Mededeling

**Marckie** · 18-06-13, 17:34

Zonder logjes te posten kunnen wij ook niet oordelen.
http://www.nucia.eu/forum/threads/12...ericht-plaatst!

**steven92** · 18-06-13, 18:26

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Steven van den Berg at 19:07:37 on 2013-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2148 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.e xe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Steven van den Berg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Spotify Web Helper] "C:\Users\Steven van den Berg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Facebook Update] "C:\Users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EPSON002977 (Epson Stylus SX430)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\STEVEN~1\AppData\Local\Temp\E_SDEF9.tmp" /EF "HKCU"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{40B7D116-F544-4E44-95AA-F9C873A9DD3C} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{8BA78F60-8759-422C-9338-0B9329AE1EC3} : DHCPNameServer = 212.54.35.25 212.54.40.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 189936]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-2-15 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-2-15 28216]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-21 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-21 378432]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-6-18 109352]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technologie;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-14 14904]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-23 3467768]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-10-22 128352]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-7-27 26208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-15 805088]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2013-3-18 36864]
S3 EyeTV_One;EyeTV One PBDA Service;C:\Windows\System32\drivers\EyeTV_One.sys [2010-12-6 688352]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-15 1255736]
.
=============== Created Last 30 ================
.
2013-06-18 12:59:40 -------- d-----w- C:\Windows\pss
2013-06-18 12:53:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-06-18 12:42:25 -------- d-----w- C:\Program Files\HitmanPro
2013-06-18 12:42:21 -------- d-----w- C:\ProgramData\HitmanPro
2013-06-18 09:43:09 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{679233CB-551A-4EE6-8503-5D15ED647453}\mpengine.dll
2013-06-12 21:10:38 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 20:52:02 -------- d-----w- C:\Program Files\iPod
2013-06-12 20:52:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 20:52:00 -------- d-----w- C:\Program Files\iTunes
2013-06-12 20:52:00 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-12 08:47:06 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 08:47:04 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 08:47:04 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 08:47:03 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 08:47:03 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 08:47:03 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 08:47:03 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-12 08:47:02 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 08:47:02 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 08:47:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 08:46:51 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 08:46:51 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 08:46:49 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 08:46:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:46:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:46:41 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 08:46:41 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 08:46:35 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 08:46:34 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-06 05:54:41 -------- d-----w- C:\Program Files\Common Files\EPSON
2013-06-06 05:54:39 -------- d-----w- C:\ProgramData\EPSON
2013-06-06 05:54:25 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2013-06-06 05:54:23 88064 ----a-w- C:\Windows\System32\E_IBCBHAE.DLL
2013-06-06 05:54:23 118784 ----a-w- C:\Windows\System32\E_ILMHAE.DLL
.
==================== Find3M ====================
.
2013-06-12 08:55:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:55:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-28 22:42:52 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-28 22:42:50 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-28 22:42:50 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:08:19,11 ===============

**steven92** · 18-06-13, 18:28

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-18 19:23:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006b ATA_____ rev.HPM1 298,09GB
Running: lizcpd9k.exe; Driver: C:\Users\STEVEN~1\AppData\Local\Temp\uxtoqpob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031bf000 10 bytes [0A, 00, C7, 41, 68, 01, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 577 fffff800031bf011 15 bytes [89, 5C, 24, 18, 44, 89, 4C, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f813c0 5 bytes JMP 0000000149740470
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f81410 5 bytes JMP 0000000149740460
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 5 bytes JMP 0000000149740370
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f815c0 5 bytes JMP 0000000149740480
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f815d0 5 bytes JMP 00000001497403e0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f81680 5 bytes JMP 0000000149740320
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f816b0 5 bytes JMP 00000001497403b0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f816d0 5 bytes JMP 0000000149740390
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f81710 5 bytes JMP 00000001497402e0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f81760 5 bytes JMP 0000000149740440
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f81790 5 bytes JMP 00000001497402d0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f817b0 5 bytes JMP 0000000149740310
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f817f0 5 bytes JMP 00000001497403c0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f81840 5 bytes JMP 00000001497403f0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f819a0 1 byte JMP 0000000149740230
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f819a2 3 bytes {JMP 0xffffffffd27be890}
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f81b60 5 bytes JMP 0000000149740490
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f81b90 5 bytes JMP 00000001497403a0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f81c70 5 bytes JMP 00000001497402f0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f81c80 5 bytes JMP 0000000149740350
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f81ce0 5 bytes JMP 0000000149740290
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f81d70 5 bytes JMP 00000001497402b0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f81d90 5 bytes JMP 00000001497403d0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f81da0 1 byte JMP 0000000149740330
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f81da2 3 bytes {JMP 0xffffffffd27be590}
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f81e10 5 bytes JMP 0000000149740410
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f81e40 5 bytes JMP 0000000149740240
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f82100 5 bytes JMP 00000001497401e0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f821c0 1 byte JMP 0000000149740250
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f821c2 3 bytes {JMP 0xffffffffd27be090}
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f821f0 5 bytes JMP 00000001497404a0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f82200 5 bytes JMP 00000001497404b0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f82230 5 bytes JMP 0000000149740300
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f82240 5 bytes JMP 0000000149740360
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f822a0 5 bytes JMP 00000001497402a0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f822f0 5 bytes JMP 00000001497402c0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 5 bytes JMP 0000000149740380
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f82330 5 bytes JMP 0000000149740340
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f82620 5 bytes JMP 0000000149740450
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f82820 5 bytes JMP 0000000149740260
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f82830 5 bytes JMP 0000000149740270
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f82840 5 bytes JMP 0000000149740400
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f82a00 5 bytes JMP 00000001497401f0
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f82a10 5 bytes JMP 0000000149740210
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f82a80 5 bytes JMP 0000000149740200
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f82ae0 5 bytes JMP 0000000149740420
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f82af0 5 bytes JMP 0000000149740430
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f82b00 5 bytes JMP 0000000149740220
.text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f82be0 5 bytes JMP 0000000149740280
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f813c0 5 bytes JMP 00000000770e0470
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f81410 5 bytes JMP 00000000770e0460
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 5 bytes JMP 00000000770e0370
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f815c0 5 bytes JMP 00000000770e0480
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f815d0 5 bytes JMP 00000000770e03e0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f81680 5 bytes JMP 00000000770e0320
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f816b0 5 bytes JMP 00000000770e03b0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f816d0 5 bytes JMP 00000000770e0390
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f81710 5 bytes JMP 00000000770e02e0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f81760 5 bytes JMP 00000000770e0440
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f81790 5 bytes JMP 00000000770e02d0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f817b0 5 bytes JMP 00000000770e0310
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f817f0 5 bytes JMP 00000000770e03c0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f81840 5 bytes JMP 00000000770e03f0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f819a0 1 byte JMP 00000000770e0230
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f819a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f81b60 5 bytes JMP 00000000770e0490
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f81b90 5 bytes JMP 00000000770e03a0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f81c70 5 bytes JMP 00000000770e02f0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f81c80 5 bytes JMP 00000000770e0350
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f81ce0 5 bytes JMP 00000000770e0290
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f81d70 5 bytes JMP 00000000770e02b0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f81d90 5 bytes JMP 00000000770e03d0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f81da0 1 byte JMP 00000000770e0330
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f81da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f81e10 5 bytes JMP 00000000770e0410
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f81e40 5 bytes JMP 00000000770e0240
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f82100 5 bytes JMP 00000000770e01e0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f821c0 1 byte JMP 00000000770e0250
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f821c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f821f0 5 bytes JMP 00000000770e04a0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f82200 5 bytes JMP 00000000770e04b0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f82230 5 bytes JMP 00000000770e0300
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f82240 5 bytes JMP 00000000770e0360
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f822a0 5 bytes JMP 00000000770e02a0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f822f0 5 bytes JMP 00000000770e02c0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 5 bytes JMP 00000000770e0380
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f82330 5 bytes JMP 00000000770e0340
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f82620 5 bytes JMP 00000000770e0450
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f82820 5 bytes JMP 00000000770e0260
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f82830 5 bytes JMP 00000000770e0270
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f82840 5 bytes JMP 00000000770e0400
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f82a00 5 bytes JMP 00000000770e01f0
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f82a10 5 bytes JMP 00000000770e0210
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f82a80 5 bytes JMP 00000000770e0200
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f82ae0 5 bytes JMP 00000000770e0420
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f82af0 5 bytes JMP 00000000770e0430
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f82b00 5 bytes JMP 00000000770e0220
.text C:\Windows\system32\wininit.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f82be0 5 bytes JMP 00000000770e0280
.text C:\Windows\system32\wininit.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d6eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f813c0 5 bytes JMP 0000000149740470
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f81410 5 bytes JMP 0000000149740460
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 5 bytes JMP 0000000149740370
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f815c0 5 bytes JMP 0000000149740480
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f815d0 5 bytes JMP 00000001497403e0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f81680 5 bytes JMP 0000000149740320
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f816b0 5 bytes JMP 00000001497403b0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f816d0 5 bytes JMP 0000000149740390
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f81710 5 bytes JMP 00000001497402e0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f81760 5 bytes JMP 0000000149740440
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f81790 5 bytes JMP 00000001497402d0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f817b0 5 bytes JMP 0000000149740310
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f817f0 5 bytes JMP 00000001497403c0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f81840 5 bytes JMP 00000001497403f0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f819a0 1 byte JMP 0000000149740230
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f819a2 3 bytes {JMP 0xffffffffd27be890}
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f81b60 5 bytes JMP 0000000149740490
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f81b90 5 bytes JMP 00000001497403a0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f81c70 5 bytes JMP 00000001497402f0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f81c80 5 bytes JMP 0000000149740350
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f81ce0 5 bytes JMP 0000000149740290
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f81d70 5 bytes JMP 00000001497402b0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f81d90 5 bytes JMP 00000001497403d0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f81da0 1 byte JMP 0000000149740330
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f81da2 3 bytes {JMP 0xffffffffd27be590}
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f81e10 5 bytes JMP 0000000149740410
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f81e40 5 bytes JMP 0000000149740240
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f82100 5 bytes JMP 00000001497401e0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f821c0 1 byte JMP 0000000149740250
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f821c2 3 bytes {JMP 0xffffffffd27be090}
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f821f0 5 bytes JMP 00000001497404a0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f82200 5 bytes JMP 00000001497404b0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f82230 5 bytes JMP 0000000149740300
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f82240 5 bytes JMP 0000000149740360
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f822a0 5 bytes JMP 00000001497402a0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f822f0 5 bytes JMP 00000001497402c0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 5 bytes JMP 0000000149740380
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f82330 5 bytes JMP 0000000149740340
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f82620 5 bytes JMP 0000000149740450
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f82820 5 bytes JMP 0000000149740260
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f82830 5 bytes JMP 0000000149740270
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f82840 5 bytes JMP 0000000149740400
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f82a00 5 bytes JMP 00000001497401f0
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f82a10 5 bytes JMP 0000000149740210
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f82a80 5 bytes JMP 0000000149740200
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f82ae0 5 bytes JMP 0000000149740420
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f82af0 5 bytes JMP 0000000149740430
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f82b00 5 bytes JMP 0000000149740220
.text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f82be0 5 bytes JMP 0000000149740280
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f813c0 5 bytes JMP 00000000770e0470
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f81410 5 bytes JMP 00000000770e0460
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f81570 5 bytes JMP 00000000770e0370
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f815c0 5 bytes JMP 00000000770e0480
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f815d0 5 bytes JMP 00000000770e03e0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f81680 5 bytes JMP 00000000770e0320
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f816b0 5 bytes JMP 00000000770e03b0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f816d0 5 bytes JMP 00000000770e0390
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f81710 5 bytes JMP 00000000770e02e0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f81760 5 bytes JMP 00000000770e0440
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f81790 5 bytes JMP 00000000770e02d0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f817b0 5 bytes JMP 00000000770e0310
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f817f0 5 bytes JMP 00000000770e03c0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f81840 5 bytes JMP 00000000770e03f0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f819a0 1 byte JMP 00000000770e0230
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f819a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f81b60 5 bytes JMP 00000000770e0490
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f81b90 5 bytes JMP 00000000770e03a0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f81c70 5 bytes JMP 00000000770e02f0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f81c80 5 bytes JMP 00000000770e0350
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f81ce0 5 bytes JMP 00000000770e0290
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f81d70 5 bytes JMP 00000000770e02b0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f81d90 5 bytes JMP 00000000770e03d0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f81da0 1 byte JMP 00000000770e0330
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f81da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f81e10 5 bytes JMP 00000000770e0410
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f81e40 5 bytes JMP 00000000770e0240
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f82100 5 bytes JMP 00000000770e01e0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f821c0 1 byte JMP 00000000770e0250
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f821c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f821f0 5 bytes JMP 00000000770e04a0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f82200 5 bytes JMP 00000000770e04b0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f82230 5 bytes JMP 00000000770e0300
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f82240 5 bytes JMP 00000000770e0360
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f822a0 5 bytes JMP 00000000770e02a0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f822f0 5 bytes JMP 00000000770e02c0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f82320 5 bytes JMP 00000000770e0380
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f82330 5 bytes JMP 00000000770e0340
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f82620 5 bytes JMP 00000000770e0450
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f82820 5 bytes JMP 00000000770e0260
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f82830 5 bytes JMP 00000000770e0270
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f82840 5 bytes JMP 00000000770e0400
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f82a00 5 bytes JMP 00000000770e01f0
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f82a10 5 bytes JMP 00000000770e0210
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f82a80 5 bytes JMP 00000000770e0200
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f82ae0 5 bytes JMP 00000000770e0420
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f82af0 5 bytes JMP 00000000770e0430
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f82b00 5 bytes JMP 00000000770e0220
.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f82be0 5 bytes JMP 00000000770e0280
.text C:\Windows\system32\services.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189

**Marckie** · 18-06-13, 18:29

De andere logjes ook nog graag.
Dus eerst de scan met MBAM, dan de log van DDS, en daarna de log van Gmer.
De volgorde speelt ook een rol.

**steven92** · 18-06-13, 18:31

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.06.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Steven van den Berg :: LAPTOPSTEVEN [administrator]

18-6-2013 16:28:33
mbam-log-2013-06-18 (16-28-33).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 210548
Verstreken tijd: 3 minuut/minuten, 55 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

**Marckie** · 18-06-13, 18:33

De log van Gmer is niet kompleet.

**steven92** · 18-06-13, 18:33

MyAlbum

http://www.mijnbestand.nl/Bestand-GN7AQNGTHLHJ.log

Via deze link is de log GMER te vinden, was te groot om te posten..

**Marckie** · 18-06-13, 18:36

Downloadt TDSSKiller en plaats het op je bureaublad.
Dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op "Change parameters" en vink aan:
- Services and drivers
- Boot sectors
- Verify drivers digital signatures
Klik op "OK"
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
De unsigned files skip je.
Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
Post dat logje.

**steven92** · 18-06-13, 18:44

19:39:00.0465 3588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:39:00.0829 3588 ============================================================
19:39:00.0829 3588 Current date / time: 2013/06/18 19:39:00.0829
19:39:00.0829 3588 SystemInfo:
19:39:00.0829 3588
19:39:00.0829 3588 OS Version: 6.1.7601 ServicePack: 1.0
19:39:00.0829 3588 Product type: Workstation
19:39:00.0829 3588 ComputerName: LAPTOPSTEVEN
19:39:00.0829 3588 UserName: Steven van den Berg
19:39:00.0829 3588 Windows directory: C:\Windows
19:39:00.0829 3588 System windows directory: C:\Windows
19:39:00.0829 3588 Running under WOW64
19:39:00.0829 3588 Processor architecture: Intel x64
19:39:00.0829 3588 Number of processors: 2
19:39:00.0829 3588 Page size: 0x1000
19:39:00.0829 3588 Boot type: Normal boot
19:39:00.0829 3588 ============================================================
19:39:02.0113 3588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:02.0121 3588 ============================================================
19:39:02.0121 3588 \Device\Harddisk0\DR0:
19:39:02.0121 3588 MBR partitions:
19:39:02.0121 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2398E800
19:39:02.0121 3588 ============================================================
19:39:02.0174 3588 C: <-> \Device\Harddisk0\DR0\Partition1
19:39:02.0174 3588 ============================================================
19:39:02.0175 3588 Initialize success
19:39:02.0175 3588 ============================================================
19:39:57.0872 3632 ============================================================
19:39:57.0872 3632 Scan started
19:39:57.0872 3632 Mode: Manual; SigCheck;
19:39:57.0872 3632 ============================================================
19:39:58.0186 3632 ================ Scan system memory ========================
19:39:58.0186 3632 System memory - ok
19:39:58.0187 3632 ================ Scan services =============================
19:39:58.0345 3632 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:39:58.0442 3632 1394ohci - ok
19:39:58.0467 3632 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:39:58.0491 3632 Accelerometer - ok
19:39:58.0516 3632 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:39:58.0541 3632 ACPI - ok
19:39:58.0569 3632 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:39:58.0594 3632 AcpiPmi - ok
19:39:58.0690 3632 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:58.0709 3632 AdobeARMservice - ok
19:39:58.0957 3632 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:58.0979 3632 AdobeFlashPlayerUpdateSvc - ok
19:39:59.0039 3632 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:39:59.0070 3632 adp94xx - ok
19:39:59.0095 3632 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:39:59.0121 3632 adpahci - ok
19:39:59.0144 3632 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:39:59.0167 3632 adpu320 - ok
19:39:59.0202 3632 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:59.0248 3632 AeLookupSvc - ok
19:39:59.0340 3632 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
19:39:59.0363 3632 AESTFilters - ok
19:39:59.0433 3632 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:59.0463 3632 AFD - ok
19:39:59.0539 3632 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:59.0558 3632 agp440 - ok
19:39:59.0595 3632 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:39:59.0619 3632 ALG - ok
19:39:59.0660 3632 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:59.0679 3632 aliide - ok
19:39:59.0716 3632 [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:59.0751 3632 AMD External Events Utility - ok
19:39:59.0773 3632 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:59.0792 3632 amdide - ok
19:39:59.0806 3632 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:39:59.0829 3632 AmdK8 - ok
19:40:00.0108 3632 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:00.0450 3632 amdkmdag - ok
19:40:00.0494 3632 [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:40:00.0520 3632 amdkmdap - ok
19:40:00.0533 3632 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:40:00.0555 3632 AmdPPM - ok
19:40:00.0593 3632 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:40:00.0614 3632 amdsata - ok
19:40:00.0644 3632 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:40:00.0666 3632 amdsbs - ok
19:40:00.0690 3632 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:40:00.0709 3632 amdxata - ok
19:40:00.0752 3632 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:40:00.0797 3632 AppID - ok
19:40:00.0829 3632 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:40:00.0876 3632 AppIDSvc - ok
19:40:00.0908 3632 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:40:00.0944 3632 Appinfo - ok
19:40:01.0025 3632 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:01.0044 3632 Apple Mobile Device - ok
19:40:01.0092 3632 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:40:01.0113 3632 arc - ok
19:40:01.0132 3632 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:40:01.0153 3632 arcsas - ok
19:40:01.0261 3632 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:40:01.0280 3632 aspnet_state - ok
19:40:01.0318 3632 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:40:01.0336 3632 aswFsBlk - ok
19:40:01.0376 3632 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:40:01.0394 3632 aswMonFlt - ok
19:40:01.0401 3632 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:40:01.0422 3632 aswRdr - ok
19:40:01.0537 3632 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:40:01.0554 3632 aswRvrt - ok
19:40:01.0613 3632 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:40:01.0674 3632 aswSnx - ok
19:40:01.0725 3632 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:40:01.0751 3632 aswSP - ok
19:40:01.0784 3632 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:40:01.0801 3632 aswTdi - ok
19:40:01.0834 3632 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:40:01.0853 3632 aswVmm - ok
19:40:01.0889 3632 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:01.0957 3632 AsyncMac - ok
19:40:01.0994 3632 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:40:02.0014 3632 atapi - ok
19:40:02.0061 3632 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:40:02.0081 3632 AtiHDAudioService - ok
19:40:02.0345 3632 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:02.0520 3632 atikmdag - ok
19:40:02.0580 3632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:02.0653 3632 AudioEndpointBuilder - ok
19:40:02.0711 3632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:40:02.0763 3632 AudioSrv - ok
19:40:02.0833 3632 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:40:02.0849 3632 avast! Antivirus - ok
19:40:02.0892 3632 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:40:02.0925 3632 AxInstSV - ok
19:40:02.0959 3632 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:40:03.0005 3632 b06bdrv - ok
19:40:03.0042 3632 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:03.0070 3632 b57nd60a - ok
19:40:03.0110 3632 [ 0B2A432AD87C2F8D244A1C9C6945B85F ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:40:03.0126 3632 BCM42RLY - ok
19:40:03.0247 3632 [ 94387EFC7254F2E74C6C6E6019ACA53A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:40:03.0414 3632 BCM43XX - ok
19:40:03.0456 3632 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:40:03.0493 3632 BDESVC - ok
19:40:03.0528 3632 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:40:03.0577 3632 Beep - ok
19:40:03.0615 3632 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:40:03.0679 3632 BFE - ok
19:40:03.0723 3632 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:40:03.0806 3632 BITS - ok
19:40:03.0850 3632 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:03.0873 3632 blbdrive - ok
19:40:03.0920 3632 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:40:03.0944 3632 Bonjour Service - ok
19:40:03.0984 3632 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:40:04.0014 3632 bowser - ok
19:40:04.0046 3632 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:40:04.0070 3632 BrFiltLo - ok
19:40:04.0080 3632 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:40:04.0103 3632 BrFiltUp - ok
19:40:04.0166 3632 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:40:04.0213 3632 BridgeMP - ok
19:40:04.0258 3632 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:40:04.0291 3632 Browser - ok
19:40:04.0316 3632 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:40:04.0350 3632 Brserid - ok
19:40:04.0374 3632 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:04.0398 3632 BrSerWdm - ok
19:40:04.0425 3632 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:04.0449 3632 BrUsbMdm - ok
19:40:04.0469 3632 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:04.0490 3632 BrUsbSer - ok
19:40:04.0520 3632 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:40:04.0544 3632 BTHMODEM - ok
19:40:04.0613 3632 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:40:04.0659 3632 bthserv - ok
19:40:04.0697 3632 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:40:04.0745 3632 cdfs - ok
19:40:04.0781 3632 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:40:04.0804 3632 cdrom - ok
19:40:04.0837 3632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:40:04.0883 3632 CertPropSvc - ok
19:40:04.0900 3632 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:40:04.0923 3632 circlass - ok
19:40:04.0950 3632 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:40:04.0976 3632 CLFS - ok
19:40:05.0020 3632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:05.0038 3632 clr_optimization_v2.0.50727_32 - ok
19:40:05.0098 3632 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:05.0118 3632 clr_optimization_v2.0.50727_64 - ok
19:40:05.0193 3632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:05.0212 3632 clr_optimization_v4.0.30319_32 - ok
19:40:05.0228 3632 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:05.0247 3632 clr_optimization_v4.0.30319_64 - ok
19:40:05.0270 3632 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:05.0291 3632 CmBatt - ok
19:40:05.0339 3632 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:40:05.0367 3632 cmdide - ok
19:40:05.0407 3632 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:40:05.0444 3632 CNG - ok
19:40:05.0476 3632 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:40:05.0494 3632 Compbatt - ok
19:40:05.0512 3632 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:40:05.0537 3632 CompositeBus - ok
19:40:05.0554 3632 COMSysApp - ok
19:40:05.0572 3632 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:40:05.0591 3632 crcdisk - ok
19:40:05.0621 3632 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:40:05.0651 3632 CryptSvc - ok
19:40:05.0686 3632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:40:05.0741 3632 DcomLaunch - ok
19:40:05.0776 3632 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:40:05.0827 3632 defragsvc - ok
19:40:05.0851 3632 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:40:05.0899 3632 DfsC - ok
19:40:05.0929 3632 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:40:05.0966 3632 Dhcp - ok
19:40:05.0976 3632 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:40:06.0021 3632 discache - ok
19:40:06.0065 3632 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:40:06.0085 3632 Disk - ok
19:40:06.0113 3632 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:40:06.0147 3632 Dnscache - ok
19:40:06.0190 3632 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:40:06.0238 3632 dot3svc - ok
19:40:06.0252 3632 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:40:06.0299 3632 DPS - ok
19:40:06.0330 3632 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:40:06.0353 3632 drmkaud - ok
19:40:06.0393 3632 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:40:06.0442 3632 DXGKrnl - ok
19:40:06.0458 3632 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:40:06.0505 3632 EapHost - ok
19:40:06.0597 3632 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:40:06.0701 3632 ebdrv - ok
19:40:06.0735 3632 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:40:06.0759 3632 EFS - ok
19:40:06.0830 3632 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:40:06.0866 3632 ehRecvr - ok
19:40:06.0878 3632 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:40:06.0900 3632 ehSched - ok
19:40:06.0967 3632 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:40:07.0036 3632 elxstor - ok
19:40:07.0093 3632 [ DE9402E080E9E3C94A9FD3FCF65DE369 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
19:40:07.0141 3632 enecir - ok
19:40:07.0153 3632 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:40:07.0176 3632 ErrDev - ok
19:40:07.0228 3632 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:40:07.0281 3632 EventSystem - ok
19:40:07.0322 3632 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:40:07.0372 3632 exfat - ok
19:40:07.0422 3632 [ 559E94538233CDBC29E963C902BC5473 ] EyeTV_One C:\Windows\system32\DRIVERS\EyeTV_One.sys
19:40:07.0454 3632 EyeTV_One - ok
19:40:07.0469 3632 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:40:07.0519 3632 fastfat - ok
19:40:07.0555 3632 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:40:07.0612 3632 Fax - ok
19:40:07.0640 3632 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:40:07.0662 3632 fdc - ok
19:40:07.0675 3632 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:40:07.0721 3632 fdPHost - ok
19:40:07.0733 3632 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:40:07.0783 3632 FDResPub - ok
19:40:07.0801 3632 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:40:07.0820 3632 FileInfo - ok
19:40:07.0830 3632 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:40:07.0876 3632 Filetrace - ok
19:40:07.0894 3632 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:40:07.0916 3632 flpydisk - ok
19:40:07.0945 3632 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:40:07.0969 3632 FltMgr - ok
19:40:08.0025 3632 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:40:08.0087 3632 FontCache - ok
19:40:08.0140 3632 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:08.0156 3632 FontCache3.0.0.0 - ok
19:40:08.0182 3632 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:40:08.0202 3632 FsDepends - ok
19:40:08.0225 3632 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:40:08.0244 3632 Fs_Rec - ok
19:40:08.0289 3632 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:40:08.0317 3632 fvevol - ok
19:40:08.0352 3632 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:40:08.0373 3632 gagp30kx - ok
19:40:08.0408 3632 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:40:08.0425 3632 GEARAspiWDM - ok
19:40:08.0465 3632 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:40:08.0533 3632 gpsvc - ok
19:40:08.0598 3632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:08.0621 3632 gupdate - ok
19:40:08.0633 3632 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:08.0649 3632 gupdatem - ok
19:40:08.0702 3632 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:40:08.0738 3632 hcw85cir - ok
19:40:08.0837 3632 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:08.0880 3632 HdAudAddService - ok
19:40:08.0902 3632 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:08.0927 3632 HDAudBus - ok
19:40:08.0951 3632 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:40:08.0973 3632 HidBatt - ok
19:40:08.0988 3632 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:40:09.0012 3632 HidBth - ok
19:40:09.0031 3632 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:40:09.0056 3632 HidIr - ok
19:40:09.0078 3632 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:40:09.0124 3632 hidserv - ok
19:40:09.0153 3632 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:40:09.0177 3632 HidUsb - ok
19:40:09.0245 3632 [ 1712747C844CC12EED8BC92FB0E56E4C ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:40:09.0262 3632 HitmanProScheduler - ok
19:40:09.0295 3632 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:40:09.0341 3632 hkmsvc - ok
19:40:09.0360 3632 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:09.0399 3632 HomeGroupListener - ok
19:40:09.0420 3632 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:09.0445 3632 HomeGroupProvider - ok
19:40:09.0467 3632 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:40:09.0484 3632 hpdskflt - ok
19:40:09.0506 3632 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:40:09.0527 3632 HpSAMD - ok
19:40:09.0548 3632 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
19:40:09.0565 3632 hpsrv - ok
19:40:09.0612 3632 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:40:09.0681 3632 HTTP - ok
19:40:09.0689 3632 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:40:09.0707 3632 hwpolicy - ok
19:40:09.0728 3632 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:40:09.0749 3632 i8042prt - ok
19:40:09.0807 3632 [ 88D26E2881646FAD2B2114CF8C75FC3C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:40:09.0835 3632 iaStor - ok
19:40:09.0867 3632 [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
19:40:09.0894 3632 iaStorA - ok
19:40:09.0930 3632 [ 777788D9B63CCEEEF2DB353BA4EDD454 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:40:09.0946 3632 IAStorDataMgrSvc - ok
19:40:09.0959 3632 [ 711241EA1BA9DB44F34D03D2AD00ED08 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
19:40:09.0975 3632 iaStorF - ok
19:40:10.0003 3632 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:40:10.0031 3632 iaStorV - ok
19:40:10.0092 3632 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:10.0142 3632 idsvc - ok
19:40:10.0174 3632 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:40:10.0193 3632 iirsp - ok
19:40:10.0238 3632 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:40:10.0309 3632 IKEEXT - ok
19:40:10.0336 3632 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:40:10.0354 3632 intelide - ok
19:40:10.0381 3632 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:40:10.0402 3632 intelppm - ok
19:40:10.0423 3632 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:40:10.0470 3632 IPBusEnum - ok
19:40:10.0485 3632 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:10.0529 3632 IpFilterDriver - ok
19:40:10.0570 3632 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:40:10.0601 3632 iphlpsvc - ok
19:40:10.0617 3632 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:40:10.0639 3632 IPMIDRV - ok
19:40:10.0677 3632 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:40:10.0723 3632 IPNAT - ok
19:40:10.0768 3632 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:40:10.0796 3632 iPod Service - ok
19:40:10.0821 3632 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:40:10.0847 3632 IRENUM - ok
19:40:10.0864 3632 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:40:10.0883 3632 isapnp - ok
19:40:10.0900 3632 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:40:10.0925 3632 iScsiPrt - ok
19:40:10.0984 3632 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:40:11.0019 3632 JMCR - ok
19:40:11.0053 3632 [ 1542F0B31DD7193EF8C0606C018E19AF ] johci C:\Windows\system32\DRIVERS\johci.sys
19:40:11.0069 3632 johci - ok
19:40:11.0100 3632 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:11.0123 3632 kbdclass - ok
19:40:11.0170 3632 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:11.0190 3632 kbdhid - ok
19:40:11.0204 3632 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:40:11.0225 3632 KeyIso - ok
19:40:11.0256 3632 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:40:11.0277 3632 KSecDD - ok
19:40:11.0303 3632 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:40:11.0324 3632 KSecPkg - ok
19:40:11.0352 3632 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:40:11.0399 3632 ksthunk - ok
19:40:11.0429 3632 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:40:11.0481 3632 KtmRm - ok
19:40:11.0516 3632 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:40:11.0567 3632 LanmanServer - ok
19:40:11.0593 3632 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:11.0643 3632 LanmanWorkstation - ok
19:40:11.0678 3632 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:40:11.0724 3632 lltdio - ok
19:40:11.0746 3632 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:40:11.0798 3632 lltdsvc - ok
19:40:11.0818 3632 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:40:11.0867 3632 lmhosts - ok
19:40:11.0889 3632 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:40:11.0910 3632 LSI_FC - ok
19:40:11.0955 3632 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:40:11.0975 3632 LSI_SAS - ok
19:40:11.0988 3632 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:40:12.0008 3632 LSI_SAS2 - ok
19:40:12.0029 3632 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:40:12.0049 3632 LSI_SCSI - ok
19:40:12.0071 3632 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:40:12.0119 3632 luafv - ok
19:40:12.0156 3632 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:40:12.0184 3632 Mcx2Svc - ok
19:40:12.0208 3632 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:40:12.0227 3632 megasas - ok
19:40:12.0263 3632 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:40:12.0288 3632 MegaSR - ok
19:40:12.0341 3632 Microsoft SharePoint Workspace Audit Service - ok
19:40:12.0368 3632 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:40:12.0417 3632 MMCSS - ok
19:40:12.0433 3632 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:40:12.0479 3632 Modem - ok
19:40:12.0524 3632 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:40:12.0547 3632 monitor - ok
19:40:12.0557 3632 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:40:12.0577 3632 mouclass - ok
19:40:12.0606 3632 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:40:12.0629 3632 mouhid - ok
19:40:12.0644 3632 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:40:12.0667 3632 mountmgr - ok
19:40:12.0689 3632 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:40:12.0710 3632 mpio - ok
19:40:12.0729 3632 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:40:12.0775 3632 mpsdrv - ok
19:40:12.0819 3632 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:40:12.0891 3632 MpsSvc - ok
19:40:12.0915 3632 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:40:12.0943 3632 MRxDAV - ok
19:40:12.0975 3632 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:13.0002 3632 mrxsmb - ok
19:40:13.0021 3632 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:13.0046 3632 mrxsmb10 - ok
19:40:13.0064 3632 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:13.0085 3632 mrxsmb20 - ok
19:40:13.0112 3632 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:40:13.0131 3632 msahci - ok
19:40:13.0148 3632 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:40:13.0171 3632 msdsm - ok
19:40:13.0186 3632 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:40:13.0222 3632 MSDTC - ok
19:40:13.0254 3632 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:13.0299 3632 Msfs - ok
19:40:13.0322 3632 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:40:13.0370 3632 mshidkmdf - ok
19:40:13.0386 3632 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:40:13.0404 3632 msisadrv - ok
19:40:13.0435 3632 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:13.0483 3632 MSiSCSI - ok
19:40:13.0489 3632 msiserver - ok
19:40:13.0522 3632 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:13.0567 3632 MSKSSRV - ok
19:40:13.0580 3632 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:13.0625 3632 MSPCLOCK - ok
19:40:13.0644 3632 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:13.0690 3632 MSPQM - ok
19:40:13.0717 3632 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:13.0744 3632 MsRPC - ok
19:40:13.0777 3632 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:13.0812 3632 mssmbios - ok
19:40:13.0851 3632 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:13.0897 3632 MSTEE - ok
19:40:13.0916 3632 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:40:13.0937 3632 MTConfig - ok
19:40:13.0964 3632 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:14.0047 3632 Mup - ok
19:40:14.0079 3632 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:40:14.0134 3632 napagent - ok
19:40:14.0192 3632 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:14.0229 3632 NativeWifiP - ok
19:40:14.0283 3632 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:14.0333 3632 NDIS - ok
19:40:14.0361 3632 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:14.0411 3632 NdisCap - ok
19:40:14.0434 3632 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:14.0479 3632 NdisTapi - ok
19:40:14.0497 3632 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:14.0544 3632 Ndisuio - ok
19:40:14.0566 3632 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:14.0622 3632 NdisWan - ok
19:40:14.0652 3632 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:14.0704 3632 NDProxy - ok
19:40:14.0736 3632 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:14.0784 3632 NetBIOS - ok
19:40:14.0801 3632 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:40:14.0853 3632 NetBT - ok
19:40:14.0870 3632 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:40:14.0894 3632 Netlogon - ok
19:40:14.0930 3632 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:40:14.0986 3632 Netman - ok
19:40:15.0025 3632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:15.0045 3632 NetMsmqActivator - ok
19:40:15.0050 3632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:15.0069 3632 NetPipeActivator - ok
19:40:15.0094 3632 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:40:15.0150 3632 netprofm - ok
19:40:15.0155 3632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:15.0176 3632 NetTcpActivator - ok
19:40:15.0181 3632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:15.0199 3632 NetTcpPortSharing - ok
19:40:15.0230 3632 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:40:15.0250 3632 nfrd960 - ok
19:40:15.0288 3632 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:15.0318 3632 NlaSvc - ok
19:40:15.0335 3632 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:15.0384 3632 Npfs - ok
19:40:15.0415 3632 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:40:15.0466 3632 nsi - ok
19:40:15.0479 3632 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:15.0525 3632 nsiproxy - ok
19:40:15.0592 3632 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:15.0667 3632 Ntfs - ok
19:40:15.0685 3632 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:40:15.0735 3632 Null - ok
19:40:15.0774 3632 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

**steven92** · 18-06-13, 18:44

19:40:15.0850 3632 nvraid - ok
19:40:15.0887 3632 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:15.0919 3632 nvstor - ok
19:40:15.0960 3632 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:40:15.0991 3632 nv_agp - ok
19:40:16.0012 3632 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:40:16.0034 3632 ohci1394 - ok
19:40:16.0106 3632 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:16.0132 3632 ose64 - ok
19:40:16.0255 3632 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:16.0430 3632 osppsvc - ok
19:40:16.0478 3632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:40:16.0510 3632 p2pimsvc - ok
19:40:16.0533 3632 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:16.0563 3632 p2psvc - ok
19:40:16.0591 3632 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:40:16.0618 3632 Parport - ok
19:40:16.0649 3632 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:16.0670 3632 partmgr - ok
19:40:16.0703 3632 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:16.0735 3632 PcaSvc - ok
19:40:16.0754 3632 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:40:16.0777 3632 pci - ok
19:40:16.0799 3632 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:40:16.0820 3632 pciide - ok
19:40:16.0840 3632 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:40:16.0864 3632 pcmcia - ok
19:40:16.0889 3632 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:40:16.0915 3632 pcw - ok
19:40:16.0971 3632 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:17.0060 3632 PEAUTH - ok
19:40:17.0140 3632 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:40:17.0169 3632 PerfHost - ok
19:40:17.0271 3632 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:40:17.0380 3632 pla - ok
19:40:17.0432 3632 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:17.0480 3632 PlugPlay - ok
19:40:17.0516 3632 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:40:17.0542 3632 PNRPAutoReg - ok
19:40:17.0579 3632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:40:17.0605 3632 PNRPsvc - ok
19:40:17.0647 3632 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:17.0706 3632 PolicyAgent - ok
19:40:17.0736 3632 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:40:17.0787 3632 Power - ok
19:40:17.0816 3632 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:17.0861 3632 PptpMiniport - ok
19:40:17.0877 3632 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:40:17.0899 3632 Processor - ok
19:40:17.0933 3632 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:17.0971 3632 ProfSvc - ok
19:40:17.0983 3632 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:18.0009 3632 ProtectedStorage - ok
19:40:18.0040 3632 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:40:18.0086 3632 Psched - ok
19:40:18.0138 3632 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:40:18.0204 3632 ql2300 - ok
19:40:18.0237 3632 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:40:18.0262 3632 ql40xx - ok
19:40:18.0291 3632 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:40:18.0331 3632 QWAVE - ok
19:40:18.0358 3632 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:18.0388 3632 QWAVEdrv - ok
19:40:18.0404 3632 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:18.0451 3632 RasAcd - ok
19:40:18.0486 3632 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:18.0534 3632 RasAgileVpn - ok
19:40:18.0548 3632 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:18.0599 3632 RasAuto - ok
19:40:18.0615 3632 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:18.0666 3632 Rasl2tp - ok
19:40:18.0684 3632 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:40:18.0738 3632 RasMan - ok
19:40:18.0787 3632 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:18.0850 3632 RasPppoe - ok
19:40:18.0873 3632 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:18.0942 3632 RasSstp - ok
19:40:18.0988 3632 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:19.0041 3632 rdbss - ok
19:40:19.0055 3632 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:40:19.0082 3632 rdpbus - ok
19:40:19.0100 3632 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:19.0146 3632 RDPCDD - ok
19:40:19.0177 3632 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:19.0238 3632 RDPENCDD - ok
19:40:19.0273 3632 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:40:19.0343 3632 RDPREFMP - ok
19:40:19.0406 3632 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:40:19.0450 3632 RdpVideoMiniport - ok
19:40:19.0479 3632 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:19.0517 3632 RDPWD - ok
19:40:19.0552 3632 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:40:19.0577 3632 rdyboost - ok
19:40:19.0605 3632 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:19.0662 3632 RemoteAccess - ok
19:40:19.0689 3632 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:19.0740 3632 RemoteRegistry - ok
19:40:19.0771 3632 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:40:19.0822 3632 RpcEptMapper - ok
19:40:19.0854 3632 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:40:19.0885 3632 RpcLocator - ok
19:40:19.0917 3632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:40:19.0970 3632 RpcSs - ok
19:40:20.0000 3632 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:20.0049 3632 rspndr - ok
19:40:20.0083 3632 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:40:20.0105 3632 RTHDMIAzAudService - ok
19:40:20.0153 3632 [ 61A04C0C084D560BBEF1D09604608262 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:40:20.0202 3632 RTL8167 - ok
19:40:20.0217 3632 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:40:20.0241 3632 SamSs - ok
19:40:20.0264 3632 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:40:20.0285 3632 sbp2port - ok
19:40:20.0317 3632 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:20.0378 3632 SCardSvr - ok
19:40:20.0405 3632 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:40:20.0449 3632 scfilter - ok
19:40:20.0482 3632 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:40:20.0564 3632 Schedule - ok
19:40:20.0598 3632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:20.0642 3632 SCPolicySvc - ok
19:40:20.0669 3632 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:40:20.0696 3632 sdbus - ok
19:40:20.0720 3632 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:20.0746 3632 SDRSVC - ok
19:40:20.0775 3632 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:20.0822 3632 secdrv - ok
19:40:20.0851 3632 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:40:20.0936 3632 seclogon - ok
19:40:20.0974 3632 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:40:21.0044 3632 SENS - ok
19:40:21.0058 3632 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:40:21.0083 3632 SensrSvc - ok
19:40:21.0108 3632 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:40:21.0131 3632 Serenum - ok
19:40:21.0165 3632 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:40:21.0192 3632 Serial - ok
19:40:21.0230 3632 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:40:21.0259 3632 sermouse - ok
19:40:21.0297 3632 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:21.0351 3632 SessionEnv - ok
19:40:21.0379 3632 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:40:21.0415 3632 sffdisk - ok
19:40:21.0436 3632 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:40:21.0464 3632 sffp_mmc - ok
19:40:21.0476 3632 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:40:21.0505 3632 sffp_sd - ok
19:40:21.0532 3632 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:40:21.0559 3632 sfloppy - ok
19:40:21.0627 3632 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:40:21.0694 3632 SharedAccess - ok
19:40:21.0745 3632 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:21.0802 3632 ShellHWDetection - ok
19:40:21.0838 3632 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:40:21.0861 3632 SiSRaid2 - ok
19:40:21.0893 3632 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:40:21.0918 3632 SiSRaid4 - ok
19:40:21.0997 3632 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:40:22.0017 3632 SkypeUpdate - ok
19:40:22.0052 3632 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:22.0105 3632 Smb - ok
19:40:22.0143 3632 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:22.0172 3632 SNMPTRAP - ok
19:40:22.0204 3632 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:22.0225 3632 spldr - ok
19:40:22.0267 3632 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:22.0325 3632 Spooler - ok
19:40:22.0423 3632 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:40:22.0584 3632 sppsvc - ok
19:40:22.0612 3632 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:40:22.0667 3632 sppuinotify - ok
19:40:22.0708 3632 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:40:22.0752 3632 srv - ok
19:40:22.0773 3632 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:40:22.0801 3632 srv2 - ok
19:40:22.0819 3632 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:40:22.0842 3632 srvnet - ok
19:40:22.0874 3632 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:40:22.0925 3632 SSDPSRV - ok
19:40:22.0938 3632 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:40:22.0987 3632 SstpSvc - ok
19:40:23.0070 3632 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.e xe
19:40:23.0094 3632 STacSV - ok
19:40:23.0125 3632 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:40:23.0144 3632 stexstor - ok
19:40:23.0196 3632 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:40:23.0226 3632 STHDA - ok
19:40:23.0257 3632 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:40:23.0306 3632 stisvc - ok
19:40:23.0322 3632 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:40:23.0342 3632 swenum - ok
19:40:23.0386 3632 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:40:23.0447 3632 swprv - ok
19:40:23.0518 3632 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:40:23.0544 3632 SynTP - ok
19:40:23.0596 3632 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:40:23.0678 3632 SysMain - ok
19:40:23.0697 3632 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:23.0727 3632 TabletInputService - ok
19:40:23.0749 3632 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:40:23.0824 3632 TapiSrv - ok
19:40:23.0845 3632 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:40:23.0910 3632 TBS - ok
19:40:23.0971 3632 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:40:24.0052 3632 Tcpip - ok
19:40:24.0114 3632 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:40:24.0161 3632 TCPIP6 - ok
19:40:24.0188 3632 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:40:24.0209 3632 tcpipreg - ok
19:40:24.0239 3632 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:40:24.0260 3632 TDPIPE - ok
19:40:24.0285 3632 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:40:24.0307 3632 TDTCP - ok
19:40:24.0333 3632 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:40:24.0380 3632 tdx - ok
19:40:24.0519 3632 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:40:24.0644 3632 TeamViewer8 - ok
19:40:24.0678 3632 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:40:24.0699 3632 TermDD - ok
19:40:24.0730 3632 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:40:24.0798 3632 TermService - ok
19:40:24.0814 3632 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:40:24.0844 3632 Themes - ok
19:40:24.0870 3632 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:40:24.0919 3632 THREADORDER - ok
19:40:24.0936 3632 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:40:24.0987 3632 TrkWks - ok
19:40:25.0045 3632 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:25.0091 3632 TrustedInstaller - ok
19:40:25.0113 3632 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:25.0159 3632 tssecsrv - ok
19:40:25.0191 3632 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:40:25.0214 3632 TsUsbFlt - ok
19:40:25.0230 3632 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:40:25.0253 3632 TsUsbGD - ok
19:40:25.0290 3632 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:40:25.0339 3632 tunnel - ok
19:40:25.0382 3632 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:40:25.0409 3632 uagp35 - ok
19:40:25.0434 3632 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:40:25.0488 3632 udfs - ok
19:40:25.0531 3632 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:40:25.0560 3632 UI0Detect - ok
19:40:25.0584 3632 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:40:25.0607 3632 uliagpkx - ok
19:40:25.0629 3632 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:40:25.0658 3632 umbus - ok
19:40:25.0673 3632 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:40:25.0695 3632 UmPass - ok
19:40:25.0716 3632 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:40:25.0771 3632 upnphost - ok
19:40:25.0812 3632 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:40:25.0834 3632 USBAAPL64 - ok
19:40:25.0855 3632 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:25.0878 3632 usbccgp - ok
19:40:25.0917 3632 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:40:25.0945 3632 usbcir - ok
19:40:25.0987 3632 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:40:26.0010 3632 usbehci - ok
19:40:26.0041 3632 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:40:26.0070 3632 usbhub - ok
19:40:26.0089 3632 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:40:26.0114 3632 usbohci - ok
19:40:26.0134 3632 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:40:26.0174 3632 usbprint - ok
19:40:26.0209 3632 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:26.0241 3632 USBSTOR - ok
19:40:26.0255 3632 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:40:26.0277 3632 usbuhci - ok
19:40:26.0355 3632 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:40:26.0391 3632 usbvideo - ok
19:40:26.0425 3632 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:40:26.0483 3632 UxSms - ok
19:40:26.0501 3632 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:40:26.0528 3632 VaultSvc - ok
19:40:26.0579 3632 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:40:26.0606 3632 vdrvroot - ok
19:40:26.0664 3632 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:40:26.0749 3632 vds - ok
19:40:26.0771 3632 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:26.0798 3632 vga - ok
19:40:26.0811 3632 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:40:26.0863 3632 VgaSave - ok
19:40:26.0892 3632 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:40:26.0923 3632 vhdmp - ok
19:40:26.0935 3632 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:40:26.0963 3632 viaide - ok
19:40:26.0989 3632 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:40:27.0012 3632 volmgr - ok
19:40:27.0033 3632 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:27.0065 3632 volmgrx - ok
19:40:27.0089 3632 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:40:27.0120 3632 volsnap - ok
19:40:27.0159 3632 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:40:27.0184 3632 vsmraid - ok
19:40:27.0249 3632 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:40:27.0357 3632 VSS - ok
19:40:27.0379 3632 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:40:27.0404 3632 vwifibus - ok
19:40:27.0422 3632 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:40:27.0449 3632 vwififlt - ok
19:40:27.0491 3632 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:40:27.0517 3632 vwifimp - ok
19:40:27.0549 3632 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:40:27.0604 3632 W32Time - ok
19:40:27.0632 3632 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:40:27.0659 3632 WacomPen - ok
19:40:27.0696 3632 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:40:27.0744 3632 WANARP - ok
19:40:27.0750 3632 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:40:27.0797 3632 Wanarpv6 - ok
19:40:27.0861 3632 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:40:27.0929 3632 WatAdminSvc - ok
19:40:27.0990 3632 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:40:28.0063 3632 wbengine - ok
19:40:28.0080 3632 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:40:28.0116 3632 WbioSrvc - ok
19:40:28.0144 3632 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:40:28.0192 3632 wcncsvc - ok
19:40:28.0207 3632 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:28.0231 3632 WcsPlugInService - ok
19:40:28.0259 3632 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:40:28.0278 3632 Wd - ok
19:40:28.0322 3632 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:40:28.0373 3632 Wdf01000 - ok
19:40:28.0396 3632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:40:28.0427 3632 WdiServiceHost - ok
19:40:28.0432 3632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:40:28.0463 3632 WdiSystemHost - ok
19:40:28.0485 3632 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:40:28.0520 3632 WebClient - ok
19:40:28.0540 3632 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:40:28.0596 3632 Wecsvc - ok
19:40:28.0612 3632 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:40:28.0666 3632 wercplsupport - ok
19:40:28.0704 3632 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:40:28.0765 3632 WerSvc - ok
19:40:28.0826 3632 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:40:28.0899 3632 WfpLwf - ok
19:40:28.0926 3632 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:40:28.0946 3632 WIMMount - ok
19:40:28.0965 3632 WinDefend - ok
19:40:28.0980 3632 WinHttpAutoProxySvc - ok
19:40:29.0042 3632 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:40:29.0092 3632 Winmgmt - ok
19:40:29.0157 3632 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:40:29.0268 3632 WinRM - ok
19:40:29.0307 3632 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:40:29.0331 3632 WinUsb - ok
19:40:29.0380 3632 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:40:29.0443 3632 Wlansvc - ok
19:40:29.0615 3632 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:40:29.0712 3632 wlidsvc - ok
19:40:29.0744 3632 [ 2107201D4B0D471B20FA62C8BBE3143F ] wltrysvc C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
19:40:29.0751 3632 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
19:40:29.0751 3632 wltrysvc - detected UnsignedFile.Multi.Generic (1)
19:40:29.0764 3632 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:40:29.0786 3632 WmiAcpi - ok
19:40:29.0821 3632 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:40:29.0848 3632 wmiApSrv - ok
19:40:29.0873 3632 WMPNetworkSvc - ok
19:40:29.0893 3632 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:40:29.0928 3632 WPCSvc - ok
19:40:29.0944 3632 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:40:29.0972 3632 WPDBusEnum - ok
19:40:29.0998 3632 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:40:30.0045 3632 ws2ifsl - ok
19:40:30.0068 3632 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:40:30.0107 3632 wscsvc - ok
19:40:30.0145 3632 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:40:30.0172 3632 WSDPrintDevice - ok
19:40:30.0195 3632 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:40:30.0218 3632 WSDScan - ok
19:40:30.0224 3632 WSearch - ok
19:40:30.0306 3632 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:40:30.0415 3632 wuauserv - ok
19:40:30.0448 3632 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:40:30.0470 3632 WudfPf - ok
19:40:30.0511 3632 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:30.0536 3632 WUDFRd - ok
19:40:30.0559 3632 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:40:30.0585 3632 wudfsvc - ok
19:40:30.0613 3632 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:40:30.0643 3632 WwanSvc - ok
19:40:30.0659 3632 ================ Scan global ===============================
19:40:30.0689 3632 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:40:30.0715 3632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:40:30.0729 3632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:40:30.0751 3632 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:40:30.0790 3632 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:40:30.0799 3632 [Global] - ok
19:40:30.0800 3632 ================ Scan MBR ==================================
19:40:30.0811 3632 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:31.0010 3632 \Device\Harddisk0\DR0 - ok
19:40:31.0010 3632 ================ Scan VBR ==================================
19:40:31.0015 3632 [ DEA4431899819FB4C2B622F1CA5F9142 ] \Device\Harddisk0\DR0\Partition1
19:40:31.0017 3632 \Device\Harddisk0\DR0\Partition1 - ok
19:40:31.0018 3632 ============================================================
19:40:31.0018 3632 Scan finished
19:40:31.0018 3632 ============================================================
19:40:31.0036 1116 Detected object count: 1
19:40:31.0036 1116 Actual detected object count: 1
19:43:24.0567 1116 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:24.0567 1116 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

**Marckie** · 18-06-13, 19:01

Dat logje ziet er goed uit.
Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

**steven92** · 18-06-13, 19:40

ComboFix 13-06-18.02 - Steven van den Berg 18-06-2013 20:09:31.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2465 [GMT 2:00]
Gestart vanuit: c:\users\Steven van den Berg\Desktop\pc opschonen\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-18 to 2013-06-18 ))))))))))))))))))))))))))))))
.
.
2013-06-18 18:20 . 2013-06-18 18:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-18 18:20 . 2013-06-18 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 12:53 . 2013-06-18 12:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-18 12:42 . 2013-06-18 12:42 -------- d-----w- c:\program files\HitmanPro
2013-06-18 12:42 . 2013-06-18 12:54 -------- d-----w- c:\programdata\HitmanPro
2013-06-18 09:43 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{679233CB-551A-4EE6-8503-5D15ED647453}\mpengine.dll
2013-06-12 21:10 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files\iPod
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files\iTunes
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files (x86)\iTunes
2013-06-12 08:47 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 08:47 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 08:47 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 08:47 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 08:47 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 08:47 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 08:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 08:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 08:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 08:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 08:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 08:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 08:46 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 08:46 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-06 05:54 . 2013-06-06 05:54 -------- d-----w- c:\program files\Common Files\EPSON
2013-06-06 05:54 . 2013-06-06 05:54 -------- d-----w- c:\programdata\EPSON
2013-06-06 05:54 . 2007-04-09 14:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-06-06 05:54 . 2009-09-30 16:01 88064 ----a-w- c:\windows\system32\E_IBCBHAE.DLL
2013-06-06 05:54 . 2008-11-11 16:00 118784 ----a-w- c:\windows\system32\E_ILMHAE.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 21:11 . 2013-02-15 00:31 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 08:55 . 2013-02-19 00:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:55 . 2013-02-19 00:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-02 20:03 . 2013-02-21 18:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-06-02 20:03 . 2013-02-21 18:37 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-12 22:27 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-08 01:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-08 01:14 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-20 23:19 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-20 23:19 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-20 23:19 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-20 23:18 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-20 23:19 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-20 23:18 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-20 23:17 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-20 23:18 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 22:42 . 2013-04-28 22:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-28 22:42 . 2013-02-21 16:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-28 22:42 . 2013-02-21 16:53 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-13 05:49 . 2013-05-15 21:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 21:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 21:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 21:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 21:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-26 19:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 21:37 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 21:37 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 21:36 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-02-20 21:49 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-24 18:53 . 2013-03-24 18:53 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-24 18:53 . 2013-03-24 18:53 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-24 18:53 . 2013-03-24 18:53 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-24 18:53 . 2013-03-24 18:53 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-24 18:53 . 2013-03-24 18:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-24 18:53 . 2013-03-24 18:53 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-24 18:53 . 2013-03-24 18:53 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-24 18:53 . 2013-03-24 18:53 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-24 18:53 . 2013-03-24 18:53 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-24 18:53 . 2013-03-24 18:53 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-24 18:53 . 2013-03-24 18:53 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-24 18:53 . 2013-03-24 18:53 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-24 18:53 . 2013-03-24 18:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-24 18:53 . 2013-03-24 18:53 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-24 18:53 . 2013-03-24 18:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-24 18:53 . 2013-03-24 18:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-24 18:53 . 2013-03-24 18:53 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-24 18:53 . 2013-03-24 18:53 441856 ----a-w- c:\windows\system32\html.iec
2013-03-24 18:53 . 2013-03-24 18:53 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-24 18:53 . 2013-03-24 18:53 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-24 18:53 . 2013-03-24 18:53 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-24 18:53 . 2013-03-24 18:53 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-24 18:53 . 2013-03-24 18:53 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-24 18:53 . 2013-03-24 18:53 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-24 18:53 . 2013-03-24 18:53 235008 ----a-w- c:\windows\system32\url.dll
2013-03-24 18:53 . 2013-03-24 18:53 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-24 18:53 . 2013-03-24 18:53 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-24 18:53 . 2013-03-24 18:53 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-24 18:53 . 2013-03-24 18:53 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-24 18:53 . 2013-03-24 18:53 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-24 18:53 . 2013-03-24 18:53 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-24 18:53 . 2013-03-24 18:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-24 18:53 . 2013-03-24 18:53 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-24 18:53 . 2013-03-24 18:53 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-24 18:53 . 2013-03-24 18:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-24 18:53 . 2013-03-24 18:53 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-24 18:53 . 2013-03-24 18:53 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-24 18:53 . 2013-03-24 18:53 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-24 18:53 . 2013-03-24 18:53 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-24 18:53 . 2013-03-24 18:53 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-24 18:53 . 2013-03-24 18:53 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-24 18:53 . 2013-03-24 18:53 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-24 18:53 . 2013-03-24 18:53 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-24 18:53 . 2013-03-24 18:53 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-24 18:53 . 2013-03-24 18:53 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-24 18:53 . 2013-03-24 18:53 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-24 18:53 . 2013-03-24 18:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-24 18:53 . 2013-03-24 18:53 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-24 18:53 . 2013-03-24 18:53 102912 ----a-w- c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"Spotify Web Helper"="c:\users\Steven van den Berg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-27 1105408]
"Facebook Update"="c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
R3 EyeTV_One;EyeTV One PBDA Service;c:\windows\system32\DRIVERS\EyeTV_One.sys;c:\windows\SYSNATIVE\DRIVERS\EyeTV_One.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a54106 8\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt .sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 36327235
*Deregistered* - 36327235
*Deregistered* - uxtoqpob
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 11:10 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 08:55]
.
2013-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1925604431-230128278-80262148-1000Core.job
- c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-06 19:00]
.
2013-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1925604431-230128278-80262148-1000UA.job
- c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-06 19:00]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 23:59]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 23:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-18 20:38:25
ComboFix-quarantined-files.txt 2013-06-18 18:38
.
Pre-Run: 118.829.416.448 bytes beschikbaar
Post-Run: 118.527.655.936 bytes beschikbaar
.
- - End Of File - - 5AE85461477D5393AF114EED1BD116F5
A36C5E4F47E84449FF07ED3517B43A31

**Marckie** · 18-06-13, 20:00

Ok, belangrijk is dat je nu de computer herstart, anders heeft de rest geen zin.
Daarna start je combofix opnieuw en post je de log.

**steven92** · 18-06-13, 20:39

ComboFix 13-06-18.02 - Steven van den Berg 18-06-2013 21:07:36.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2442 [GMT 2:00]
Gestart vanuit: c:\users\Steven van den Berg\Desktop\pc opschonen\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-18 to 2013-06-18 ))))))))))))))))))))))))))))))
.
.
2013-06-18 19:20 . 2013-06-18 19:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-18 19:20 . 2013-06-18 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 12:53 . 2013-06-18 12:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-18 12:42 . 2013-06-18 12:42 -------- d-----w- c:\program files\HitmanPro
2013-06-18 12:42 . 2013-06-18 12:54 -------- d-----w- c:\programdata\HitmanPro
2013-06-18 09:43 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{679233CB-551A-4EE6-8503-5D15ED647453}\mpengine.dll
2013-06-12 21:10 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files\iPod
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files\iTunes
2013-06-12 20:52 . 2013-06-12 20:52 -------- d-----w- c:\program files (x86)\iTunes
2013-06-12 08:47 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 08:47 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 08:47 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 08:47 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 08:47 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 08:47 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 08:47 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 08:47 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 08:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 08:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 08:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 08:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 08:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 08:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 08:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 08:46 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 08:46 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-06 05:54 . 2013-06-06 05:54 -------- d-----w- c:\program files\Common Files\EPSON
2013-06-06 05:54 . 2013-06-06 05:54 -------- d-----w- c:\programdata\EPSON
2013-06-06 05:54 . 2007-04-09 14:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-06-06 05:54 . 2009-09-30 16:01 88064 ----a-w- c:\windows\system32\E_IBCBHAE.DLL
2013-06-06 05:54 . 2008-11-11 16:00 118784 ----a-w- c:\windows\system32\E_ILMHAE.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 21:11 . 2013-02-15 00:31 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 08:55 . 2013-02-19 00:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:55 . 2013-02-19 00:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-02 20:03 . 2013-02-21 18:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-06-02 20:03 . 2013-02-21 18:37 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-12 22:27 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-08 01:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-08 01:14 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-20 23:19 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-20 23:19 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-20 23:19 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-20 23:18 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-20 23:19 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-20 23:18 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-20 23:17 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-20 23:18 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 22:42 . 2013-04-28 22:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-28 22:42 . 2013-02-21 16:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-28 22:42 . 2013-02-21 16:53 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-13 05:49 . 2013-05-15 21:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 21:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 21:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 21:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 21:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-26 19:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 21:37 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 21:37 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 21:36 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-02-20 21:49 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-24 18:53 . 2013-03-24 18:53 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-24 18:53 . 2013-03-24 18:53 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-24 18:53 . 2013-03-24 18:53 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-24 18:53 . 2013-03-24 18:53 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-24 18:53 . 2013-03-24 18:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-24 18:53 . 2013-03-24 18:53 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-24 18:53 . 2013-03-24 18:53 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-24 18:53 . 2013-03-24 18:53 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-24 18:53 . 2013-03-24 18:53 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-24 18:53 . 2013-03-24 18:53 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-24 18:53 . 2013-03-24 18:53 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-24 18:53 . 2013-03-24 18:53 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-24 18:53 . 2013-03-24 18:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-24 18:53 . 2013-03-24 18:53 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-24 18:53 . 2013-03-24 18:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-24 18:53 . 2013-03-24 18:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-24 18:53 . 2013-03-24 18:53 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-24 18:53 . 2013-03-24 18:53 441856 ----a-w- c:\windows\system32\html.iec
2013-03-24 18:53 . 2013-03-24 18:53 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-24 18:53 . 2013-03-24 18:53 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-24 18:53 . 2013-03-24 18:53 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-24 18:53 . 2013-03-24 18:53 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-24 18:53 . 2013-03-24 18:53 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-24 18:53 . 2013-03-24 18:53 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-24 18:53 . 2013-03-24 18:53 235008 ----a-w- c:\windows\system32\url.dll
2013-03-24 18:53 . 2013-03-24 18:53 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-24 18:53 . 2013-03-24 18:53 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-24 18:53 . 2013-03-24 18:53 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-24 18:53 . 2013-03-24 18:53 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-24 18:53 . 2013-03-24 18:53 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-24 18:53 . 2013-03-24 18:53 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-24 18:53 . 2013-03-24 18:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-24 18:53 . 2013-03-24 18:53 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-24 18:53 . 2013-03-24 18:53 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-24 18:53 . 2013-03-24 18:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-24 18:53 . 2013-03-24 18:53 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-24 18:53 . 2013-03-24 18:53 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-24 18:53 . 2013-03-24 18:53 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-24 18:53 . 2013-03-24 18:53 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-24 18:53 . 2013-03-24 18:53 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-24 18:53 . 2013-03-24 18:53 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-24 18:53 . 2013-03-24 18:53 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-24 18:53 . 2013-03-24 18:53 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-24 18:53 . 2013-03-24 18:53 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-24 18:53 . 2013-03-24 18:53 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-24 18:53 . 2013-03-24 18:53 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-24 18:53 . 2013-03-24 18:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-24 18:53 . 2013-03-24 18:53 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-24 18:53 . 2013-03-24 18:53 102912 ----a-w- c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"Spotify Web Helper"="c:\users\Steven van den Berg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-27 1105408]
"Facebook Update"="c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a54106 8\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt .sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 EyeTV_One;EyeTV One PBDA Service;c:\windows\system32\DRIVERS\EyeTV_One.sys;c:\windows\SYSNATIVE\DRIVERS\EyeTV_One.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 11:10 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 08:55]
.
2013-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1925604431-230128278-80262148-1000Core.job
- c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-06 19:00]
.
2013-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1925604431-230128278-80262148-1000UA.job
- c:\users\Steven van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-06 19:00]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 23:59]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 23:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-18 21:38:42
ComboFix-quarantined-files.txt 2013-06-18 19:38
ComboFix2.txt 2013-06-18 18:38
.
Pre-Run: 118.578.348.032 bytes beschikbaar
Post-Run: 118.508.113.920 bytes beschikbaar
.
- - End Of File - - B5754CF3F4509B9447E6250815776C49
A36C5E4F47E84449FF07ED3517B43A31

Mededeling

libpdcurses.dll

libpdcurses.dll

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment