Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

svchost probleem

None
25 antwoorden
  • Mbam geeft bij elke scan dat er 2 trojan horses in het volgende bestand zit en in deze directory: svchost.exe in user\xxx\appdata\local\temp.

    Ik kan ze na de scan verwijderen en de pc opnieuw opstarten, maar ze komen gewoon weer terug.

    Als ik het bestand met Avast scan vindt hij geen bedreiging.

    Iemand een oplossing?
  • Doe het volgende:

  • Hier alvast het JRT logbestand.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.1.8 (12.17.2012:1)
    OS: Windows 7 Home Premium x64
    Ran by Bert on di 18-12-2012 at 10:47:20,21
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\crossriderapp0004479.bho
    Successfully deleted: [Registry Key] hkey_classes_root\crossriderapp0004479.bho.1
    Successfully deleted: [Registry Key] hkey_classes_root\crossriderapp0004479.sandbox
    Successfully deleted: [Registry Key] hkey_classes_root\crossriderapp0004479.sandbox.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
    Successfully deleted: [Registry Key] hkey_current_user\software\softonic
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecorder
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\giant savings
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\shoppingreport2
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
    Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Bert\appdata\local\funmoods-speeddial_sf.crx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\installmate"
    Successfully deleted: [Folder] "C:\ProgramData\premium"
    Successfully deleted: [Folder] "C:\ProgramData\trymedia"
    Successfully deleted: [Folder] "C:\Users\Bert\AppData\Roaming\iwin"
    Successfully deleted: [Folder] "C:\Users\Bert\AppData\Roaming\opencandy"
    Successfully deleted: [Folder] "C:\Users\Bert\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Bert\appdata\local\giant savings"
    Successfully deleted: [Folder] "C:\Users\Bert\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Bert\appdata\locallow\pricegong"
    Successfully deleted: [Folder] "C:\Users\Bert\appdata\locallow\shoppingreport2"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\giant savings"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions
    dkhncnongaclekkbelchmeafffimifj



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on di 18-12-2012 at 10:53:02,92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • ComboFix log:

    ComboFix 12-12-17.02 - Bert 18-12-2012 10:59:16.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.8191.6605 [GMT 1:00]
    Gestart vanuit: c:\users\Bert\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Bert\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
    c:\users\Bert\AppData\Roaming\Bertlog.dat
    c:\users\Bert\AppData\Roaming\Microsoft\~DFK18cbdab.tmp
    c:\users\Bert\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Bert\AppData\Roaming\Microsoft\bass.dll
    c:\users\Bert\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Bert\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Bert\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Bert\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Bert\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\Bert\AppData\Roaming\Roaming
    c:\users\Bert\WINDOWS
    c:\users\Bert\WINDOWS\crc32.crc
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\SysWow64\BReWErS.dll
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\System32\MASetupCleaner.exe
    c:\windows\SysWow64\System32\muzapp.exe
    c:\windows\SysWow64\tmp498E.tmp
    c:\windows\SysWow64\tmp49AE.tmp
    c:\windows\SysWow64\tmp5BE0.tmp
    c:\windows\SysWow64\tmp5BE1.tmp
    c:\windows\SysWow64\tmpA3D5.tmp
    c:\windows\SysWow64\tmpA3D6.tmp
    c:\windows\SysWow64\tmpA519.tmp
    c:\windows\SysWow64\tmpA51A.tmp
    c:\windows\SysWow64\tmpA7.tmp
    c:\windows\SysWow64\tmpA8.tmp
    c:\windows\SysWow64\tmpD1F4.tmp
    c:\windows\SysWow64\tmpD494.tmp
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_NPF
    ——-\Service_npf
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))
    .
    .
    2012-12-18 10:04 . 2012-12-18 10:04 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-12-18 09:47 . 2012-12-18 09:47 ——– d—–w- c:\windows\ERUNT
    2012-12-18 09:47 . 2012-12-18 09:47 ——– d—–w- C:\JRT
    2012-12-17 23:04 . 2012-12-17 23:04 ——– d—–w- c:\users\Bert\project_destiny_474
    2012-12-17 07:53 . 2012-12-17 07:53 ——– d—–w- c:\program files\Paint.NET
    2012-12-17 07:52 . 2012-12-17 12:03 ——– d—–w- c:\users\Bert\AppData\Local\Paint.NET
    2012-12-12 20:11 . 2012-11-09 05:34 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-12-12 20:11 . 2012-11-09 04:49 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2012-12-10 07:22 . 2012-12-17 23:29 271200 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-12-10 07:22 . 2012-12-16 15:13 271200 —-a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-10 07:22 . 2012-12-10 07:22 75136 —-a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-12-09 13:45 . 2012-12-09 13:45 796348 —-a-w- c:\windows\SysWow64\phatk120724Caymanv2w128l4.bin
    2012-12-09 13:42 . 2012-12-09 13:42 ——– d—–w- c:\users\Bert\AppData\Roaming\IonFx
    2012-12-09 11:26 . 2012-12-09 11:26 ——– d—–w- C:\Graphics
    2012-12-09 11:26 . 2009-03-10 22:25 191488 ——w- c:\windows\SysWow64\mwgfx.dll
    2012-12-09 11:26 . 2008-10-20 12:44 237056 ——w- c:\windows\SysWow64\mwgfx24.dll
    2012-12-09 11:26 . 2008-09-05 07:32 104960 ——w- c:\windows\SysWow64\mwdds.dll
    2012-12-09 11:26 . 2007-08-19 08:37 28672 ——w- c:\windows\SysWow64\mwgfxcopy.exe
    2012-12-09 11:26 . 2004-05-14 10:13 56832 ——w- c:\windows\SysWow64\mwace.dll
    2012-12-07 20:40 . 2012-12-07 20:40 42440 —-a-w- c:\windows\SysWow64\xfcodec.dll
    2012-12-07 20:40 . 2012-12-07 20:40 28104 —-a-w- c:\windows\system32\xfcodec64.dll
    2012-12-04 08:44 . 2012-12-04 08:44 31344 —-a-w- c:\windows\system32\drivers\cnnctfy2.sys
    2012-11-29 21:47 . 2012-11-29 21:47 ——– d—–w- c:\programdata\Orbit
    2012-11-22 06:58 . 2012-11-22 06:58 ——– d—–w- c:\program files (x86)\Common Files\Skype
    2012-11-19 12:13 . 2012-12-09 10:50 ——– d—–w- c:\program files (x86)\R.G. Mechanics
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-17 23:29 . 2011-06-13 11:01 271200 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-12 20:44 . 2011-05-20 17:59 67413224 —-a-w- c:\windows\system32\MRT.exe
    2012-12-12 15:58 . 2012-03-31 06:25 697272 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-12 15:58 . 2011-05-20 18:36 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-30 22:51 . 2011-05-20 17:38 59728 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2011-05-20 17:38 370288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2011-05-20 17:38 984144 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2011-05-20 17:37 71600 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2011-05-20 17:38 25232 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2011-05-20 17:36 41224 —-a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2011-05-20 17:36 227648 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2011-05-20 17:37 285328 —-a-w- c:\windows\system32\aswBoot.exe
    2012-10-16 21:20 . 2012-11-28 06:10 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 21:20 . 2012-11-28 06:10 347648 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 20:34 . 2012-11-28 06:10 559104 —-a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 16:59 . 2012-02-26 13:29 54072 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-10-04 16:45 . 2012-12-12 20:10 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-09-29 17:54 . 2011-05-20 21:03 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-28 14:37 . 2012-09-28 14:37 221696 —-a-w- c:\windows\system32\clinfo.exe
    2012-09-28 14:36 . 2012-09-28 14:36 75776 —-a-w- c:\windows\system32\OpenVideo64.dll
    2012-09-28 14:36 . 2012-09-28 14:36 65536 —-a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-09-28 14:36 . 2012-09-28 14:36 63488 —-a-w- c:\windows\system32\OVDecode64.dll
    2012-09-28 14:36 . 2012-09-28 14:36 56320 —-a-w- c:\windows\SysWow64\OVDecode.dll
    2012-09-28 14:36 . 2012-09-28 14:36 32635904 —-a-w- c:\windows\system32\amdocl64.dll
    2012-09-28 14:32 . 2012-09-28 14:32 27341824 —-a-w- c:\windows\SysWow64\amdocl.dll
    2012-09-28 02:23 . 2011-12-06 02:33 5557928 —-a-w- c:\windows\SysWow64\atiumdag.dll
    2012-09-28 02:21 . 2012-09-28 02:21 10697216 —-a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-09-28 02:05 . 2012-09-28 02:05 70144 —-a-w- c:\windows\system32\coinst_9.002.dll
    2012-09-28 02:03 . 2012-09-28 02:03 163840 —-a-w- c:\windows\system32\atiapfxx.exe
    2012-09-28 02:02 . 2012-09-28 02:02 51200 —-a-w- c:\windows\system32\aticalrt64.dll
    2012-09-28 02:02 . 2012-09-28 02:02 46080 —-a-w- c:\windows\SysWow64\aticalrt.dll
    2012-09-28 02:02 . 2012-09-28 02:02 44544 —-a-w- c:\windows\system32\aticalcl64.dll
    2012-09-28 02:02 . 2012-09-28 02:02 44032 —-a-w- c:\windows\SysWow64\aticalcl.dll
    2012-09-28 02:02 . 2012-09-28 02:02 16082432 —-a-w- c:\windows\system32\aticaldd64.dll
    2012-09-28 01:59 . 2012-09-28 01:59 23825920 —-a-w- c:\windows\system32\atio6axx.dll
    2012-09-28 01:57 . 2012-09-28 01:57 13703168 —-a-w- c:\windows\SysWow64\aticaldd.dll
    2012-09-28 01:43 . 2011-12-06 03:17 935424 —-a-w- c:\windows\SysWow64\aticfx32.dll
    2012-09-28 01:41 . 2011-04-06 02:02 1120768 —-a-w- c:\windows\system32\aticfx64.dll
    2012-09-28 01:41 . 2012-09-28 01:41 19624960 —-a-w- c:\windows\SysWow64\atioglxx.dll
    2012-09-28 01:39 . 2012-09-28 01:39 6536192 —-a-w- c:\windows\SysWow64\atidxx32.dll
    2012-09-28 01:39 . 2012-09-28 01:39 442368 —-a-w- c:\windows\system32\atidemgy.dll
    2012-09-28 01:39 . 2012-09-28 01:39 538112 —-a-w- c:\windows\system32\atieclxx.exe
    2012-09-28 01:38 . 2012-09-28 01:38 239616 —-a-w- c:\windows\system32\atiesrxx.exe
    2012-09-28 01:36 . 2012-09-28 01:36 120320 —-a-w- c:\windows\system32\atitmm64.dll
    2012-09-28 01:36 . 2012-09-28 01:36 21504 —-a-w- c:\windows\system32\atimuixx.dll
    2012-09-28 01:36 . 2012-09-28 01:36 59392 —-a-w- c:\windows\system32\atiedu64.dll
    2012-09-28 01:36 . 2012-09-28 01:36 43520 —-a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-09-28 01:31 . 2012-09-28 01:31 3127296 —-a-w- c:\windows\system32\atiumd6a.dll
    2012-09-28 01:25 . 2012-09-28 01:25 6704640 —-a-w- c:\windows\system32\atiumd64.dll
    2012-09-28 01:22 . 2011-04-06 01:44 7167488 —-a-w- c:\windows\system32\atidxx64.dll
    2012-09-28 01:22 . 2011-12-06 02:28 2691584 —-a-w- c:\windows\SysWow64\atiumdva.dll
    2012-09-28 01:13 . 2012-09-28 01:13 595456 —-a-w- c:\windows\system32\atiadlxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13 405504 —-a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-09-28 01:13 . 2012-09-28 01:13 17920 —-a-w- c:\windows\system32\atig6pxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13 14848 —-a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13 14848 —-a-w- c:\windows\system32\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13 41984 —-a-w- c:\windows\system32\atig6txx.dll
    2012-09-28 01:13 . 2012-09-28 01:13 33280 —-a-w- c:\windows\SysWow64\atigktxx.dll
    2012-09-28 01:12 . 2012-09-28 01:12 56320 —-a-w- c:\windows\system32\atimpc64.dll
    2012-09-28 01:12 . 2012-09-28 01:12 56320 —-a-w- c:\windows\system32\amdpcom64.dll
    2012-09-28 01:12 . 2012-09-28 01:12 460288 —-a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-09-28 01:12 . 2012-09-28 01:12 56832 —-a-w- c:\windows\SysWow64\atimpc32.dll
    2012-09-28 01:12 . 2012-09-28 01:12 56832 —-a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-09-28 01:11 . 2011-04-06 01:20 129536 —-a-w- c:\windows\system32\atiuxp64.dll
    2012-09-28 01:11 . 2012-09-28 01:11 109568 —-a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-09-28 01:11 . 2012-09-28 01:11 103424 —-a-w- c:\windows\system32\atiu9p64.dll
    2012-09-28 01:10 . 2011-12-06 02:11 82944 —-a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-09-28 01:09 . 2012-09-28 01:09 53248 —-a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-09-25 22:39 . 2012-11-16 17:28 95744 —-a-w- c:\windows\system32\synceng.dll
    2012-09-25 21:55 . 2012-11-16 17:28 78336 —-a-w- c:\windows\SysWow64\synceng.dll
    2012-09-24 13:32 . 2012-07-07 11:58 477168 ——w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-09-24 13:32 . 2011-05-23 08:40 473072 ——w- c:\windows\SysWow64\deployJava1.dll
    2012-09-24 07:01 . 2012-09-24 07:01 231376 —-a-w- c:\windows\system32\drivers\truecrypt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-23 138096]
    "Spotify Web Helper"="c:\users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
    "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "wmup"="c:\windows\system32\wmup.exe" [2012-01-31 348716]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
    "Adobe"="c:\programdata\Adobe\33E8BBC.vbe" [2012-12-03 7300]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="0"
    "UpdatesDisableNotify"="0"
    .
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
    R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-20 79360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
    R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-05-21 203320]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-20 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
    S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 136616]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-08-16 74616]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-08-16 384888]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-04-29 1677096]
    S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-06-06 79888]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 AODDriver4.01;AODDriver4.01;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-25 55424]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 t3;Auzen X-Fi Bravura 7.1;c:\windows\system32\drivers\t3.sys [2010-10-29 650328]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:58]
    .
    2012-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001Core.job
    - c:\users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:55]
    .
    2012-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001UA.job
    - c:\users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:55]
    .
    2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 08:12]
    .
    2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 08:12]
    .
    2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001Core.job
    - c:\users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 18:13]
    .
    2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001UA.job
    - c:\users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 18:13]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.diesiedleronline.de/de/startseite
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\system32\blank.htm
    uSearchAssistant = hxxp://www.Google.com/
    mSearchAssistant =
    TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{W14P25YM-40J7-CP2Y-7I86-82A3GOLWXSY2} - c:\windir\svchost.exe
    Toolbar-Locked - (no file)
    AddRemove-Giant Savings - c:\program files (x86)\Giant Savings\Uninstall.exe
    AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services
    pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1699955042-3480807450-769757675-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:f4,d0,e2,0c,35,07,9d,ce,e3,1b,f8,b9,0d,53,87,d4,db,55,df,e0,31,94,7a,
    f9,96,d7,86,35,09,eb,61,5d,fa,4e,1d,44,3f,3c,92,0e,ce,e0,62,3e,41,f8,69,92,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-1699955042-3480807450-769757675-1001\Software\SecuROM\License information*]
    "datasecu"=hex:eb,77,de,bc,c6,af,e0,86,0a,28,58,b0,cd,58,93,18,df,3c,83,6c,fd,
    20,0c,a0,13,2e,2f,e6,4b,30,d4,81,2d,75,61,30,53,b3,b9,bf,3d,a1,ae,e5,91,42,\
    "rkeysecu"=hex:8b,a2,ac,91,04,b4,3b,d5,a6,c7,5a,aa,d2,83,a6,89
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="DD3580248623CCB5DBCCE7587479283C613AD5E3DDE677451DD800D80AA3675BB470E924394CF95C5AF222682175E3DF3151C96235403F1F7FE0E95F488709F3344A2044F51BF26BBF8B14245E8607E1AE0F4366B6EE13AF294816FD9F7D6B6AB1EAC930D858FCB2B82A28E6B7ACAB12058D149EF7CD02E9E352DAD5D2D735F1B15E619773EFF1462CC19E122B107F07954ADF3B04DBAF052DA6DF851A8D1D81709537AEC9743EFE30AC8B8AA979469875A920715A3C52F8B65026B7223D6FD45B656C2CD51AE2768F2956381AD5D464EBEE20FDEE35378565BEFC930A258CE915FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CC038D530D6EB34524C9496E69886A7D45F86940FC994AC8057380FEB8A4660AB39C43E22D4DB6F7442A983FE0BEF53208BE41A49E13113DEBC535E75DA760F614E742422D29DDF3B5B6B21DE95BD4A9806D8DA4E8E2534456805B60FFE2CBA7C98D6097BCBD14F8FB61F41B356B462DB96AC1B78664AA58DEB396BDDA572DCB4911D6FC1A95A33A7D65C399A11AC353BE67EA113260CC5463AB2D479A56C30F416CE61787CAD4C6AA112E2A62B0F223C884039DDAD6AAFB2AC8A4EEF754F365C68C8691DF2561A75E1FE1BDF31DA4A196DB6AF0E027BC8C8FEAAB643B46233C02DBA999A64F0E019C5B8C4C0D02694BDECFC574A486538B2D0D0F1652206AD276EA887D44B312BD8E0A74438DD95AACC437F08AECE656850A8906842242973CB1A684A21C45DC56FA70A84A84F65FA9C8F011CCC044C89B2EDD085B543D1139F00A87EC8934FC147F46EF2EA3FE438355516F127FC7D8E20ECCBB8912C99E1445667468B1D757481093B00C9ECF75754FAAA6CB570F02D14D510751AAF2D771337784419E9D276F304A82202BB15126B4D7A71E5BB3461BD3D81B40842CDB0151F84239A2AFBA525ED4454C8B1476921FA99EC96DD67EA7E9BD67089FDD1AD0CEE850F272F9C22D2B0ED1144F92E1CCD17EA4C9B7ABD4DEDCC1A28BD9E21D16AEDCD37CEEDF2526D19D9DD8F63FCB3801A29033E5A7FCD551329E13B063AC45844FE529201D05F195C913D3A61FB7778DE630838688A79339039220C38ACF431FD1217E8269BB5AE0F72B9C68A85F5AC24FA55BCB44D1FBA4ECE762BDF9F8F048FD244BB3F4F85BA2C2DE1AC9A0803C70EA4E96DF3CCCFD23A476E0A474B0C154CE019E85279C67C12C547D56E88B324A4EAC7637D22E595A24E1E0EE07E205A6EAE5AC109BCAF6B82947EA28A1DE15651ABF5A9CC787AD03DE81C90C118C7821385CF0EB1CEBFAC2547A16616F1AC23E5187F418211ED88A16C83DD230EC4693B014986BEFAB69F03DE4EE5DB45F4029436721E633FE1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\users\Bert\AppData\Local\Temp\svchost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-12-18 11:10:37 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-12-18 10:10
    .
    Pre-Run: 321.151.148.032 bytes beschikbaar
    Post-Run: 320.944.365.568 bytes beschikbaar
    .
    - - End Of File - - D4253E8752BBD2215E6D4A534A81DB61

  • Laat weten hoe het nu gaat met jouw Windows.
  • Heb Mbam weer laten scannen. Hij meldt nog steeds 2 trojans in eerder genoemde map en weer bij svchost.exe.
  • Dit is het logbestand van Mbam:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.12.11.11

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bert :: BERT-PC [administrator]

    18-12-2012 11:47:05
    mbam-log-2012-12-18 (11-51-43).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 216564
    Verstreken tijd: 3 minuut/minuten, 49 seconde(n)

    Geheugenprocessen gedetecteerd: 1
    C:\Users\Bert\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> 4684 -> Geen actie ondernomen.

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\Users\Bert\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Geen actie ondernomen.

    (einde)
  • Download [b:56acd8d155] en plaats het op je bureaublad.
    [list:56acd8d155]
    [*:56acd8d155] Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
    [list:56acd8d155]
    [*:56acd8d155] [b:56acd8d155][/b:56acd8d155][/list:u:56acd8d155]
    [*:56acd8d155] Dubbelklik op [b:56acd8d155]TDSSKiller.exe[/b:56acd8d155] om de tool te starten. ([i:56acd8d155]Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken[/i:56acd8d155]).
    [*:56acd8d155] [i:56acd8d155]Als er door TDSSkiller een update wordt gevonden klikt u op de knop "[b:56acd8d155]Load update[/b:56acd8d155]"[/i:56acd8d155]
    [img:56acd8d155]http://www.imgdumper.nl/uploads6/506422ecca8b3/506422ecc81a0-TDSSkiller%28update%29.jpg[/img:56acd8d155]
    [*:56acd8d155] [i:56acd8d155]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.[/i:56acd8d155]
    [*:56acd8d155] [i:56acd8d155]Start nu TDSSkiller opnieuw.[/i:56acd8d155]
    [*:56acd8d155] Klik op "[b:56acd8d155]Change parameters[/b:56acd8d155]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
    [img:56acd8d155]http://www.imgdumper.nl/uploads6/5064230056569/506423005368c-TDSSkiller%28opties%29.jpg[/img:56acd8d155]
    [*:56acd8d155] Klik op de knop "[b:56acd8d155]Start Scan[/b:56acd8d155]" en volg de instructies.
    [list:56acd8d155]
    [*:56acd8d155] Gebruik
  • Er was geen herstart nodig, maar hij vond wel 6 bedreigingen op medium. Hier het logbestand:

    12:51:01.0641 4664 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:51:01.0842 4664 ============================================================
    12:51:01.0842 4664 Current date / time: 2012/12/18 12:51:01.0842
    12:51:01.0842 4664 SystemInfo:
    12:51:01.0842 4664
    12:51:01.0842 4664 OS Version: 6.1.7600 ServicePack: 0.0
    12:51:01.0842 4664 Product type: Workstation
    12:51:01.0842 4664 ComputerName: BERT-PC
    12:51:01.0843 4664 UserName: Bert
    12:51:01.0843 4664 Windows directory: C:\Windows
    12:51:01.0843 4664 System windows directory: C:\Windows
    12:51:01.0843 4664 Running under WOW64
    12:51:01.0843 4664 Processor architecture: Intel x64
    12:51:01.0843 4664 Number of processors: 4
    12:51:01.0843 4664 Page size: 0x1000
    12:51:01.0843 4664 Boot type: Normal boot
    12:51:01.0843 4664 ============================================================
    12:51:02.0955 4664 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:51:02.0959 4664 ============================================================
    12:51:02.0959 4664 \Device\Harddisk0\DR0:
    12:51:02.0960 4664 MBR partitions:
    12:51:02.0960 4664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x43994000
    12:51:02.0960 4664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x439C6800, BlocksNum 0x30D3F800
    12:51:02.0960 4664 ============================================================
    12:51:02.0981 4664 C: <-> \Device\Harddisk0\DR0\Partition1
    12:51:03.0016 4664 D: <-> \Device\Harddisk0\DR0\Partition2
    12:51:03.0017 4664 ============================================================
    12:51:03.0017 4664 Initialize success
    12:51:03.0017 4664 ============================================================
    12:52:15.0002 2856 ============================================================
    12:52:15.0002 2856 Scan started
    12:52:15.0002 2856 Mode: Manual; SigCheck; TDLFS;
    12:52:15.0002 2856 ============================================================
    12:52:15.0486 2856 ================ Scan system memory ========================
    12:52:15.0486 2856 System memory - ok
    12:52:15.0486 2856 ================ Scan services =============================
    12:52:15.0689 2856 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    12:52:15.0782 2856 1394ohci - ok
    12:52:15.0829 2856 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    12:52:15.0845 2856 ACPI - ok
    12:52:15.0860 2856 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    12:52:15.0892 2856 AcpiPmi - ok
    12:52:15.0970 2856 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:52:16.0001 2856 AdobeFlashPlayerUpdateSvc - ok
    12:52:16.0016 2856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    12:52:16.0048 2856 adp94xx - ok
    12:52:16.0063 2856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    12:52:16.0079 2856 adpahci - ok
    12:52:16.0094 2856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    12:52:16.0110 2856 adpu320 - ok
    12:52:16.0126 2856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:52:16.0219 2856 AeLookupSvc - ok
    12:52:16.0250 2856 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    12:52:16.0282 2856 AFD - ok
    12:52:16.0297 2856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    12:52:16.0313 2856 agp440 - ok
    12:52:16.0328 2856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    12:52:16.0344 2856 ALG - ok
    12:52:16.0360 2856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    12:52:16.0360 2856 aliide - ok
    12:52:16.0406 2856 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    12:52:16.0484 2856 AMD External Events Utility - ok
    12:52:16.0547 2856 AMD FUEL Service - ok
    12:52:16.0578 2856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    12:52:16.0609 2856 amdide - ok
    12:52:16.0656 2856 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    12:52:16.0703 2856 amdiox64 - ok
    12:52:16.0750 2856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    12:52:16.0796 2856 AmdK8 - ok
    12:52:16.0984 2856 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    12:52:17.0233 2856 amdkmdag - ok
    12:52:17.0264 2856 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    12:52:17.0280 2856 amdkmdap - ok
    12:52:17.0311 2856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    12:52:17.0342 2856 AmdPPM - ok
    12:52:17.0389 2856 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    12:52:17.0436 2856 amdsata - ok
    12:52:17.0452 2856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    12:52:17.0467 2856 amdsbs - ok
    12:52:17.0483 2856 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    12:52:17.0498 2856 amdxata - ok
    12:52:17.0514 2856 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    12:52:17.0530 2856 androidusb - ok
    12:52:17.0608 2856 [ B6B9F2C57193409C8B692FFAF509D21B ] AODDriver4.01 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
    12:52:17.0639 2856 AODDriver4.01 - ok
    12:52:17.0701 2856 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    12:52:17.0732 2856 AODDriver4.2 - ok
    12:52:17.0779 2856 [ B6098C92A0B8F257FD15A3A1D71BCC4A ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    12:52:17.0810 2856 AODService - ok
    12:52:17.0857 2856 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    12:52:17.0920 2856 AppID - ok
    12:52:17.0935 2856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    12:52:17.0982 2856 AppIDSvc - ok
    12:52:17.0982 2856 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    12:52:18.0013 2856 Appinfo - ok
    12:52:18.0060 2856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    12:52:18.0091 2856 arc - ok
    12:52:18.0107 2856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    12:52:18.0154 2856 arcsas - ok
    12:52:18.0216 2856 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    12:52:18.0247 2856 aspnet_state - ok
    12:52:18.0263 2856 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    12:52:18.0278 2856 aswFsBlk - ok
    12:52:18.0294 2856 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    12:52:18.0310 2856 aswMonFlt - ok
    12:52:18.0341 2856 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    12:52:18.0356 2856 aswRdr - ok
    12:52:18.0372 2856 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    12:52:18.0403 2856 aswSnx - ok
    12:52:18.0419 2856 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    12:52:18.0434 2856 aswSP - ok
    12:52:18.0434 2856 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    12:52:18.0450 2856 aswTdi - ok
    12:52:18.0450 2856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:52:18.0497 2856 AsyncMac - ok
    12:52:18.0497 2856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    12:52:18.0512 2856 atapi - ok
    12:52:18.0559 2856 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    12:52:18.0559 2856 AtiHDAudioService - ok
    12:52:18.0606 2856 atillk64 - ok
    12:52:18.0668 2856 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:52:18.0731 2856 AudioEndpointBuilder - ok
    12:52:18.0746 2856 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    12:52:18.0778 2856 AudioSrv - ok
    12:52:18.0809 2856 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    12:52:18.0840 2856 avast! Antivirus - ok
    12:52:18.0887 2856 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    12:52:18.0934 2856 AxInstSV - ok
    12:52:18.0965 2856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    12:52:18.0996 2856 b06bdrv - ok
    12:52:19.0027 2856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:52:19.0074 2856 b57nd60a - ok
    12:52:19.0090 2856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    12:52:19.0105 2856 BDESVC - ok
    12:52:19.0121 2856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:52:19.0152 2856 Beep - ok
    12:52:19.0199 2856 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    12:52:19.0230 2856 BFE - ok
    12:52:19.0261 2856 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
    12:52:19.0292 2856 BITS - ok
    12:52:19.0308 2856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    12:52:19.0324 2856 blbdrive - ok
    12:52:19.0339 2856 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:52:19.0355 2856 bowser - ok
    12:52:19.0355 2856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:52:19.0386 2856 BrFiltLo - ok
    12:52:19.0386 2856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:52:19.0402 2856 BrFiltUp - ok
    12:52:19.0433 2856 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    12:52:19.0495 2856 BridgeMP - ok
    12:52:19.0511 2856 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    12:52:19.0526 2856 Browser - ok
    12:52:19.0542 2856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    12:52:19.0573 2856 Brserid - ok
    12:52:19.0573 2856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    12:52:19.0604 2856 BrSerWdm - ok
    12:52:19.0620 2856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:52:19.0636 2856 BrUsbMdm - ok
    12:52:19.0651 2856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    12:52:19.0667 2856 BrUsbSer - ok
    12:52:19.0729 2856 [ 9D7BF8AB181DA27E2C13F701FCD5BD2F ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
    12:52:19.0776 2856 BstHdAndroidSvc - ok
    12:52:19.0823 2856 [ 781591A2EDC56188C31EF6D6AA53B66E ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    12:52:19.0823 2856 BstHdDrv - ok
    12:52:19.0870 2856 [ 15C160D8419F9FE74161B88B6A8EB799 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    12:52:19.0885 2856 BstHdLogRotatorSvc - ok
    12:52:19.0901 2856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    12:52:19.0916 2856 BTHMODEM - ok
    12:52:19.0932 2856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    12:52:19.0963 2856 bthserv - ok
    12:52:19.0979 2856 catchme - ok
    12:52:20.0010 2856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:52:20.0072 2856 cdfs - ok
    12:52:20.0166 2856 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:52:20.0260 2856 cdrom - ok
    12:52:20.0291 2856 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    12:52:20.0338 2856 CertPropSvc - ok
    12:52:20.0384 2856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    12:52:20.0400 2856 circlass - ok
    12:52:20.0431 2856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    12:52:20.0447 2856 CLFS - ok
    12:52:20.0478 2856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:52:20.0509 2856 clr_optimization_v2.0.50727_32 - ok
    12:52:20.0540 2856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:52:20.0556 2856 clr_optimization_v2.0.50727_64 - ok
    12:52:20.0618 2856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:52:20.0650 2856 clr_optimization_v4.0.30319_32 - ok
    12:52:20.0665 2856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:52:20.0665 2856 clr_optimization_v4.0.30319_64 - ok
    12:52:20.0681 2856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    12:52:20.0712 2856 CmBatt - ok
    12:52:20.0712 2856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    12:52:20.0728 2856 cmdide - ok
    12:52:20.0743 2856 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    12:52:20.0774 2856 CNG - ok
    12:52:20.0790 2856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    12:52:20.0790 2856 Compbatt - ok
    12:52:20.0806 2856 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    12:52:20.0837 2856 CompositeBus - ok
    12:52:20.0837 2856 COMSysApp - ok
    12:52:20.0930 2856 cpuz135 - ok
    12:52:20.0930 2856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    12:52:20.0977 2856 crcdisk - ok
    12:52:21.0008 2856 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    12:52:21.0024 2856 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    12:52:21.0024 2856 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
    12:52:21.0086 2856 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:52:21.0133 2856 CryptSvc - ok
    12:52:21.0164 2856 [ 9C1F16D3C73B753F437EB93176709470 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    12:52:21.0211 2856 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
    12:52:21.0211 2856 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
    12:52:21.0289 2856 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    12:52:21.0320 2856 cvhsvc - ok
    12:52:21.0352 2856 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:52:21.0398 2856 DcomLaunch - ok
    12:52:21.0430 2856 [ 952AC62074718C8F04F053E5073EEB45 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
    12:52:21.0461 2856 DefragFS - ok
    12:52:21.0476 2856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    12:52:21.0523 2856 defragsvc - ok
    12:52:21.0539 2856 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:52:21.0554 2856 DfsC - ok
    12:52:21.0586 2856 dgderdrv - ok
    12:52:21.0617 2856 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    12:52:21.0648 2856 dg_ssudbus - ok
    12:52:21.0679 2856 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    12:52:21.0710 2856 Dhcp - ok
    12:52:21.0726 2856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    12:52:21.0757 2856 discache - ok
    12:52:21.0773 2856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    12:52:21.0788 2856 Disk - ok
    12:52:21.0820 2856 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:52:21.0820 2856 Dnscache - ok
    12:52:21.0835 2856 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    12:52:21.0866 2856 dot3svc - ok
    12:52:21.0882 2856 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    12:52:21.0913 2856 DPS - ok
    12:52:21.0960 2856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:52:21.0991 2856 drmkaud - ok
    12:52:22.0038 2856 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:52:22.0085 2856 DXGKrnl - ok
    12:52:22.0100 2856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    12:52:22.0147 2856 EapHost - ok
    12:52:22.0210 2856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    12:52:22.0319 2856 ebdrv - ok
    12:52:22.0334 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    12:52:22.0350 2856 EFS - ok
    12:52:22.0366 2856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    12:52:22.0381 2856 elxstor - ok
    12:52:22.0459 2856 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    12:52:22.0490 2856 EPSON_EB_RPCV4_01 - ok
    12:52:22.0537 2856 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    12:52:22.0584 2856 EPSON_PM_RPCV4_01 - ok
    12:52:22.0600 2856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    12:52:22.0615 2856 ErrDev - ok
    12:52:22.0646 2856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    12:52:22.0678 2856 EventSystem - ok
    12:52:22.0693 2856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    12:52:22.0724 2856 exfat - ok
    12:52:22.0724 2856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:52:22.0771 2856 fastfat - ok
    12:52:22.0818 2856 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    12:52:22.0880 2856 Fax - ok
    12:52:22.0896 2856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    12:52:22.0912 2856 fdc - ok
    12:52:22.0943 2856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    12:52:23.0036 2856 fdPHost - ok
    12:52:23.0036 2856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    12:52:23.0068 2856 FDResPub - ok
    12:52:23.0083 2856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:52:23.0099 2856 FileInfo - ok
    12:52:23.0099 2856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:52:23.0146 2856 Filetrace - ok
    12:52:23.0146 2856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    12:52:23.0161 2856 flpydisk - ok
    12:52:23.0177 2856 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:52:23.0192 2856 FltMgr - ok
    12:52:23.0224 2856 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    12:52:23.0239 2856 FontCache - ok
    12:52:23.0270 2856 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:52:23.0270 2856 FontCache3.0.0.0 - ok
    12:52:23.0286 2856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    12:52:23.0302 2856 FsDepends - ok
    12:52:23.0317 2856 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:52:23.0333 2856 Fs_Rec - ok
    12:52:23.0395 2856 [ A33BCF3FAB19DB7D0B501036722F311B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    12:52:23.0426 2856 Futuremark SystemInfo Service - ok
    12:52:23.0458 2856 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    12:52:23.0489 2856 fvevol - ok
    12:52:23.0504 2856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:52:23.0520 2856 gagp30kx - ok
    12:52:23.0536 2856 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    12:52:23.0567 2856 gpsvc - ok
    12:52:23.0676 2856 [ F2DE79EC8A151BCF433BE1047F08B9CC ] GS In-Game Service C:\Program Files (x86)\GameTracker\GSInGameService.exe
    12:52:23.0738 2856 GS In-Game Service - ok
    12:52:23.0816 2856 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:52:23.0848 2856 gupdate - ok
    12:52:23.0863 2856 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:52:23.0879 2856 gupdatem - ok
    12:52:23.0910 2856 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    12:52:23.0926 2856 hamachi - ok
    12:52:23.0926 2856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    12:52:23.0957 2856 hcw85cir - ok
    12:52:23.0972 2856 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:52:24.0019 2856 HdAudAddService - ok
    12:52:24.0035 2856 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:52:24.0050 2856 HDAudBus - ok
    12:52:24.0066 2856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    12:52:24.0082 2856 HidBatt - ok
    12:52:24.0097 2856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    12:52:24.0113 2856 HidBth - ok
    12:52:24.0128 2856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    12:52:24.0128 2856 HidIr - ok
    12:52:24.0160 2856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    12:52:24.0191 2856 hidserv - ok
    12:52:24.0222 2856 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:52:24.0238 2856 HidUsb - ok
    12:52:24.0253 2856 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:52:24.0284 2856 hkmsvc - ok
    12:52:24.0300 2856 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    12:52:24.0316 2856 HomeGroupListener - ok
    12:52:24.0331 2856 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    12:52:24.0362 2856 HomeGroupProvider - ok
    12:52:24.0362 2856 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    12:52:24.0378 2856 HpSAMD - ok
    12:52:24.0409 2856 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:52:24.0440 2856 HTTP - ok
    12:52:24.0456 2856 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    12:52:24.0456 2856 hwpolicy - ok
    12:52:24.0472 2856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:52:24.0487 2856 i8042prt - ok
    12:52:24.0518 2856 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    12:52:24.0534 2856 iaStorV - ok
    12:52:24.0596 2856 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    12:52:24.0612 2856 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    12:52:24.0612 2856 IDriverT - detected UnsignedFile.Multi.Generic (1)
    12:52:24.0674 2856 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:52:24.0706 2856 idsvc - ok
    12:52:24.0721 2856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    12:52:24.0721 2856 iirsp - ok
    12:52:24.0752 2856 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    12:52:24.0784 2856 IKEEXT - ok
    12:52:24.0799 2856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    12:52:24.0815 2856 intelide - ok
    12:52:24.0846 2856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:52:24.0893 2856 intelppm - ok
    12:52:24.0908 2856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:52:24.0955 2856 IPBusEnum - ok
    12:52:24.0971 2856 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:52:25.0002 2856 IpFilterDriver - ok
    12:52:25.0049 2856 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    12:52:25.0080 2856 iphlpsvc - ok
    12:52:25.0080 2856 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    12:52:25.0096 2856 IPMIDRV - ok
    12:52:25.0111 2856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    12:52:25.0142 2856 IPNAT - ok
    12:52:25.0174 2856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:52:25.0189 2856 IRENUM - ok
    12:52:25.0220 2856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    12:52:25.0236 2856 isapnp - ok
    12:52:25.0314 2856 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    12:52:25.0345 2856 iScsiPrt - ok
    12:52:25.0392 2856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:52:25.0423 2856 kbdclass - ok
    12:52:25.0439 2856 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:52:25.0454 2856 kbdhid - ok
    12:52:25.0470 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    12:52:25.0486 2856 KeyIso - ok
    12:52:25.0532 2856 [ CC362AF6C5D13C3C5403819577ABD8C9 ] KMWDFILTERV1 C:\Windows\system32\DRIVERS\RPGMOUSEV1.sys
    12:52:25.0579 2856 KMWDFILTERV1 - ok
    12:52:25.0595 2856 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:52:25.0610 2856 KSecDD - ok
    12:52:25.0626 2856 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    12:52:25.0642 2856 KSecPkg - ok
    12:52:25.0642 2856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    12:52:25.0688 2856 ksthunk - ok
    12:52:25.0720 2856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:52:25.0766 2856 KtmRm - ok
    12:52:25.0782 2856 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    12:52:25.0798 2856 LanmanServer - ok
    12:52:25.0813 2856 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:52:25.0860 2856 LanmanWorkstation - ok
    12:52:25.0891 2856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:52:25.0954 2856 lltdio - ok
    12:52:25.0969 2856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:52:26.0000 2856 lltdsvc - ok
    12:52:26.0016 2856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:52:26.0032 2856 lmhosts - ok
    12:52:26.0078 2856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:52:26.0110 2856 LSI_FC - ok
    12:52:26.0125 2856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:52:26.0141 2856 LSI_SAS - ok
    12:52:26.0156 2856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:52:26.0188 2856 LSI_SAS2 - ok
    12:52:26.0203 2856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:52:26.0219 2856 LSI_SCSI - ok
    12:52:26.0250 2856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    12:52:26.0281 2856 luafv - ok
    12:52:26.0344 2856 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
    12:52:26.0375 2856 LVRS64 - ok
    12:52:26.0484 2856 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    12:52:26.0609 2856 LVUVC64 - ok
    12:52:26.0656 2856 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
    12:52:26.0687 2856 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
    12:52:26.0687 2856 MarvinBus - detected UnsignedFile.Multi.Generic (1)
    12:52:26.0702 2856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    12:52:26.0734 2856 megasas - ok
    12:52:26.0749 2856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    12:52:26.0765 2856 MegaSR - ok
    12:52:26.0780 2856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    12:52:26.0827 2856 MMCSS - ok
    12:52:26.0843 2856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    12:52:26.0874 2856 Modem - ok
    12:52:26.0890 2856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:52:26.0921 2856 monitor - ok
    12:52:26.0921 2856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:52:26.0936 2856 mouclass - ok
    12:52:26.0936 2856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:52:26.0952 2856 mouhid - ok
    12:52:26.0968 2856 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    12:52:26.0968 2856 mountmgr - ok
    12:52:26.0983 2856 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    12:52:26.0999 2856 mpio - ok
    12:52:26.0999 2856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:52:27.0030 2856 mpsdrv - ok
    12:52:27.0092 2856 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    12:52:27.0155 2856 MpsSvc - ok
    12:52:27.0170 2856 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:52:27.0202 2856 MRxDAV - ok
    12:52:27.0217 2856 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:52:27.0233 2856 mrxsmb - ok
    12:52:27.0280 2856 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:52:27.0326 2856 mrxsmb10 - ok
    12:52:27.0342 2856 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:52:27.0373 2856 mrxsmb20 - ok
    12:52:27.0404 2856 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    12:52:27.0436 2856 msahci - ok
    12:52:27.0467 2856 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    12:52:27.0482 2856 msdsm - ok
    12:52:27.0498 2856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    12:52:27.0514 2856 MSDTC - ok
    12:52:27.0529 2856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:52:27.0576 2856 Msfs - ok
    12:52:27.0592 2856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    12:52:27.0670 2856 mshidkmdf - ok
    12:52:27.0685 2856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    12:52:27.0685 2856 msisadrv - ok
    12:52:27.0732 2856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:52:27.0794 2856 MSiSCSI - ok
    12:52:27.0794 2856 msiserver - ok
    12:52:27.0826 2856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:52:27.0888 2856 MSKSSRV - ok
    12:52:27.0904 2856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:52:27.0935 2856 MSPCLOCK - ok
    12:52:27.0950 2856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:52:27.0982 2856 MSPQM - ok
    12:52:27.0982 2856 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:52:27.0997 2856 MsRPC - ok
    12:52:28.0013 2856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    12:52:28.0028 2856 mssmbios - ok
    12:52:28.0028 2856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:52:28.0060 2856 MSTEE - ok
    12:52:28.0060 2856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    12:52:28.0091 2856 MTConfig - ok
    12:52:28.0122 2856 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    12:52:28.0138 2856 MTsensor - ok
    12:52:28.0153 2856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    12:52:28.0169 2856 Mup - ok
    12:52:28.0184 2856 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    12:52:28.0231 2856 napagent - ok
    12:52:28.0262 2856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS
    wifi.sys
    12:52:28.0294 2856 NativeWifiP - ok
    12:52:28.0325 2856 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers
    dis.sys
    12:52:28.0356 2856 NDIS - ok
    12:52:28.0372 2856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS
    discap.sys
    12:52:28.0403 2856 NdisCap - ok
    12:52:28.0418 2856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS
    distapi.sys
    12:52:28.0450 2856 NdisTapi - ok
    12:52:28.0465 2856 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS
    disuio.sys
    12:52:28.0512 2856 Ndisuio - ok
    12:52:28.0528 2856 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS
    diswan.sys
    12:52:28.0543 2856 NdisWan - ok
    12:52:28.0559 2856 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:52:28.0590 2856 NDProxy - ok
    12:52:28.0606 2856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS
    etbios.sys
    12:52:28.0637 2856 NetBIOS - ok
    12:52:28.0637 2856 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS
    etbt.sys
    12:52:28.0684 2856 NetBT - ok
    12:52:28.0684 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    12:52:28.0699 2856 Netlogon - ok
    12:52:28.0715 2856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32
    etman.dll
    12:52:28.0762 2856 Netman - ok
    12:52:28.0793 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:52:28.0824 2856 NetMsmqActivator - ok
    12:52:28.0855 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:52:28.0871 2856 NetPipeActivator - ok
    12:52:28.0886 2856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32
    etprofm.dll
    12:52:28.0949 2856 netprofm - ok
    12:52:28.0964 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:52:28.0964 2856 NetTcpActivator - ok
    12:52:28.0964 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:52:28.0980 2856 NetTcpPortSharing - ok
    12:52:28.0996 2856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS
    frd960.sys
    12:52:29.0011 2856 nfrd960 - ok
    12:52:29.0027 2856 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32
    lasvc.dll
    12:52:29.0074 2856 NlaSvc - ok
    12:52:29.0089 2856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:52:29.0120 2856 Npfs - ok
    12:52:29.0136 2856 npggsvc - ok
    12:52:29.0152 2856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32
    sisvc.dll
    12:52:29.0214 2856 nsi - ok
    12:52:29.0214 2856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers
    siproxy.sys
    12:52:29.0245 2856 nsiproxy - ok
    12:52:29.0292 2856 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:52:29.0370 2856 Ntfs - ok
    12:52:29.0386 2856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    12:52:29.0417 2856 Null - ok
    12:52:29.0464 2856 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers
    vraid.sys
    12:52:29.0495 2856 nvraid - ok
    12:52:29.0510 2856 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers
    vstor.sys
    12:52:29.0526 2856 nvstor - ok
    12:52:29.0542 2856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS
    v_agp.sys
    12:52:29.0557 2856 nv_agp - ok
    12:52:29.0557 2856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    12:52:29.0573 2856 ohci1394 - ok
    12:52:29.0635 2856 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:52:29.0666 2856 ose - ok
    12:52:29.0791 2856 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:52:29.0869 2856 osppsvc - ok
    12:52:29.0900 2856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    12:52:29.0916 2856 p2pimsvc - ok
    12:52:29.0932 2856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    12:52:29.0947 2856 p2psvc - ok
    12:52:29.0994 2856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    12:52:30.0010 2856 Parport - ok
    12:52:30.0010 2856 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:52:30.0025 2856 partmgr - ok
    12:52:30.0041 2856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:52:30.0056 2856 PcaSvc - ok
    12:52:30.0072 2856 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    12:52:30.0072 2856 pci - ok
    12:52:30.0088 2856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    12:52:30.0103 2856 pciide - ok
    12:52:30.0103 2856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    12:52:30.0119 2856 pcmcia - ok
    12:52:30.0134 2856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    12:52:30.0150 2856 pcw - ok
    12:52:30.0244 2856 [ 1963155B9D5C22E66F2F7729CD0A6238 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    12:52:30.0290 2856 PDAgent - ok
    12:52:30.0384 2856 [ A817F42CA419A7FFFC813B393E45173C ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    12:52:30.0446 2856 PDEngine - ok
    12:52:30.0462 2856 [ 751500CEFA3D3B7A7FCB52C392F3BE78 ] PDFSFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
    12:52:30.0478 2856 PDFSFilter - ok
    12:52:30.0493 2856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:52:30.0524 2856 PEAUTH - ok
    12:52:30.0571 2856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    12:52:30.0618 2856 PerfHost - ok
    12:52:30.0665 2856 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    12:52:30.0743 2856 pla - ok
    12:52:30.0790 2856 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:52:30.0836 2856 PlugPlay - ok
    12:52:30.0852 2856 PnkBstrA - ok
    12:52:30.0883 2856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    12:52:30.0899 2856 PNRPAutoReg - ok
    12:52:30.0914 2856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    12:52:30.0930 2856 PNRPsvc - ok
    12:52:30.0961 2856 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:52:31.0008 2856 PolicyAgent - ok
    12:52:31.0024 2856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    12:52:31.0070 2856 Power - ok
    12:52:31.0102 2856 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:52:31.0164 2856 PptpMiniport - ok
    12:52:31.0180 2856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    12:52:31.0195 2856 Processor - ok
    12:52:31.0226 2856 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    12:52:31.0242 2856 ProfSvc - ok
    12:52:31.0258 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:52:31.0273 2856 ProtectedStorage - ok
    12:52:31.0304 2856 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    12:52:31.0351 2856 Psched - ok
    12:52:31.0398 2856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    12:52:31.0445 2856 ql2300 - ok
    12:52:31.0460 2856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    12:52:31.0476 2856 ql40xx - ok
    12:52:31.0492 2856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    12:52:31.0507 2856 QWAVE - ok
    12:52:31.0523 2856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:52:31.0538 2856 QWAVEdrv - ok
    12:52:31.0554 2856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:52:31.0585 2856 RasAcd - ok
    12:52:31.0601 2856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:52:31.0632 2856 RasAgileVpn - ok
    12:52:31.0632 2856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    12:52:31.0663 2856 RasAuto - ok
    12:52:31.0679 2856 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:52:31.0710 2856 Rasl2tp - ok
    12:52:31.0726 2856 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    12:52:31.0772 2856 RasMan - ok
    12:52:31.0772 2856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:52:31.0804 2856 RasPppoe - ok
    12:52:31.0819 2856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:52:31.0850 2856 RasSstp - ok
    12:52:31.0866 2856 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:52:31.0897 2856 rdbss - ok
    12:52:31.0913 2856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    12:52:31.0928 2856 rdpbus - ok
    12:52:31.0928 2856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:52:31.0960 2856 RDPCDD - ok
    12:52:31.0991 2856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:52:32.0022 2856 RDPENCDD - ok
    12:52:32.0038 2856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    12:52:32.0069 2856 RDPREFMP - ok
    12:52:32.0100 2856 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:52:32.0131 2856 RDPWD - ok
    12:52:32.0178 2856 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    12:52:32.0209 2856 rdyboost - ok
    12:52:32.0272 2856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:52:32.0350 2856 RemoteAccess - ok
    12:52:32.0365 2856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:52:32.0412 2856 RemoteRegistry - ok
    12:52:32.0412 2856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    12:52:32.0459 2856 RpcEptMapper - ok
    12:52:32.0459 2856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    12:52:32.0474 2856 RpcLocator - ok
    12:52:32.0490 2856 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    12:52:32.0521 2856 RpcSs - ok
    12:52:32.0537 2856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:52:32.0568 2856 rspndr - ok
    12:52:32.0630 2856 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    12:52:32.0662 2856 RTL8167 - ok
    12:52:32.0662 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    12:52:32.0677 2856 SamSs - ok
    12:52:32.0693 2856 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    12:52:32.0724 2856 sbp2port - ok
    12:52:32.0740 2856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:52:32.0771 2856 SCardSvr - ok
    12:52:32.0818 2856 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    12:52:32.0849 2856 SCDEmu - ok
    12:52:32.0864 2856 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    12:52:32.0911 2856 scfilter - ok
    12:52:32.0942 2856 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    12:52:32.0989 2856 Schedule - ok
    12:52:33.0005 2856 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:52:33.0036 2856 SCPolicySvc - ok
    12:52:33.0052 2856 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:52:33.0067 2856 SDRSVC - ok
    12:52:33.0083 2856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:52:33.0114 2856 secdrv - ok
    12:52:33.0114 2856 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    12:52:33.0145 2856 seclogon - ok
    12:52:33.0161 2856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    12:52:33.0192 2856 SENS - ok
    12:52:33.0208 2856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    12:52:33.0223 2856 SensrSvc - ok
    12:52:33.0239 2856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    12:52:33.0239 2856 Serenum - ok
    12:52:33.0254 2856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    12:52:33.0270 2856 Serial - ok
    12:52:33.0301 2856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    12:52:33.0348 2856 sermouse - ok
    12:52:33.0364 2856 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    12:52:33.0410 2856 SessionEnv - ok
    12:52:33.0426 2856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    12:52:33.0442 2856 sffdisk - ok
    12:52:33.0457 2856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    12:52:33.0473 2856 sffp_mmc - ok
    12:52:33.0488 2856 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    12:52:33.0488 2856 sffp_sd - ok
    12:52:33.0504 2856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    12:52:33.0520 2856 sfloppy - ok
    12:52:33.0566 2856 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    12:52:33.0598 2856 Sftfs - ok
    12:52:33.0660 2856 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    12:52:33.0691 2856 sftlist - ok
    12:52:33.0722 2856 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    12:52:33.0738 2856 Sftplay - ok
    12:52:33.0754 2856 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    12:52:33.0754 2856 Sftredir - ok
    12:52:33.0785 2856 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    12:52:33.0785 2856 Sftvol - ok
    12:52:33.0832 2856 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    12:52:33.0832 2856 sftvsa - ok
    12:52:33.0925 2856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    12:52:33.0988 2856 SharedAccess - ok
    12:52:34.0003 2856 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:52:34.0034 2856 ShellHWDetection - ok
    12:52:34.0050 2856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:52:34.0050 2856 SiSRaid2 - ok
    12:52:34.0066 2856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    12:52:34.0081 2856 SiSRaid4 - ok
    12:52:34.0222 2856 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    12:52:34.0268 2856 Skype C2C Service - ok
    12:52:34.0331 2856 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    12:52:34.0362 2856 SkypeUpdate - ok
    12:52:34.0393 2856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:52:34.0456 2856 Smb - ok
    12:52:34.0487 2856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:52:34.0534 2856 SNMPTRAP - ok
    12:52:34.0534 2856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    12:52:34.0549 2856 spldr - ok
    12:52:34.0580 2856 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    12:52:34.0596 2856 Spooler - ok
    12:52:34.0643 2856 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    12:52:34.0752 2856 sppsvc - ok
    12:52:34.0768 2856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    12:52:34.0799 2856 sppuinotify - ok
    12:52:34.0814 2856 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:52:34.0846 2856 srv - ok
    12:52:34.0861 2856 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:52:34.0877 2856 srv2 - ok
    12:52:34.0877 2856 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:52:34.0908 2856 srvnet - ok
    12:52:34.0939 2856 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    12:52:34.0955 2856 ssadbus - ok
    12:52:34.0986 2856 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    12:52:35.0002 2856 ssadmdfl - ok
    12:52:35.0017 2856 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    12:52:35.0033 2856 ssadmdm - ok
    12:52:35.0064 2856 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    12:52:35.0064 2856 ssadserd - ok
    12:52:35.0126 2856 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
    12:52:35.0173 2856 sscdbus - ok
    12:52:35.0204 2856 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
    12:52:35.0220 2856 sscdmdfl - ok
    12:52:35.0251 2856 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
    12:52:35.0267 2856 sscdmdm - ok
    12:52:35.0314 2856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:52:35.0345 2856 SSDPSRV - ok
    12:52:35.0376 2856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:52:35.0407 2856 SstpSvc - ok
    12:52:35.0454 2856 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    12:52:35.0470 2856 ssudmdm - ok
    12:52:35.0516 2856 [ 139FBA0F9854F8098E0ABF2A64B9D4B4 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
    12:52:35.0532 2856 ssudobex - ok
    12:52:35.0548 2856 Steam Client Service - ok
    12:52:35.0548 2856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    12:52:35.0563 2856 stexstor - ok
    12:52:35.0610 2856 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    12:52:35.0626 2856 stisvc - ok
    12:52:35.0641 2856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    12:52:35.0641 2856 swenum - ok
    12:52:35.0657 2856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    12:52:35.0704 2856 swprv - ok
    12:52:35.0735 2856 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    12:52:35.0766 2856 SysMain - ok
    12:52:35.0813 2856 [ FEF1F94983EFB41781BCBF7CB7AC822C ] t3 C:\Windows\system32\drivers\t3.sys
    12:52:35.0828 2856 t3 - ok
    12:52:35.0844 2856 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:52:35.0860 2856 TabletInputService - ok
    12:52:35.0875 2856 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:52:35.0922 2856 TapiSrv - ok
    12:52:35.0922 2856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    12:52:35.0969 2856 TBS - ok
    12:52:36.0000 2856 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:52:36.0062 2856 Tcpip - ok
    12:52:36.0125 2856 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:52:36.0156 2856 TCPIP6 - ok
    12:52:36.0172 2856 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:52:36.0203 2856 tcpipreg - ok
    12:52:36.0218 2856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:52:36.0218 2856 TDPIPE - ok
    12:52:36.0234 2856 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:52:36.0250 2856 TDTCP - ok
    12:52:36.0265 2856 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:52:36.0296 2856 tdx - ok
    12:52:36.0312 2856 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    12:52:36.0312 2856 TermDD - ok
    12:52:36.0328 2856 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    12:52:36.0374 2856 TermService - ok
    12:52:36.0406 2856 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
    12:52:36.0437 2856 Themes ( UnsignedFile.Multi.Generic ) - warning
    12:52:36.0437 2856 Themes - detected UnsignedFile.Multi.Generic (1)
    12:52:36.0468 2856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    12:52:36.0530 2856 THREADORDER - ok
    12:52:36.0546 2856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    12:52:36.0577 2856 TrkWks - ok
    12:52:36.0624 2856 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
    12:52:36.0640 2856 truecrypt - ok
    12:52:36.0671 2856 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:52:36.0702 2856 TrustedInstaller - ok
    12:52:36.0718 2856 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:52:36.0764 2856 tssecsrv - ok
    12:52:36.0780 2856 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:52:36.0811 2856 tunnel - ok
    12:52:36.0827 2856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    12:52:36.0842 2856 uagp35 - ok
    12:52:36.0858 2856 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:52:36.0889 2856 udfs - ok
    12:52:36.0905 2856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:52:36.0920 2856 UI0Detect - ok
    12:52:36.0936 2856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    12:52:36.0936 2856 uliagpkx - ok
    12:52:36.0952 2856 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:52:36.0967 2856 umbus - ok
    12:52:36.0983 2856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    12:52:36.0983 2856 UmPass - ok
    12:52:37.0076 2856 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    12:52:37.0123 2856 UMVPFSrv - ok
    12:52:37.0139 2856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    12:52:37.0201 2856 upnphost - ok
    12:52:37.0232 2856 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    12:52:37.0248 2856 usbaudio - ok
    12:52:37.0264 2856 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:52:37.0279 2856 usbccgp - ok
    12:52:37.0295 2856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    12:52:37.0310 2856 usbcir - ok
    12:52:37.0326 2856 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:52:37.0342 2856 usbehci - ok
    12:52:37.0357 2856 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:52:37.0373 2856 usbhub - ok
    12:52:37.0388 2856 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    12:52:37.0404 2856 usbohci - ok
    12:52:37.0420 2856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:52:37.0466 2856 usbprint - ok
    12:52:37.0498 2856 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    12:52:37.0513 2856 usbscan - ok
    12:52:37.0529 2856 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:52:37.0544 2856 USBSTOR - ok
    12:52:37.0544 2856 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    12:52:37.0560 2856 usbuhci - ok
    12:52:37.0576 2856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    12:52:37.0607 2856 UxSms - ok
    12:52:37.0622 2856 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    12:52:37.0638 2856 VaultSvc - ok
    12:52:37.0685 2856 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    12:52:37.0716 2856 VBoxNetAdp - ok
    12:52:37.0716 2856 VBoxNetFlt - ok
    12:52:37.0747 2856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    12:52:37.0763 2856 vdrvroot - ok
    12:52:37.0778 2856 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    12:52:37.0810 2856 vds - ok
    12:52:37.0825 2856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:52:37.0825 2856 vga - ok
    12:52:37.0841 2856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:52:37.0872 2856 VgaSave - ok
    12:52:37.0888 2856 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    12:52:37.0903 2856 vhdmp - ok
    12:52:37.0903 2856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    12:52:37.0919 2856 viaide - ok
    12:52:37.0934 2856 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    12:52:37.0950 2856 volmgr - ok
    12:52:37.0950 2856 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:52:37.0966 2856 volmgrx - ok
    12:52:37.0981 2856 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:52:37.0997 2856 volsnap - ok
    12:52:38.0012 2856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    12:52:38.0028 2856 vsmraid - ok
    12:52:38.0059 2856 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    12:52:38.0090 2856 VSS - ok
    12:52:38.0106 2856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    12:52:38.0122 2856 vwifibus - ok
    12:52:38.0137 2856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    12:52:38.0168 2856 W32Time - ok
    12:52:38.0168 2856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    12:52:38.0200 2856 WacomPen - ok
    12:52:38.0200 2856 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    12:52:38.0231 2856 WANARP - ok
    12:52:38.0231 2856 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:52:38.0262 2856 Wanarpv6 - ok
    12:52:38.0340 2856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    12:52:38.0418 2856 WatAdminSvc - ok
    12:52:38.0496 2856 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    12:52:38.0574 2856 wbengine - ok
    12:52:38.0590 2856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    12:52:38.0621 2856 WbioSrvc - ok
    12:52:38.0636 2856 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:52:38.0652 2856 wcncsvc - ok
    12:52:38.0668 2856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:52:38.0683 2856 WcsPlugInService - ok
    12:52:38.0699 2856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    12:52:38.0714 2856 Wd - ok
    12:52:38.0746 2856 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:52:38.0761 2856 Wdf01000 - ok
    12:52:38.0777 2856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:52:38.0792 2856 WdiServiceHost - ok
    12:52:38.0808 2856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:52:38.0824 2856 WdiSystemHost - ok
    12:52:38.0839 2856 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    12:52:38.0855 2856 WebClient - ok
    12:52:38.0870 2856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:52:38.0902 2856 Wecsvc - ok
    12:52:38.0902 2856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:52:38.0948 2856 wercplsupport - ok
    12:52:38.0980 2856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:52:39.0042 2856 WerSvc - ok
    12:52:39.0073 2856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    12:52:39.0104 2856 WfpLwf - ok
    12:52:39.0120 2856 [ 05ECAEC3E4529A7153B3136CEB
















  • Er miste nog een stuk.

    12:52:40.0618 2856 ================ Scan MBR ==================================
    12:52:40.0618 2856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:52:40.0820 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    12:52:40.0820 2856 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    12:52:40.0820 2856 ================ Scan VBR ==================================
    12:52:40.0820 2856 [ ED31718C841A1CCD312F6D16CB3172DA ] \Device\Harddisk0\DR0\Partition1
    12:52:40.0820 2856 \Device\Harddisk0\DR0\Partition1 - ok
    12:52:40.0836 2856 [ CCDE056452EB12FE04BD1254482F7802 ] \Device\Harddisk0\DR0\Partition2
    12:52:40.0836 2856 \Device\Harddisk0\DR0\Partition2 - ok
    12:52:40.0836 2856 ============================================================
    12:52:40.0836 2856 Scan finished
    12:52:40.0836 2856 ============================================================
    12:52:40.0852 4380 Detected object count: 6
    12:52:40.0852 4380 Actual detected object count: 6
    12:53:58.0104 4380 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    12:53:58.0104 4380 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:53:58.0104 4380 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
    12:53:58.0104 4380 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:53:58.0104 4380 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    12:53:58.0104 4380 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:53:58.0104 4380 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
    12:53:58.0104 4380 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:53:58.0120 4380 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
    12:53:58.0120 4380 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:53:58.0120 4380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    12:53:58.0120 4380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    12:55:14.0021 1732 Deinitialize success
  • Kijk aan:

    [b:bf241b8d82]12:53:58.0120 4380 \Device\Harddisk0\DR0 (
  • ok, zal ik doen. Ja, ik heb dat recentelijk nog gedaan.

    Er staat bij mij geen optie cure, alleen skip, copy to quarantine en delete.
  • Kies voor Copy to .. & Delete!
  • Daar zat ik op te wachten. TDSSKiller….No threats found.

    Bedankt voor je hulp Abraham54.
  • Doe de ComboFix scan nogmaals.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Post wederom de inhoud van het ComboFix-log.
  • ComboFix 12-12-17.02 - Bert 18-12-2012 22:13:22.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.8191.6480 [GMT 1:00]
    Gestart vanuit: C:\Users\Bert\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Users\Bert\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll


    (((((((((((((((((((( Bestanden Gemaakt van 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))


    2012-12-18 21:18:16 . 2012-12-18 21:18:16 ——– d—–w- C:\Users\Default\AppData\Local\temp
    2012-12-18 13:52:41 . 2012-12-18 13:52:41 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-12-18 12:45:40 . 2012-11-19 00:01:34 9125352 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98991AE7-A01A-41A5-BA23-0F27CA4B41F5}\mpengine.dll
    2012-12-18 09:47:18 . 2012-12-18 09:47:18 ——– d—–w- C:\Windows\ERUNT
    2012-12-18 09:47:14 . 2012-12-18 09:47:14 ——– d—–w- C:\JRT
    2012-12-17 23:04:32 . 2012-12-17 23:04:56 ——– d—–w- C:\Users\Bert\project_destiny_474
    2012-12-17 07:53:04 . 2012-12-17 07:53:17 ——– d—–w- C:\Program Files\Paint.NET
    2012-12-17 07:52:43 . 2012-12-17 12:03:26 ——– d—–w- C:\Users\Bert\AppData\Local\Paint.NET
    2012-12-12 20:11:05 . 2012-11-09 05:34:27 2048 —-a-w- C:\Windows\system32\tzres.dll
    2012-12-12 20:11:05 . 2012-11-09 04:49:37 2048 —-a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-10 07:22:28 . 2012-12-17 23:29:00 271200 —-a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-10 07:22:28 . 2012-12-16 15:13:13 271200 —-a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-10 07:22:16 . 2012-12-10 07:22:16 75136 —-a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-12-09 13:45:42 . 2012-12-09 13:45:42 796348 —-a-w- C:\Windows\SysWow64\phatk120724Caymanv2w128l4.bin
    2012-12-09 13:42:10 . 2012-12-09 13:42:10 ——– d—–w- C:\Users\Bert\AppData\Roaming\IonFx
    2012-12-09 11:26:34 . 2012-12-09 11:26:34 ——– d—–w- C:\Graphics
    2012-12-09 11:26:34 . 2009-03-10 22:25:30 191488 ——w- C:\Windows\SysWow64\mwgfx.dll
    2012-12-09 11:26:34 . 2008-10-20 12:44:58 237056 ——w- C:\Windows\SysWow64\mwgfx24.dll
    2012-12-09 11:26:34 . 2008-09-05 07:32:44 104960 ——w- C:\Windows\SysWow64\mwdds.dll
    2012-12-09 11:26:34 . 2007-08-19 08:37:24 28672 ——w- C:\Windows\SysWow64\mwgfxcopy.exe
    2012-12-09 11:26:34 . 2004-05-14 10:13:46 56832 ——w- C:\Windows\SysWow64\mwace.dll
    2012-12-07 20:40:40 . 2012-12-07 20:40:40 42440 —-a-w- C:\Windows\SysWow64\xfcodec.dll
    2012-12-07 20:40:38 . 2012-12-07 20:40:38 28104 —-a-w- C:\Windows\system32\xfcodec64.dll
    2012-12-04 08:44:50 . 2012-12-04 08:44:50 31344 —-a-w- C:\Windows\system32\drivers\cnnctfy2.sys
    2012-11-29 21:47:40 . 2012-11-29 21:47:40 ——– d—–w- C:\ProgramData\Orbit
    2012-11-22 06:58:59 . 2012-11-22 06:58:59 ——– d—–w- C:\Program Files (x86)\Common Files\Skype
    2012-11-19 12:13:21 . 2012-12-09 10:50:40 ——– d—–w- C:\Program Files (x86)\R.G. Mechanics
    .


    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-12-17 23:29:00 . 2011-06-13 11:01:35 271200 —-a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-12-12 20:44:56 . 2011-05-20 17:59:33 67413224 —-a-w- C:\Windows\system32\MRT.exe
    2012-12-12 15:58:35 . 2012-03-31 06:25:34 697272 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-12 15:58:35 . 2011-05-20 18:36:09 73656 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-30 22:51:56 . 2011-05-20 17:38:00 59728 —-a-w- C:\Windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51:55 . 2011-05-20 17:38:02 370288 —-a-w- C:\Windows\system32\drivers\aswSP.sys
    2012-10-30 22:51:55 . 2011-05-20 17:38:00 984144 —-a-w- C:\Windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:55 . 2011-05-20 17:37:59 71600 —-a-w- C:\Windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51:53 . 2011-05-20 17:38:02 25232 —-a-w- C:\Windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51:07 . 2011-05-20 17:36:34 41224 —-a-w- C:\Windows\avastSS.scr
    2012-10-30 22:50:59 . 2011-05-20 17:36:34 227648 —-a-w- C:\Windows\SysWow64\aswBoot.exe
    2012-10-30 22:50:30 . 2011-05-20 17:37:59 285328 —-a-w- C:\Windows\system32\aswBoot.exe
    2012-10-16 21:20:49 . 2012-11-28 06:10:51 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 21:20:46 . 2012-11-28 06:10:51 347648 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 20:34:37 . 2012-11-28 06:10:51 559104 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 16:59:28 . 2012-02-26 13:29:20 54072 —-a-w- C:\Windows\system32\drivers\aswRdr2.sys
    2012-10-04 16:45:31 . 2012-12-12 20:10:44 44032 —-a-w- C:\Windows\apppatch\acwow64.dll
    2012-09-29 17:54:26 . 2011-05-20 21:03:24 25928 —-a-w- C:\Windows\system32\drivers\mbam.sys
    2012-09-28 14:37:02 . 2012-09-28 14:37:02 221696 —-a-w- C:\Windows\system32\clinfo.exe
    2012-09-28 14:36:44 . 2012-09-28 14:36:44 75776 —-a-w- C:\Windows\system32\OpenVideo64.dll
    2012-09-28 14:36:40 . 2012-09-28 14:36:40 65536 —-a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-09-28 14:36:36 . 2012-09-28 14:36:36 63488 —-a-w- C:\Windows\system32\OVDecode64.dll
    2012-09-28 14:36:34 . 2012-09-28 14:36:34 56320 —-a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-09-28 14:36:24 . 2012-09-28 14:36:24 32635904 —-a-w- C:\Windows\system32\amdocl64.dll
    2012-09-28 14:32:16 . 2012-09-28 14:32:16 27341824 —-a-w- C:\Windows\SysWow64\amdocl.dll
    2012-09-28 02:23:00 . 2011-12-06 02:33:36 5557928 —-a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-09-28 02:21:20 . 2012-09-28 02:21:20 10697216 —-a-w- C:\Windows\system32\drivers\atikmdag.sys
    2012-09-28 02:05:38 . 2012-09-28 02:05:38 70144 —-a-w- C:\Windows\system32\coinst_9.002.dll
    2012-09-28 02:03:52 . 2012-09-28 02:03:52 163840 —-a-w- C:\Windows\system32\atiapfxx.exe
    2012-09-28 02:02:30 . 2012-09-28 02:02:30 51200 —-a-w- C:\Windows\system32\aticalrt64.dll
    2012-09-28 02:02:28 . 2012-09-28 02:02:28 46080 —-a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-09-28 02:02:22 . 2012-09-28 02:02:22 44544 —-a-w- C:\Windows\system32\aticalcl64.dll
    2012-09-28 02:02:20 . 2012-09-28 02:02:20 44032 —-a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-09-28 02:02:08 . 2012-09-28 02:02:08 16082432 —-a-w- C:\Windows\system32\aticaldd64.dll
    2012-09-28 01:59:56 . 2012-09-28 01:59:56 23825920 —-a-w- C:\Windows\system32\atio6axx.dll
    2012-09-28 01:57:20 . 2012-09-28 01:57:20 13703168 —-a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-09-28 01:43:28 . 2011-12-06 03:17:36 935424 —-a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-09-28 01:41:40 . 2011-04-06 02:02:00 1120768 —-a-w- C:\Windows\system32\aticfx64.dll
    2012-09-28 01:41:14 . 2012-09-28 01:41:14 19624960 —-a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-09-28 01:39:36 . 2012-09-28 01:39:36 6536192 —-a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-09-28 01:39:14 . 2012-09-28 01:39:14 442368 —-a-w- C:\Windows\system32\atidemgy.dll
    2012-09-28 01:39:08 . 2012-09-28 01:39:08 538112 —-a-w- C:\Windows\system32\atieclxx.exe
    2012-09-28 01:38:16 . 2012-09-28 01:38:16 239616 —-a-w- C:\Windows\system32\atiesrxx.exe
    2012-09-28 01:36:50 . 2012-09-28 01:36:50 120320 —-a-w- C:\Windows\system32\atitmm64.dll
    2012-09-28 01:36:36 . 2012-09-28 01:36:36 21504 —-a-w- C:\Windows\system32\atimuixx.dll
    2012-09-28 01:36:30 . 2012-09-28 01:36:30 59392 —-a-w- C:\Windows\system32\atiedu64.dll
    2012-09-28 01:36:26 . 2012-09-28 01:36:26 43520 —-a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-09-28 01:31:26 . 2012-09-28 01:31:26 3127296 —-a-w- C:\Windows\system32\atiumd6a.dll
    2012-09-28 01:25:24 . 2012-09-28 01:25:24 6704640 —-a-w- C:\Windows\system32\atiumd64.dll
    2012-09-28 01:22:42 . 2011-04-06 01:44:52 7167488 —-a-w- C:\Windows\system32\atidxx64.dll
    2012-09-28 01:22:30 . 2011-12-06 02:28:50 2691584 —-a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-09-28 01:13:40 . 2012-09-28 01:13:40 595456 —-a-w- C:\Windows\system32\atiadlxx.dll
    2012-09-28 01:13:30 . 2012-09-28 01:13:30 405504 —-a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-09-28 01:13:16 . 2012-09-28 01:13:16 17920 —-a-w- C:\Windows\system32\atig6pxx.dll
    2012-09-28 01:13:12 . 2012-09-28 01:13:12 14848 —-a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-09-28 01:13:12 . 2012-09-28 01:13:12 14848 —-a-w- C:\Windows\system32\atiglpxx.dll
    2012-09-28 01:13:08 . 2012-09-28 01:13:08 41984 —-a-w- C:\Windows\system32\atig6txx.dll
    2012-09-28 01:13:00 . 2012-09-28 01:13:00 33280 —-a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-09-28 01:12:58 . 2012-09-28 01:12:58 56320 —-a-w- C:\Windows\system32\atimpc64.dll
    2012-09-28 01:12:58 . 2012-09-28 01:12:58 56320 —-a-w- C:\Windows\system32\amdpcom64.dll
    2012-09-28 01:12:52 . 2012-09-28 01:12:52 460288 —-a-w- C:\Windows\system32\drivers\atikmpag.sys
    2012-09-28 01:12:48 . 2012-09-28 01:12:48 56832 —-a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-09-28 01:12:48 . 2012-09-28 01:12:48 56832 —-a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-09-28 01:11:22 . 2011-04-06 01:20:58 129536 —-a-w- C:\Windows\system32\atiuxp64.dll
    2012-09-28 01:11:16 . 2012-09-28 01:11:16 109568 —-a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-09-28 01:11:08 . 2012-09-28 01:11:08 103424 —-a-w- C:\Windows\system32\atiu9p64.dll
    2012-09-28 01:10:58 . 2011-12-06 02:11:02 82944 —-a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-09-28 01:09:48 . 2012-09-28 01:09:48 53248 —-a-w- C:\Windows\system32\drivers\ati2erec.dll
    2012-09-25 22:39:14 . 2012-11-16 17:28:11 95744 —-a-w- C:\Windows\system32\synceng.dll
    2012-09-25 21:55:17 . 2012-11-16 17:28:10 78336 —-a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-24 13:32:24 . 2012-07-07 11:58:45 477168 ——w- C:\Windows\SysWow64
    pdeployJava1.dll
    2012-09-24 13:32:20 . 2011-05-23 08:40:31 473072 ——w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-24 07:01:07 . 2012-09-24 07:01:07 231376 —-a-w- C:\Windows\system32\drivers\truecrypt.sys


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-23 07:55:28 138096]
    "Spotify Web Helper"="C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 16:32:16 1199576]
    "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 04:24:06 21432]
    "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 04:23:56 975800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 11:55:40 18432]
    "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-10 23:00:00 90112]
    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 15:38:18 421888]
    "wmup"="C:\Windows\system32\wmup.exe" [2012-01-31 13:38:50 348716]
    "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 04:23:56 3524536]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 10:41:54 254896]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 15:06:40 642728]
    "Adobe"="C:\ProgramData\Adobe\33E8BBC.vbe" [2012-12-03 12:34:36 7300]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="0"
    "UpdatesDisableNotify"="0"

    R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 10:21:24 160944]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [2010-12-21 05:55:02 36328]
    R3 atillk64;atillk64;C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
    R3 cpuz135;cpuz135;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-20 19:34:34 79360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2012-05-21 02:09:00 99384]
    R3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 08:02:12 130976]
    R3 KMWDFILTERV1;HIDUASServiceDesc;C:\Windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 15:59:32 24576]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [2011-08-19 08:27:30 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 08:27:30 4869024]
    R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2011-06-02 05:47:22 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 05:47:22 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 05:47:22 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [2011-06-02 05:47:22 146920]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 02:09:00 203320]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudobex.sys [2012-05-21 02:09:00 203320]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 12:45:22 146736]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-20 20:00:14 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-09-28 01:38:16 239616]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 14:43:40 361984]
    S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 09:13:58 57472]
    S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 20:54:38 136616]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]
    S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-08-16 15:46:04 74616]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-08-16 15:46:10 384888]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 13:22:40 822624]
    S2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-04-29 19:16:08 1677096]
    S2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys [2011-06-06 06:07:12 79888]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 07:30:18 508776]
    S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 11:13:44 3064000]
    S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 08:26:50 450848]
    S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 07:18:24 46136]
    S3 AODDriver4.01;AODDriver4.01;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-25 20:52:56 55424]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 06:12:30 96896]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 04:34:52 539240]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 07:30:10 764264]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 07:30:18 268648]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 07:30:18 25960]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 07:30:22 22376]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 07:30:22 219496]
    S3 t3;Auzen X-Fi Bravura 7.1;C:\Windows\system32\drivers\t3.sys [2010-10-29 08:43:26 650328]


    Inhoud van de 'Gedeelde Taken' map

    2012-12-18 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 06:25:34 . 2012-12-12 15:58:35]

    2012-12-18 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001Core.job
    - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 08:07:33 . 2012-09-23 07:55:28]

    2012-12-18 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001UA.job
    - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 08:07:33 . 2012-09-23 07:55:28]

    2012-12-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 08:12:28 . 2011-06-07 08:12:27]

    2012-12-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 08:12:28 . 2011-06-07 08:12:27]

    2012-12-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001Core.job
    - C:\Users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 18:13:22 . 2011-05-20 18:13:22]

    2012-12-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1699955042-3480807450-769757675-1001UA.job
    - C:\Users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 18:13:22 . 2011-05-20 18:13:22]


    ——— X64 Entries ———–


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50:24 133400 —-a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

    ——- Bijkomende Scan ——-

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = hxxp://www.diesiedleronline.de/de/startseite
    mStart Page = hxxp://www.google.com
    mLocal Page = C:\Windows\system32\blank.htm
    uSearchAssistant = hxxp://www.Google.com/
    mSearchAssistant =
    TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    AddRemove-Giant Savings - C:\Program Files (x86)\Giant Savings\Uninstall.exe
  • Mooi.
    Hoe draait jouw Windows nu?

    En je gebruikt losse videocodecs?
    Kijk dan maar eens naar de KMPlayer.
    Daar ben ik op over gestapt.

    En een perfecte Windows reiniger: http://www.nationaalcomputerforum.nl/showthread.php?t=99605
  • Windows draait prima nu.

    Kmplayer geinstalleerd. Ziet er goed uit.

    Nogmaals bedankt.
  • Mooi dat alles weer normaal is.

    Download naar je bureaublad [b:54b26466d0].
    [list:54b26466d0][*:54b26466d0] Klik/dubbelklik op [b:54b26466d0]SecurityCheck.exe[/b:54b26466d0] en let op de instrukties in het zwarte venster.
    [*:54b26466d0] Een Kladblok document genaamd [b:54b26466d0]checkup.txt[/b:54b26466d0] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:54b26466d0] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:54b26466d0]
    Post de inhoud van [b:54b26466d0]checkup.txt [/b:54b26466d0]in je volgende post.
  • security check:

    Results of screen317's Security Check version 0.99.56
    Windows 7 x64

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.