:34:45.0887 3672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:34:45.0918 3672 ACPI - ok
15:34:45.0949 3672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:34:45.0996 3672 AcpiPmi - ok
15:34:46.0121 3672 AcrSch2Svc (40864cd2f67e7b532d4e366ecb54e0cb) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:34:46.0152 3672 AcrSch2Svc - ok
15:34:46.0277 3672 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:34:46.0292 3672 AdobeFlashPlayerUpdateSvc - ok
15:34:46.0355 3672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:34:46.0386 3672 adp94xx - ok
15:34:46.0417 3672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:34:46.0433 3672 adpahci - ok
15:34:46.0464 3672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:34:46.0464 3672 adpu320 - ok
15:34:46.0511 3672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:34:46.0636 3672 AeLookupSvc - ok
15:34:46.0667 3672 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys
15:34:46.0682 3672 afcdp - ok
15:34:46.0823 3672 afcdpsrv (a530853e2b6d9061fa25fe8df308e08e) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
15:34:46.0854 3672 afcdpsrv - ok
15:34:46.0948 3672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:34:47.0010 3672 AFD - ok
15:34:47.0041 3672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:34:47.0072 3672 agp440 - ok
15:34:47.0275 3672 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
15:34:47.0275 3672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
15:34:47.0275 3672 Akamai ( HiddenFile.Multi.Generic ) - warning
15:34:47.0275 3672 Akamai - detected HiddenFile.Multi.Generic (1)
15:34:47.0322 3672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:34:47.0369 3672 ALG - ok
15:34:47.0384 3672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:34:47.0400 3672 aliide - ok
15:34:47.0447 3672 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
15:34:47.0478 3672 AMD External Events Utility - ok
15:34:47.0556 3672 AMD FUEL Service - ok
15:34:47.0618 3672 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
15:34:47.0634 3672 AMD Reservation Manager - ok
15:34:47.0650 3672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:34:47.0665 3672 amdide - ok
15:34:47.0681 3672 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:34:47.0681 3672 amdiox64 - ok
15:34:47.0728 3672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:34:47.0774 3672 AmdK8 - ok
15:34:48.0055 3672 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:34:48.0180 3672 amdkmdag - ok
15:34:48.0320 3672 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
15:34:48.0352 3672 amdkmdap - ok
15:34:48.0367 3672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:34:48.0398 3672 AmdPPM - ok
15:34:48.0430 3672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:34:48.0445 3672 amdsata - ok
15:34:48.0461 3672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:34:48.0476 3672 amdsbs - ok
15:34:48.0492 3672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:34:48.0492 3672 amdxata - ok
15:34:48.0539 3672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:34:48.0664 3672 AppID - ok
15:34:48.0695 3672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:34:48.0773 3672 AppIDSvc - ok
15:34:48.0804 3672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:34:48.0851 3672 Appinfo - ok
15:34:48.0944 3672 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:34:48.0976 3672 Apple Mobile Device - ok
15:34:49.0022 3672 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:34:49.0069 3672 AppMgmt - ok
15:34:49.0085 3672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:34:49.0116 3672 arc - ok
15:34:49.0132 3672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:34:49.0132 3672 arcsas - ok
15:34:49.0194 3672 ASKService (7b44f870fc2da172c5367d9e3f96f553) C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
15:34:49.0225 3672 ASKService - ok
15:34:49.0241 3672 ASKUpgrade (367621cb272a8d9e7d910388916d5737) C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
15:34:49.0256 3672 ASKUpgrade - ok
15:34:49.0272 3672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:49.0319 3672 AsyncMac - ok
15:34:49.0334 3672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:34:49.0350 3672 atapi - ok
15:34:49.0412 3672 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
15:34:49.0428 3672 AtiHDAudioService - ok
15:34:49.0459 3672 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
15:34:49.0490 3672 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
15:34:49.0490 3672 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
15:34:49.0740 3672 atikmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:34:49.0818 3672 atikmdag - ok
15:34:50.0114 3672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:34:50.0146 3672 AudioEndpointBuilder - ok
15:34:50.0161 3672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:34:50.0177 3672 AudioSrv - ok
15:34:50.0270 3672 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
15:34:50.0302 3672 Avc - ok
15:34:50.0333 3672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:34:50.0411 3672 AxInstSV - ok
15:34:50.0458 3672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:34:50.0520 3672 b06bdrv - ok
15:34:50.0551 3672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:34:50.0598 3672 b57nd60a - ok
15:34:50.0629 3672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:34:50.0676 3672 BDESVC - ok
15:34:50.0692 3672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:34:50.0754 3672 Beep - ok
15:34:50.0832 3672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:34:50.0894 3672 BFE - ok
15:34:50.0957 3672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:34:51.0097 3672 BITS - ok
15:34:51.0113 3672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:34:51.0144 3672 blbdrive - ok
15:34:51.0238 3672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:34:51.0269 3672 Bonjour Service - ok
15:34:51.0316 3672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:34:51.0362 3672 bowser - ok
15:34:51.0378 3672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:34:51.0409 3672 BrFiltLo - ok
15:34:51.0409 3672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:34:51.0425 3672 BrFiltUp - ok
15:34:51.0456 3672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:34:51.0503 3672 Browser - ok
15:34:51.0534 3672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:34:51.0581 3672 Brserid - ok
15:34:51.0596 3672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:34:51.0612 3672 BrSerWdm - ok
15:34:51.0628 3672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:34:51.0659 3672 BrUsbMdm - ok
15:34:51.0674 3672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:34:51.0690 3672 BrUsbSer - ok
15:34:51.0706 3672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:34:51.0737 3672 BTHMODEM - ok
15:34:51.0768 3672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:34:51.0862 3672 bthserv - ok
15:34:51.0877 3672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:34:51.0924 3672 cdfs - ok
15:34:51.0955 3672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:34:51.0986 3672 cdrom - ok
15:34:52.0018 3672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:34:52.0049 3672 CertPropSvc - ok
15:34:52.0064 3672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:34:52.0080 3672 circlass - ok
15:34:52.0111 3672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:34:52.0127 3672 CLFS - ok
15:34:52.0205 3672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:34:52.0236 3672 clr_optimization_v2.0.50727_32 - ok
15:34:52.0283 3672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:34:52.0314 3672 clr_optimization_v2.0.50727_64 - ok
15:34:52.0392 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:34:52.0423 3672 clr_optimization_v4.0.30319_32 - ok
15:34:52.0470 3672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:34:52.0501 3672 clr_optimization_v4.0.30319_64 - ok
15:34:52.0501 3672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:34:52.0532 3672 CmBatt - ok
15:34:52.0548 3672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:34:52.0564 3672 cmdide - ok
15:34:52.0610 3672 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:34:52.0642 3672 CNG - ok
15:34:52.0642 3672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:34:52.0657 3672 Compbatt - ok
15:34:52.0673 3672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:34:52.0688 3672 CompositeBus - ok
15:34:52.0688 3672 COMSysApp - ok
15:34:52.0704 3672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:34:52.0704 3672 crcdisk - ok
15:34:52.0766 3672 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:34:52.0813 3672 CryptSvc - ok
15:34:52.0860 3672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:34:52.0891 3672 CSC - ok
15:34:52.0938 3672 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:34:52.0954 3672 CscService - ok
15:34:53.0000 3672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:34:53.0047 3672 DcomLaunch - ok
15:34:53.0078 3672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:34:53.0141 3672 defragsvc - ok
15:34:53.0219 3672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:34:53.0281 3672 DfsC - ok
15:34:53.0328 3672 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
15:34:53.0344 3672 dg_ssudbus - ok
15:34:53.0375 3672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:34:53.0437 3672 Dhcp - ok
15:34:53.0437 3672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:34:53.0484 3672 discache - ok
15:34:53.0515 3672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:34:53.0546 3672 Disk - ok
15:34:53.0578 3672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:34:53.0624 3672 Dnscache - ok
15:34:53.0671 3672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:34:53.0702 3672 dot3svc - ok
15:34:53.0734 3672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:34:53.0780 3672 DPS - ok
15:34:53.0812 3672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:34:53.0827 3672 drmkaud - ok
15:34:53.0890 3672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:34:53.0921 3672 DXGKrnl - ok
15:34:53.0952 3672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:34:54.0030 3672 EapHost - ok
15:34:54.0139 3672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:34:54.0202 3672 ebdrv - ok
15:34:54.0295 3672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:34:54.0342 3672 EFS - ok
15:34:54.0436 3672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:34:54.0498 3672 ehRecvr - ok
15:34:54.0529 3672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:34:54.0576 3672 ehSched - ok
15:34:54.0654 3672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:34:54.0685 3672 elxstor - ok
15:34:54.0748 3672 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
15:34:54.0763 3672 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
15:34:54.0763 3672 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
15:34:54.0841 3672 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
15:34:54.0872 3672 EPSON_EB_RPCV4_01 - ok
15:34:54.0904 3672 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
15:34:54.0919 3672 EPSON_PM_RPCV4_01 - ok
15:34:54.0935 3672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:34:54.0966 3672 ErrDev - ok
15:34:55.0013 3672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:34:55.0075 3672 EventSystem - ok
15:34:55.0106 3672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:34:55.0122 3672 exfat - ok
15:34:55.0138 3672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:34:55.0169 3672 fastfat - ok
15:34:55.0247 3672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:34:55.0278 3672 Fax - ok
15:34:55.0278 3672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:34:55.0309 3672 fdc - ok
15:34:55.0325 3672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:34:55.0356 3672 fdPHost - ok
15:34:55.0372 3672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:34:55.0403 3672 FDResPub - ok
15:34:55.0403 3672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:34:55.0418 3672 FileInfo - ok
15:34:55.0418 3672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:34:55.0450 3672 Filetrace - ok
15:34:55.0637 3672 Flexlm Service 1 (982c5349cb2777e90a7b4df6f1afd0de) C:\Altairwin64\hw10.0\security\win64\lmgrd.exe
15:34:55.0668 3672 Flexlm Service 1 - ok
15:34:55.0808 3672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:55.0824 3672 flpydisk - ok
15:34:55.0855 3672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:34:55.0871 3672 FltMgr - ok
15:34:55.0933 3672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:34:55.0980 3672 FontCache - ok
15:34:56.0089 3672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:34:56.0105 3672 FontCache3.0.0.0 - ok
15:34:56.0120 3672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:34:56.0120 3672 FsDepends - ok
15:34:56.0152 3672 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:34:56.0152 3672 Fs_Rec - ok
15:34:56.0214 3672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:34:56.0230 3672 fvevol - ok
15:34:56.0245 3672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:34:56.0261 3672 gagp30kx - ok
15:34:56.0292 3672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:34:56.0292 3672 GEARAspiWDM - ok
15:34:56.0339 3672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:34:56.0401 3672 gpsvc - ok
15:34:56.0510 3672 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:56.0526 3672 gupdate - ok
15:34:56.0557 3672 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:56.0588 3672 gupdatem - ok
15:34:56.0620 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:34:56.0635 3672 gusvc - ok
15:34:56.0635 3672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:34:56.0682 3672 hcw85cir - ok
15:34:56.0744 3672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:34:56.0776 3672 HdAudAddService - ok
15:34:56.0807 3672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:34:56.0838 3672 HDAudBus - ok
15:34:56.0854 3672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:34:56.0869 3672 HidBatt - ok
15:34:56.0885 3672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:34:56.0900 3672 HidBth - ok
15:34:56.0900 3672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:34:56.0916 3672 HidIr - ok
15:34:56.0947 3672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:34:57.0010 3672 hidserv - ok
15:34:57.0025 3672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:34:57.0041 3672 HidUsb - ok
15:34:57.0072 3672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:34:57.0103 3672 hkmsvc - ok
15:34:57.0134 3672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:34:57.0197 3672 HomeGroupListener - ok
15:34:57.0244 3672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:34:57.0275 3672 HomeGroupProvider - ok
15:34:57.0290 3672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:34:57.0306 3672 HpSAMD - ok
15:34:57.0384 3672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:34:57.0446 3672 HTTP - ok
15:34:57.0446 3672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:34:57.0462 3672 hwpolicy - ok
15:34:57.0493 3672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:34:57.0524 3672 i8042prt - ok
15:34:57.0587 3672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:34:57.0602 3672 iaStorV - ok
15:34:57.0743 3672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:34:57.0758 3672 idsvc - ok
15:34:57.0790 3672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:34:57.0790 3672 iirsp - ok
15:34:57.0821 3672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:34:57.0868 3672 IKEEXT - ok
15:34:57.0883 3672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:34:57.0883 3672 intelide - ok
15:34:57.0899 3672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:34:57.0914 3672 intelppm - ok
15:34:57.0946 3672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:34:58.0008 3672 IPBusEnum - ok
15:34:58.0039 3672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:58.0055 3672 IpFilterDriver - ok
15:34:58.0102 3672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:34:58.0148 3672 iphlpsvc - ok
15:34:58.0164 3672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:34:58.0180 3672 IPMIDRV - ok
15:34:58.0211 3672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:34:58.0273 3672 IPNAT - ok
15:34:58.0382 3672 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:34:58.0414 3672 iPod Service - ok
15:34:58.0445 3672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:34:58.0492 3672 IRENUM - ok
15:34:58.0523 3672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:34:58.0523 3672 isapnp - ok
15:34:58.0538 3672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:34:58.0554 3672 iScsiPrt - ok
15:34:58.0570 3672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:34:58.0585 3672 kbdclass - ok
15:34:58.0616 3672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:34:58.0648 3672 kbdhid - ok
15:34:58.0679 3672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:58.0694 3672 KeyIso - ok
15:34:58.0726 3672 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:34:58.0757 3672 KSecDD - ok
15:34:58.0804 3672 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:34:58.0804 3672 KSecPkg - ok
15:34:58.0835 3672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:34:58.0882 3672 ksthunk - ok
15:34:58.0928 3672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:34:58.0991 3672 KtmRm - ok
15:34:59.0022 3672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:34:59.0053 3672 LanmanServer - ok
15:34:59.0100 3672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:34:59.0162 3672 LanmanWorkstation - ok
15:34:59.0287 3672 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:34:59.0303 3672 LBTServ - ok
15:34:59.0334 3672 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:34:59.0350 3672 LHidFilt - ok
15:34:59.0365 3672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:34:59.0412 3672 lltdio - ok
15:34:59.0443 3672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:34:59.0521 3672 lltdsvc - ok
15:34:59.0537 3672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:34:59.0568 3672 lmhosts - ok
15:34:59.0584 3672 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:34:59.0584 3672 LMouFilt - ok
15:34:59.0646 3672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:34:59.0677 3672 LSI_FC - ok
15:34:59.0677 3672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:34:59.0693 3672 LSI_SAS - ok
15:34:59.0708 3672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:34:59.0724 3672 LSI_SAS2 - ok
15:34:59.0740 3672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:34:59.0740 3672 LSI_SCSI - ok
15:34:59.0771 3672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:34:59.0802 3672 luafv - ok
15:34:59.0849 3672 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
15:34:59.0880 3672 MarvinBus - ok
15:34:59.0911 3672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:34:59.0927 3672 Mcx2Svc - ok
15:34:59.0942 3672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:34:59.0942 3672 megasas - ok
15:34:59.0958 3672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:34:59.0974 3672 MegaSR - ok
15:35:00.0005 3672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:35:00.0052 3672 MMCSS - ok
15:35:00.0067 3672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:35:00.0130 3672 Modem - ok
15:35:00.0145 3672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:35:00.0161 3672 monitor - ok
15:35:00.0208 3672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:35:00.0223 3672 mouclass - ok
15:35:00.0254 3672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:35:00.0270 3672 mouhid - ok
15:35:00.0301 3672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:35:00.0317 3672 mountmgr - ok
15:35:00.0379 3672 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:35:00.0410 3672 MpFilter - ok
15:35:00.0457 3672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:35:00.0473 3672 mpio - ok
15:35:00.0504 3672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:35:00.0535 3672 mpsdrv - ok
15:35:00.0582 3672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:35:00.0691 3672 MpsSvc - ok
15:35:00.0722 3672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:35:00.0754 3672 MRxDAV - ok
15:35:00.0785 3672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:00.0816 3672 mrxsmb - ok
15:35:00.0863 3672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:00.0894 3672 mrxsmb10 - ok
15:35:00.0910 3672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:00.0925 3672 mrxsmb20 - ok
15:35:00.0956 3672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:35:00.0972 3672 msahci - ok
15:35:00.0988 3672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:35:01.0003 3672 msdsm - ok
15:35:01.0034 3672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:35:01.0050 3672 MSDTC - ok
15:35:01.0112 3672 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
15:35:01.0159 3672 MSDV - ok
15:35:01.0175 3672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:35:01.0206 3672 Msfs - ok
15:35:01.0222 3672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:35:01.0253 3672 mshidkmdf - ok
15:35:01.0284 3672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:35:01.0284 3672 msisadrv - ok
15:35:01.0331 3672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:35:01.0362 3672 MSiSCSI - ok
15:35:01.0362 3672 msiserver - ok
15:35:01.0393 3672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:35:01.0409 3672 MSKSSRV - ok
15:35:01.0502 3672 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:35:01.0534 3672 MsMpSvc - ok
15:35:01.0534 3672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:01.0565 3672 MSPCLOCK - ok
15:35:01.0580 3672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:35:01.0612 3672 MSPQM - ok
15:35:01.0658 3672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:35:01.0674 3672 MsRPC - ok
15:35:01.0690 3672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:35:01.0705 3672 mssmbios - ok
15:35:01.0705 3672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:35:01.0752 3672 MSTEE - ok
15:35:01.0783 3672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:35:01.0799 3672 MTConfig - ok
15:35:01.0877 3672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
15:35:01.0908 3672 MTsensor - ok
15:35:01.0924 3672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:35:01.0939 3672 Mup - ok
15:35:01.0986 3672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:35:02.0033 3672 napagent - ok
15:35:02.0080 3672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:35:02.0095 3672 NativeWifiP - ok
15:35:02.0142 3672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:35:02.0158 3672 NDIS - ok
15:35:02.0173 3672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:02.0204 3672 NdisCap - ok
15:35:02.0220 3672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:02.0298 3672 NdisTapi - ok
15:35:02.0329 3672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:02.0407 3672 Ndisuio - ok
15:35:02.0454 3672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:02.0532 3672 NdisWan - ok
15:35:02.0548 3672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:35:02.0579 3672 NDProxy - ok
15:35:02.0704 3672 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:35:02.0719 3672 Nero BackItUp Scheduler 4.0 - ok
15:35:02.0735 3672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:35:02.0766 3672 NetBIOS - ok
15:35:02.0797 3672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:35:02.0828 3672 NetBT - ok
15:35:02.0860 3672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:35:02.0875 3672 Netlogon - ok
15:35:02.0922 3672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:35:02.0969 3672 Netman - ok
15:35:03.0000 3672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:35:03.0031 3672 netprofm - ok
15:35:03.0094 3672 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
15:35:03.0140 3672 netr28x - ok
15:35:03.0250 3672 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:03.0265 3672 NetTcpPortSharing - ok
15:35:03.0296 3672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:35:03.0312 3672 nfrd960 - ok
15:35:03.0359 3672 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:35:03.0390 3672 NisDrv - ok
15:35:03.0484 3672 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
15:35:03.0530 3672 NisSrv - ok
15:35:03.0577 3672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:35:03.0624 3672 NlaSvc - ok
15:35:03.0640 3672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:35:03.0671 3672 Npfs - ok
15:35:03.0702 3672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:35:03.0718 3672 nsi - ok
15:35:03.0733 3672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:35:03.0764 3672 nsiproxy - ok
15:35:03.0858 3672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:35:03.0920 3672 Ntfs - ok
15:35:04.0030 3672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:35:04.0076 3672 Null - ok
15:35:04.0123 3672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:35:04.0154 3672 nvraid - ok
15:35:04.0186 3672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:35:04.0186 3672 nvstor - ok
15:35:04.0232 3672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:35:04.0264 3672 nv_agp - ok
15:35:04.0373 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:35:04.0420 3672 odserv - ok
15:35:04.0451 3672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:35:04.0451 3672 ohci1394 - ok
15:35:04.0482 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:04.0513 3672 ose - ok
15:35:04.0560 3672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:35:04.0591 3672 p2pimsvc - ok
15:35:04.0654 3672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:35:04.0685 3672 p2psvc - ok
15:35:04.0732 3672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:35:04.0778 3672 Parport - ok
15:35:04.0810 3672 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:35:04.0810 3672 partmgr - ok
15:35:04.0825 3672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:35:04.0856 3672 PcaSvc - ok
15:35:04.0872 3672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:35:04.0888 3672 pci - ok
15:35:04.0888 3672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:35:04.0903 3672 pciide - ok
15:35:04.0919 3672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:04.0919 3672 pcmcia - ok
15:35:04.0950 3672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:35:04.0950 3672 pcw - ok
15:35:04.0981 3672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:35:05.0012 3672 PEAUTH - ok
15:35:05.0106 3672 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:35:05.0137 3672 PeerDistSvc - ok
15:35:05.0231 3672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:35:05.0278 3672 PerfHost - ok
15:35:05.0402 3672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:35:05.0449 3672 pla - ok
15:35:05.0512 3672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:35:05.0543 3672 PlugPlay - ok
15:35:05.0558 3672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:35:05.0590 3672 PNRPAutoReg - ok
15:35:05.0621 3672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:35:05.0621 3672 PNRPsvc - ok
15:35:05.0652 3672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:35:05.0683 3672 PolicyAgent - ok
15:35:05.0730 3672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:35:05.0808 3672 Power - ok
15:35:05.0870 3672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:35:05.0948 3672 PptpMiniport - ok
15:35:05.0964 3672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:35:05.0995 3672 Processor - ok
15:35:06.0058 3672 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:35:06.0089 3672 ProfSvc - ok
15:35:06.0120 3672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:35:06.0136 3672 ProtectedStorage - ok
15:35:06.0198 3672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:35:06.0245 3672 Psched - ok
15:35:06.0292 3672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:35:06.0323 3672 ql2300 - ok
15:35:06.0416 3672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:35:06.0448 3672 ql40xx - ok
15:35:06.0494 3672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:35:06.0510 3672 QWAVE - ok
15:35:06.0526 3672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:35:06.0541 3672 QWAVEdrv - ok
15:35:06.0557 3672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:35:06.0588 3672 RasAcd - ok
15:35:06.0635 3672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:06.0682 3672 RasAgileVpn - ok
15:35:06.0697 3672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:35:06.0728 3672 RasAuto - ok
15:35:06.0760 3672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:06.0806 3672 Rasl2tp - ok
15:35:06.0853 3672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:35:06.0947 3672 RasMan - ok
15:35:06.0962 3672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:06.0994 3672 RasPppoe - ok
15:35:07.0009 3672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:35:07.0040 3672 RasSstp - ok
15:35:07.0072 3672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:35:07.0118 3672 rdbss - ok
15:35:07.0134 3672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:07.0150 3672 rdpbus - ok
15:35:07.0165 3672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:07.0196 3672 RDPCDD - ok
15:35:07.0228 3672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:35:07.0290 3672 RDPDR - ok
15:35:07.0306 3672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:35:07.0337 3672 RDPENCDD - ok
15:35:07.0352 3672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:35:07.0384 3672 RDPREFMP - ok
15:35:07.0430 3672 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:35:07.0462 3672 RdpVideoMiniport - ok
15:35:07.0508 3672 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:35:07.0540 3672 RDPWD - ok
15:35:07.0586 3672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:35:07.0602 3672 rdyboost - ok
15:35:07.0633 3672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:35:07.0696 3672 RemoteAccess - ok
15:35:07.0727 3672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:35:07.0805 3672 RemoteRegistry - ok
15:35:07.0836 3672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:35:07.0867 3672 RpcEptMapper - ok
15:35:07.0898 3672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:35:07.0898 3672 RpcLocator - ok
15:35:07.0945 3672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:35:07.0976 3672 RpcSs - ok
15:35:07.0976 3672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:35:08.0008 3672 rspndr - ok
15:35:08.0054 3672 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:35:08.0054 3672 RTL8167 - ok
15:35:08.0086 3672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:35:08.0148 3672 s3cap - ok
15:35:08.0179 3672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:35:08.0195 3672 SamSs - ok
15:35:08.0210 3672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:35:08.0242 3672 sbp2port - ok
15:35:08.0257 3672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:35:08.0304 3672 SCardSvr - ok
15:35:08.0320 3672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:35:08.0366 3672 scfilter - ok
15:35:08.0444 3672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:35:08.0538 3672 Schedule - ok
15:35:08.0569 3672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:35:08.0585 3672 SCPolicySvc - ok
15:35:08.0632 3672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:35:08.0678 3672 SDRSVC - ok
15:35:08.0725 3672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:35:08.0772 3672 secdrv - ok
15:35:08.0803 3672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:35:08.0866 3672 seclogon - ok
15:35:08.0881 3672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:35:08.0912 3672 SENS - ok
15:35:08.0928 3672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:35:08.0959 3672 SensrSvc - ok
15:35:08.0975 3672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:35:08.0975 3672 Serenum - ok
15:35:09.0006 3672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:35:09.0022 3672 Serial - ok
15:35:09.0053 3672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:35:09.0068 3672 sermouse - ok
15:35:09.0100 3672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:35:09.0131 3672 SessionEnv - ok
15:35:09.0146 3672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:35:09.0193 3672 sffdisk - ok
15:35:09.0209 3672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:35:09.0224 3672 sffp_mmc - ok
15:35:09.0240 3672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:35:09.0256 3672 sffp_sd - ok
15:35:09.0271 3672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:09.0271 3672 sfloppy - ok
15:35:09.0318 3672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:35:09.0365 3672 SharedAccess - ok
15:35:09.0412 3672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:35:09.0443 3672 ShellHWDetection - ok
15:35:09.0458 3672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:35:09.0474 3672 SiSRaid2 - ok
15:35:09.0490 3672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:35:09.0490 3672 SiSRaid4 - ok
15:35:09.0521 3672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:35:09.0552 3672 Smb - ok
15:35:09.0614 3672 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
15:35:09.0646 3672 snapman - ok
15:35:09.0677 3672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:35:09.0708 3672 SNMPTRAP - ok
15:35:09.0708 3672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:35:09.0724 3672 spldr - ok
15:35:09.0755 3672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:35:09.0786 3672 Spooler - ok
15:35:09.0989 3672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:35:10.0067 3672 sppsvc - ok
15:35:10.0145 3672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:35:10.0192 3672 sppuinotify - ok
15:35:10.0270 3672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:35:10.0316 3672 srv - ok
15:35:10.0363 3672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:35:10.0394 3672 srv2 - ok
15:35:10.0410 3672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:35:10.0426 3672 srvnet - ok
15:35:10.0441 3672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:35:10.0472 3672 SSDPSRV - ok
15:35:10.0504 3672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:35:10.0519 3672 SstpSvc - ok
15:35:10.0566 3672 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:35:10.0582 3672 ssudmdm - ok
15:35:10.0613 3672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:35:10.0628 3672 stexstor - ok
15:35:10.0691 3672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:35:10.0722 3672 stisvc - ok
15:35:10.0753 3672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:35:10.0769 3672 storflt - ok
15:35:10.0800 3672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:35:10.0800 3672 storvsc - ok
15:35:10.0831 3672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:35:10.0847 3672 swenum - ok
15:35:10.0862 3672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:35:10.0909 3672 swprv - ok
15:35:10.0925 3672 Synth3dVsc - ok
15:35:11.0018 3672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:35:11.0065 3672 SysMain - ok
15:35:11.0159 3672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:35:11.0190 3672 TabletInputService - ok
15:35:11.0206 3672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:35:11.0252 3672 TapiSrv - ok
15:35:11.0284 3672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:35:11.0315 3672 TBS - ok
15:35:11.0424 3672 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:35:11.0471 3672 Tcpip - ok
15:35:11.0549 3672 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:35:11.0564 3672 TCPIP6 - ok
15:35:11.0627 3672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:35:11.0674 3672 tcpipreg - ok
15:35:11.0689 3672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:35:11.0736 3672 TDPIPE - ok
15:35:11.0845 3672 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys
15:35:11.0892 3672 tdrpman255 - ok
15:35:11.0939 3672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:35:11.0970 3672 TDTCP - ok
15:35:12.0001 3672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:35:12.0048 3672 tdx - ok
15:35:12.0079 3672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:35:12.0095 3672 TermDD - ok
15:35:12.0142 3672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:35:12.0188 3672 TermService - ok
15:35:12.0204 3672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:35:12.0204 3672 Themes - ok
15:35:12.0235 3672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:35:12.0266 3672 THREADORDER - ok
15:35:12.0298 3672 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
15:35:12.0313 3672 timounter - ok
15:35:12.0344 3672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:35:12.0376 3672 TrkWks - ok
15:35:12.0407 3672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:35:12.0485 3672 TrustedInstaller - ok
15:35:12.0532 3672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:12.0563 3672 tssecsrv - ok
15:35:12.0578 3672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:35:12.0610 3672 TsUsbFlt - ok
15:35:12.0625 3672 tsusbhub - ok
15:35:12.0672 3672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:35:12.0734 3672 tunnel - ok
15:35:12.0766 3672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:35:12.0766 3672 uagp35 - ok
15:35:12.0797 3672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:35:12.0844 3672 udfs - ok
15:35:12.0859 3672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:35:12.0859 3672 UI0Detect - ok
15:35:12.0875 3672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:35:12.0890 3672 uliagpkx - ok
15:35:12.0922 3672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:35:12.0953 3672 umbus - ok
15:35:12.0968 3672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:35:12.0984 3672 UmPass - ok
15:35:13.0031 3672 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:35:13.0062 3672 UmRdpService - ok
15:35:13.0093 3672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:35:13.0124 3672 upnphost - ok
15:35:13.0187 3672 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:35:13.0187 3672 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:35:13.0187 3672 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:35:13.0234 3672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:13.0265 3672 usbccgp - ok
15:35:13.0296 3672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:35:13.0312 3672 usbcir - ok
15:35:13.0343 3672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:35:13.0374 3672 usbehci - ok
15:35:13.0405 3672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:35:13.0436 3672 usbhub - ok
15:35:13.0452 3672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:35:13.0468 3672 usbohci - ok
15:35:13.0514 3672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:35:13.0530 3672 usbprint - ok
15:35:13.0546 3672 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:35:13.0577 3672 usbscan - ok
15:35:13.0592 3672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:13.0608 3672 USBSTOR - ok
15:35:13.0608 3672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:35:13.0639 3672 usbuhci - ok
15:35:13.0670 3672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:35:13.0733 3672 UxSms - ok
15:35:13.0764 3672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:35:13.0780 3672 VaultSvc - ok
15:35:13.0826 3672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:35:13.0826 3672 vdrvroot - ok
15:35:13.0873 3672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:35:13.0904 3672 vds - ok
15:35:13.0951 3672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:13.0951 3672 vga - ok
15:35:13.0982 3672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:35:14.0029 3672 VgaSave - ok
15:35:14.0045 3672 VGPU - ok
15:35:14.0060 3672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:35:14.0076 3672 vhdmp - ok
15:35:14.0092 3672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:35:14.0092 3672 viaide - ok
15:35:14.0138 3672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:35:14.0138 3672 vmbus - ok
15:35:14.0154 3672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:35:14.0170 3672 VMBusHID - ok
15:35:14.0185 3672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:35:14.0201 3672 volmgr - ok
15:35:14.0232 3672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:35:14.0279 3672 volmgrx - ok
15:35:14.0310 3672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:35:14.0341 3672 volsnap - ok
15:35:14.0388 3672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:35:14.0419 3672 vsmraid - ok
15:35:14.0497 3672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:35:14.0544 3672 VSS - ok
15:35:14.0653 3672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:35:14.0700 3672 vwifibus - ok
15:35:14.0716 3672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:35:14.0731 3672 vwififlt - ok
15:35:14.0762 3672 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:35:14.0762 3672 vwifimp - ok
15:35:14.0825 3672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:35:14.0872 3672 W32Time - ok
15:35:14.0887 3672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:35:14.0887 3672 WacomPen - ok
15:35:14.0934 3672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:15.0012 3672 WANARP - ok
15:35:15.0012 3672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:15.0028 3672 Wanarpv6 - ok
15:35:15.0090 3672 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:35:15.0121 3672 WatAdminSvc - ok
15:35:15.0215 3672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:35:15.0262 3672 wbengine - ok
15:35:15.0308 3672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:35:15.0324 3672 WbioSrvc - ok
15:35:15.0371 3672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:35:15.0386 3672 wcncsvc - ok
15:35:15.0402 3672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:35:15.0433 3672 WcsPlugInService - ok
15:35:15.0464 3672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:35:15.0480 3672 Wd - ok
15:35:15.0511 3672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:35:15.0542 3672 Wdf01000 - ok
15:35:15.0542 3672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:35:15.0605 3672 WdiServiceHost - ok
15:35:15.0605 3672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:35:15.0620 3672 WdiSystemHost - ok
15:35:15.0667 3672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:35:15.0698 3672 WebClient - ok
15:35:15.0714 3672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:35:15.0761 3672 Wecsvc - ok
15:35:15.0776 3672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:35:15.0823 3672 wercplsupport - ok
15:35:15.0839 3672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:35:15.0870 3672 WerSvc - ok
15:35:15.0886 3672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:15.0901 3672 WfpLwf - ok
15:35:15.0901 3672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:35:15.0917 3672 WIMMount - ok
15:35:15.0948 3672 WinDefend - ok
15:35:15.0964 3672 WinHttpAutoProxySvc - ok
15:35:16.0042 3672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:35:16.0073 3672 Winmgmt - ok
15:35:16.0182 3672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:35:16.0244 3672 WinRM - ok
15:35:16.0369 3672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:35:16.0400 3672 WinUsb - ok
15:35:16.0478 3672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:35:16.0510 3672 Wlansvc - ok
15:35:16.0525 3672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:35:16.0541 3672 WmiAcpi - ok
15:35:16.0556 3672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:35:16.0572 3672 wmiApSrv - ok
15:35:16.0588 3672 WMPNetworkSvc - ok
15:35:16.0603 3672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:35:16.0619 3672 WPCSvc - ok
15:35:16.0650 3672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:35:16.0681 3672 WPDBusEnum - ok
15:35:16.0697 3672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:35:16.0728 3672 ws2ifsl - ok
15:35:16.0744 3672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:35:16.0759 3672 wscsvc - ok
15:35:16.0759 3672 WSearch - ok
15:35:16.0868 3672 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:35:16.0915 3672 wuauserv - ok
15:35:16.0962 3672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:35:16.0993 3672 WudfPf - ok
15:35:17.0009 3672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:17.0040 3672 WUDFRd - ok
15:35:17.0071 3672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:35:17.0102 3672 wudfsvc - ok
15:35:17.0149 3672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:35:17.0196 3672 WwanSvc - ok
15:35:17.0227 3672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:35:17.0430 3672 \Device\Harddisk0\DR0 - ok
15:35:17.0430

Anoniem 17 juli 2012 13:40

Het laatste deel van het rapport. Van een 2e scan, het rapport van de eerste scan had ik niet meer:

16:07:25.0593 5992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:07:25.0624 5992 \Device\Harddisk1\DR1 - ok
16:07:25.0624 5992 Boot (0x1200) (d659879f8c2f4bb63d25d9ddf9689af9) \Device\Harddisk0\DR0\Partition0
16:07:25.0624 5992 \Device\Harddisk0\DR0\Partition0 - ok
16:07:25.0656 5992 Boot (0x1200) (388ae9931ff1f69451597e3ed61dc608) \Device\Harddisk0\DR0\Partition1
16:07:25.0656 5992 \Device\Harddisk0\DR0\Partition1 - ok
16:07:25.0671 5992 Boot (0x1200) (957304436e2b890045b9ee8f91c86671) \Device\Harddisk0\DR0\Partition2
16:07:25.0671 5992 \Device\Harddisk0\DR0\Partition2 - ok
16:07:25.0687 5992 Boot (0x1200) (aff8c5db3d4afa454de834e72946c698) \Device\Harddisk1\DR1\Partition0
16:07:25.0687 5992 \Device\Harddisk1\DR1\Partition0 - ok
16:07:25.0687 5992 ============================================================
16:07:25.0687 5992 Scan finished
16:07:25.0687 5992 ============================================================
16:07:25.0687 5856 Detected object count: 4
16:07:25.0687 5856 Actual detected object count: 4
16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:07:33.0658 5856 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:33.0658 5856 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:33.0658 5856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:33.0674 5856 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Anoniem 17 juli 2012 14:12

Hoi, tenzij de webbeelden gefotografeerd zijn hoef jij je verder geen zorgen te maken.

Vreemd dat Sinowal niet door TDSSkiller is gevonden.
We zoeken verder:

[b:c706286dd7]Welk programma[/b:c706286dd7]:

Anoniem 17 juli 2012 14:46

Hallo,

Ik heb ComboFix op mijn bureaublad gezet en vlg. instructies laten lopen. Het leek goed te gaan tot dat het systeem (door het programma) opnieuw werd opgestart. Na opnieuw in te hebben gelogd "vliegt" het blauwe window over mijn scherm. Het systeem lijkt ook nergens meer op te reageren. Is dit normaal? Zo nee, hoe kan ik dit stoppen???

Anoniem 17 juli 2012 15:53

PC opnieuw opstarten.

Anoniem 17 juli 2012 16:05

Afsluiten en weer opstarten help niet. Het "vliegende" blauwe window komt gewoon weer terug :-(

Anoniem 17 juli 2012 16:12

Kan je daar een screenprint van posten?

Anoniem 17 juli 2012 16:24

Helaas, de PC reageert bijna nergens meer op. Laatste backup terugzetten (als het lukt)?

Anoniem 17 juli 2012 16:33

Update:

Ik heb de PC opnieuw opgestart, maar nu als Beheerder. Het blauwe window staat nu gelukig stil en laat de volgende tekst zien:

[b:a4e5a6dd02]log rapport wordt voorbereid.

Start geen andere programma's tot ComboFix klaar is.[/b:a4e5a6dd02]

Staat al enkele minuten in deze vorm. Er is constant activiteit van de HDD.

Anoniem 17 juli 2012 16:48

Oef….

Het systeem reageert weer, en ik heb een logfile. En nu?:

[code:1:9626c2c389]ComboFix 12-07-16.01 - Beheerder 17-07-2012 17:16:54.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.16383.13108 [GMT 2:00]
Gestart vanuit: c:\users\Freddy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\Windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 15:22 . 2012-07-17 16:43 ——– d—–w- c:\users\Beheerder\AppData\Local\temp
2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Siri\AppData\Local\temp
2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Patrick\AppData\Local\temp
2012-07-17 15:22 . 2012-07-17 15:22 ——– d—–w- c:\users\Marjolein\AppData\Local\temp
2012-07-17 07:42 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EF2E5CD-0814-4501-97CD-7E4FED57E6A5}\mpengine.dll
2012-07-17 07:40 . 2012-07-17 07:40 839152 —-a-w- c:\windows\system32\deployJava1.dll
2012-07-17 07:40 . 2012-07-17 07:40 955888 —-a-w- c:\windows\system32\npDeployJava1.dll
2012-07-17 07:40 . 2012-07-17 07:40 ——– d—–w- c:\program files\Java
2012-07-17 07:33 . 2012-07-17 07:33 ——– d—–w- c:\program files (x86)\Common Files\Java
2012-07-17 07:32 . 2012-07-17 07:32 ——– d—–w- c:\program files (x86)\Oracle
2012-07-17 07:32 . 2012-07-05 20:06 772544 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 07:24 . 2012-07-17 07:25 ——– d—–w- c:\program files\iTunes
2012-07-17 07:24 . 2012-07-17 07:25 ——– d—–w- c:\program files (x86)\iTunes
2012-07-17 07:24 . 2012-07-17 07:24 ——– d—–w- c:\program files\iPod
2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files\Bonjour
2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files (x86)\Bonjour
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-17 07:22 . 2012-07-17 07:22 159744 —-a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-17 07:22 . 2012-07-17 07:22 ——– d—–w- c:\program files (x86)\QuickTime
2012-07-17 07:19 . 2012-07-17 07:19 ——– d—–w- c:\program files (x86)\Apple Software Update
2012-07-17 00:01 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-16 19:12 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-16 18:03 . 2012-07-16 18:03 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-07-16 18:03 . 2012-07-16 18:03 ——– d—–w- c:\windows\system32\wbem\en-US
2012-07-16 17:55 . 2012-07-16 17:59 ——– d–h–w- c:\windows\msdownld.tmp
2012-07-16 15:27 . 2012-02-10 16:04 927800 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D792564E-1141-46C5-A7D5-53ED53683D52}\gapaengine.dll
2012-06-21 06:41 . 2012-06-02 22:19 2428952 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:41 . 2012-06-02 22:19 57880 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:41 . 2012-06-02 22:19 44056 —-a-w- c:\windows\system32\wups2.dll
2012-06-21 06:41 . 2012-06-02 22:15 2622464 —-a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:41 . 2012-06-02 22:19 38424 —-a-w- c:\windows\system32\wups.dll
2012-06-21 06:41 . 2012-06-02 22:19 701976 —-a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:41 . 2012-06-02 22:15 99840 —-a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:40 . 2012-06-02 13:19 186752 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:40 . 2012-06-02 13:15 36864 —-a-w- c:\windows\system32\wuapp.exe
2012-06-19 17:43 . 2012-06-19 17:43 ——– d—–w- c:\program files (x86)\IDM Computer Solutions
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 15:50 . 2012-04-14 16:33 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 15:50 . 2011-05-15 04:36 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 14:15 . 2012-05-06 14:15 8769696 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-14 05:26 5559664 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 05:26 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 05:26 3913072 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 05:26 209920 —-a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-14 05:26 1112064 —-a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-14 05:26 210944 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 05:26 77312 —-a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 05:26 149504 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 05:26 9216 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 05:26 184320 —-a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 05:26 140288 —-a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 05:26 1462272 —-a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 05:26 140288 —-a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 05:26 1158656 —-a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 05:26 103936 —-a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 —-a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 —-a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 —-a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 —-a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-29 14:26 3908192 —-a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HyperWorkswin64Desktop Quick Launch.lnk - c:\altairwin64\hw10.0\hw\bin\win64\hw.exe [2011-6-27 1132544]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-30 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-01-02 1477152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-02 2475952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 Flexlm Service 1;Flexlm Service 1;c:\altairwin64\hw10.0\security\win64\lmgrd.exe [2011-06-24 1778512]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-02 250464]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 netr28x;Ralink 802.11n stuurprogramma voor draadloze netwerken voor Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:50]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10 18:54]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009Core.job
- c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1009UA.job
- c:\users\Siri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 18:34]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011Core.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1011UA.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:34]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012Core.job
- c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2247710216-2002111094-4049436933-1012UA.job
- c:\users\Corwin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 07:44]
.
.
——— X64 Entries ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{CA67090A-4317-4A48-A469-35E3E5036965}: NameServer = 192.168.1.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\altairwin64\hw10.0\security\win64\altair_lm.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-17 18:48:43 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-17 16:48
.
Pre-Run: 154.347.192.320 bytes beschikbaar
Post-Run: 160.613.642.240 bytes beschikbaar
.
- - End Of File - - 3E9ACDAF2594B2C5D730C0CFC6BD7248
[/code:1:9626c2c389]

Anoniem 17 juli 2012 16:56

Logs svp gewoon posten, niet via "Code".

[b:046f3bfbfb]Doe de ESET online scan (Klik).[/b:046f3bfbfb]
[list:046f3bfbfb]
[*:046f3bfbfb]Klik op de knop [b:046f3bfbfb]ESET Online Scanner[/b:046f3bfbfb]
[*:046f3bfbfb]Zet een vinkje bij [b:046f3bfbfb]YES, I accept the Terms of Use[/b:046f3bfbfb]
[*:046f3bfbfb]Klik op [b:046f3bfbfb]Start[/b:046f3bfbfb]
[*:046f3bfbfb]Sta het ActiveX control toe om te installeren.
[*:046f3bfbfb]Zet een vinkje bij de volgende opties:
[list:046f3bfbfb][*:046f3bfbfb][b:046f3bfbfb]Remove found threats[/b:046f3bfbfb]
[*:046f3bfbfb][b:046f3bfbfb]Scan archives[/b:046f3bfbfb][/list:u:046f3bfbfb]
[*:046f3bfbfb]Klik vervolgens op [b:046f3bfbfb]

Anoniem 17 juli 2012 18:01

ESET online scan gedraaid volgens instructies. Ik kon geen log.txt file vinden op de aangegeven plaats, maar heb de meldingen van ESET hieronder weergegeven:

C:\Users\Corwin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\79a45a3b-20f4a4c3 Java/TrojanDownloader.OpenStream.NBW trojan deleted - quarantined
C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\3caf1d90-254535f1 a variant of Java/Exploit.Blacole.AN trojan deleted - quarantined
C:\Users\Freddy\Documents\saved_siri_pc\myWebFace.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\Freddy\Downloads\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined
C:\Users\Marjolein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\4621f903-13f68523 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Users\Patrick\Downloads\BlackFloor_downloader_by_Wallpaperstocknet.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Patrick\Downloads\DownloadSetup (1).exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Patrick\Downloads\DownloadSetup (2).exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Patrick\Downloads\DownloadSetup.exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Public\Documents\CrystalDiskMark3_0_1b-en.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Public\Documents\installer_free_mp3_wma_wav_converter_2_0_Dutch.exe multiple threats cleaned by deleting - quarantined

Wat is nu de volgende stap?

Anoniem 17 juli 2012 21:56

We doen nog een scan:

[b:f8533c30d3]Welk programma[/b:f8533c30d3]:

Anoniem 18 juli 2012 05:17

Bij deze het rapport van Emsisoft. 1 object herken ik, het is afkomstig van de geredde inhoud van onze oude PC. In die tijd was ik nog niet zo voorzichtig met als gevolg dat deze uiteindelijk is bezweken aan alle "ellende" die aanwezig was. Hier heb ik wel van geleerd!

Bij deze het scanrapport:

Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 18-7-2012 7:42:36

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, J:\, S:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 18-7-2012 7:43:26

Key: hkey_current_user\software\whitesmoke Ontdekt: Trace.Registry.whitesmoke!E1
C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Ester.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Glocker.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\huiak$1.class Ontdekt: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\273616f-4a8036f9 -> durdom\Stremer.class Ontdekt: Trojan-Downloader.Java.OpenConnection!E2
C:\Users\Freddy\Documents\save_toshiba\Freddy\Diverse Software\Tmpgenc v2.524.63.181 Plus Keygen.rar -> Keygen.exe Ontdekt: not-a-virus.Hacktool.Keygen.TMPGEnc!E2
C:\Qoobox\Quarantine\C\ProgramData\Windows\msseedir.dll.vir Ontdekt: Trojan.Win32.Agent!E2

Gescand 881207
Gevonden 7

Scan geëindigd: 18-7-2012 9:10:43
Scantijd: 1:27:17

Anoniem 18 juli 2012 07:25

Wat ik nu mis: heb je ook alles laten verwijderen - want dat staat niet in het log.

Anoniem 18 juli 2012 10:57

Jawel, alles laten verwijderen en opnieuw opgestart. Als dit de laatste actie zou zijn geweest: Ik houd ervan mijn systeem "schoon" te houden. Ik neem aan dat ik de gebruikte programma's zonder meer kan verwijderen? Ik zie verder dat ik op C: een map Qoobox heb met daarin wat data die door ComboFix is aangemaakt. O.a. staat daar een map Quarantine. Wat met deze map te doen?

Nog enige tips/adviezen?

Anoniem 18 juli 2012 11:28

Nu eerst het volgende: een test, om te kijken hoe goed de veiligheidssituatie in Windows is.

Download naar je bureaublad [b:e7cb9730ec].
[list:e7cb9730ec][*:e7cb9730ec] Klik/dubbelklik op [b:e7cb9730ec]SecurityCheck.exe[/b:e7cb9730ec] en let op de instrukties in het zwarte venster.
[*:e7cb9730ec] Een Kladblok document genaamd [b:e7cb9730ec]checkup.txt[/b:e7cb9730ec] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
[*:e7cb9730ec] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:e7cb9730ec]
Post de inhoud van [b:e7cb9730ec]checkup.txt [/b:e7cb9730ec]in je volgende post.

Anoniem 18 juli 2012 16:23

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

PWS:Win32/Sinowal.gen!Y blijft maar terugkeren

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!