Mededeling

**Marckie** · 18-06-13, 17:33

Hallo,

Volg deze instructies: http://www.nucia.eu/forum/threads/12...ericht-plaatst!

**Chriskras** · 24-06-13, 15:09

Vandaag had ik hem voor de 3de keer.. Dus zal even uitvoeren wat u hier boven zegt.

Malware Bytes:
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
****** :: ************ [administrator]

24-6-2013 15:31:48
mbam-log-2013-06-24 (15-31-48).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 206665
Verstreken tijd: 4 minuut/minuten, 5 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\*********\AppData\Local\Temp\mrcrkxqmukruyraladj.bfg (Trojan.Winlock) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

DDS:
Lukt niet.. krijg hem wel gestart maar geen log.

GMER:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-24 16:05:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB
Running: 826m5ovy.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kwdoiaod.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[2524] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074b387b1 5 bytes JMP 0000000173a11000
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[2632] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074b387b1 5 bytes JMP 0000000173a11000
.text C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3196] 0000000076ee2e25
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3200] 0000000076ee3e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3208] 000000007663d864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3212] 000000007663d864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3556] 000000007663d864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3124:3572] 00000000733062ee
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3444:2656] 000007fefb072a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3444:1660] 000007fef7e55124

---- EOF - GMER 2.1 ----

Microsoft Security Essentials:

**Marckie** · 24-06-13, 17:20

De log van MBAM lijkt me niet kompleet. Post de volledige log.

Best dat je ook geen week wacht met reageren.
De bedoeling is dat je de instructies zo snel mogelijk uitvoert zodat de oorzaak kan weggenomen worden.

**Chriskras** · 24-06-13, 18:06

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.06.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Jeroen Goedhart :: ************ [administrator]

24-6-2013 15:31:48
mbam-log-2013-06-24 (15-31-48).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 206665
Verstreken tijd: 4 minuut/minuten, 5 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\*********\AppData\Local\Temp\mrcrkxqmukruyraladj.bfg (Trojan.Winlock) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Stuk in bold miste dus dat is niet zo gek veel...

**Marckie** · 24-06-13, 18:09

Is inderdaad niet veel, maar voor mij wel een belangrijk stuk.
Best dat je altijd de volledige logjes post, geen stukken.

Downloadt TDSSKiller en plaats het op je bureaublad.
Dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op "Change parameters" en vink aan:
- Services and drivers
- Boot sectors
- Verify drivers digital signatures
Klik op "OK"
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
De unsigned files skip je.
Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
Post dat logje.

**Chriskras** · 24-06-13, 18:18

19:13:20.0935 3596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:13:21.0263 3596 ============================================================
19:13:21.0263 3596 Current date / time: 2013/06/24 19:13:21.0263
19:13:21.0263 3596 SystemInfo:
19:13:21.0263 3596
19:13:21.0263 3596 OS Version: 6.1.7601 ServicePack: 1.0
19:13:21.0263 3596 Product type: Workstation
19:13:21.0263 3596 ComputerName: **********
19:13:21.0263 3596 UserName: *************
19:13:21.0263 3596 Windows directory: C:\Windows
19:13:21.0263 3596 System windows directory: C:\Windows
19:13:21.0263 3596 Running under WOW64
19:13:21.0263 3596 Processor architecture: Intel x64
19:13:21.0263 3596 Number of processors: 2
19:13:21.0263 3596 Page size: 0x1000
19:13:21.0263 3596 Boot type: Normal boot
19:13:21.0263 3596 ============================================================
19:13:22.0261 3596 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:22.0277 3596 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:13:22.0292 3596 Drive \Device\Harddisk2\DR3 - Size: 0x7A7D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:13:22.0292 3596 ============================================================
19:13:22.0292 3596 \Device\Harddisk0\DR0:
19:13:22.0292 3596 MBR partitions:
19:13:22.0292 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:13:22.0292 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
19:13:22.0292 3596 \Device\Harddisk1\DR1:
19:13:22.0292 3596 MBR partitions:
19:13:22.0292 3596 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x2007, BlocksNum 0x3ACFF9
19:13:22.0292 3596 \Device\Harddisk2\DR3:
19:13:22.0292 3596 MBR partitions:
19:13:22.0292 3596 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D09B9
19:13:22.0292 3596 ============================================================
19:13:22.0324 3596 C: <-> \Device\Harddisk0\DR0\Partition2
19:13:22.0324 3596 ============================================================
19:13:22.0324 3596 Initialize success
19:13:22.0324 3596 ============================================================
19:14:10.0122 3212 ============================================================
19:14:10.0122 3212 Scan started
19:14:10.0122 3212 Mode: Manual; SigCheck;
19:14:10.0122 3212 ============================================================
19:14:10.0309 3212 ================ Scan services =============================
19:14:10.0512 3212 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:14:10.0590 3212 1394ohci - ok
19:14:10.0621 3212 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:14:10.0652 3212 ACPI - ok
19:14:10.0684 3212 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:14:10.0699 3212 AcpiPmi - ok
19:14:10.0824 3212 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:14:10.0855 3212 AdobeARMservice - ok
19:14:10.0964 3212 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:14:10.0996 3212 AdobeFlashPlayerUpdateSvc - ok
19:14:11.0058 3212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:14:11.0089 3212 adp94xx - ok
19:14:11.0120 3212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:14:11.0152 3212 adpahci - ok
19:14:11.0167 3212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:14:11.0183 3212 adpu320 - ok
19:14:11.0230 3212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:14:11.0261 3212 AeLookupSvc - ok
19:14:11.0323 3212 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:14:11.0354 3212 AFD - ok
19:14:11.0401 3212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:14:11.0432 3212 agp440 - ok
19:14:11.0448 3212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:14:11.0464 3212 ALG - ok
19:14:11.0495 3212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:14:11.0510 3212 aliide - ok
19:14:11.0510 3212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:14:11.0526 3212 amdide - ok
19:14:11.0542 3212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:14:11.0557 3212 AmdK8 - ok
19:14:11.0573 3212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:14:11.0604 3212 AmdPPM - ok
19:14:11.0635 3212 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:14:11.0651 3212 amdsata - ok
19:14:11.0682 3212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:14:11.0698 3212 amdsbs - ok
19:14:11.0729 3212 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:14:11.0744 3212 amdxata - ok
19:14:11.0807 3212 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:14:11.0838 3212 AppID - ok
19:14:11.0869 3212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:14:11.0932 3212 AppIDSvc - ok
19:14:11.0978 3212 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:14:12.0010 3212 Appinfo - ok
19:14:12.0041 3212 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:14:12.0056 3212 AppMgmt - ok
19:14:12.0072 3212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:14:12.0088 3212 arc - ok
19:14:12.0119 3212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:14:12.0134 3212 arcsas - ok
19:14:12.0166 3212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:12.0197 3212 AsyncMac - ok
19:14:12.0244 3212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:14:12.0259 3212 atapi - ok
19:14:12.0322 3212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:14:12.0384 3212 AudioEndpointBuilder - ok
19:14:12.0400 3212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:14:12.0446 3212 AudioSrv - ok
19:14:12.0509 3212 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:14:12.0540 3212 AxInstSV - ok
19:14:12.0587 3212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:14:12.0602 3212 b06bdrv - ok
19:14:12.0634 3212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:14:12.0649 3212 b57nd60a - ok
19:14:12.0696 3212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:14:12.0712 3212 BDESVC - ok
19:14:12.0743 3212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:14:12.0774 3212 Beep - ok
19:14:12.0852 3212 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:14:12.0914 3212 BFE - ok
19:14:12.0977 3212 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:14:13.0070 3212 BITS - ok
19:14:13.0086 3212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:14:13.0117 3212 blbdrive - ok
19:14:13.0148 3212 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:14:13.0164 3212 bowser - ok
19:14:13.0180 3212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:14:13.0195 3212 BrFiltLo - ok
19:14:13.0195 3212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:14:13.0226 3212 BrFiltUp - ok
19:14:13.0258 3212 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:14:13.0289 3212 Browser - ok
19:14:13.0304 3212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:14:13.0320 3212 Brserid - ok
19:14:13.0351 3212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:14:13.0367 3212 BrSerWdm - ok
19:14:13.0382 3212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:14:13.0398 3212 BrUsbMdm - ok
19:14:13.0414 3212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:14:13.0429 3212 BrUsbSer - ok
19:14:13.0445 3212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:14:13.0476 3212 BTHMODEM - ok
19:14:13.0538 3212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:14:13.0585 3212 bthserv - ok
19:14:13.0601 3212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:14:13.0663 3212 cdfs - ok
19:14:13.0726 3212 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:14:13.0757 3212 cdrom - ok
19:14:13.0804 3212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:14:13.0850 3212 CertPropSvc - ok
19:14:13.0866 3212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:14:13.0897 3212 circlass - ok
19:14:13.0913 3212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:14:13.0944 3212 CLFS - ok
19:14:14.0116 3212 [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
19:14:14.0131 3212 CLHNServiceForPowerDVD12 - ok
19:14:14.0209 3212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:14.0240 3212 clr_optimization_v2.0.50727_32 - ok
19:14:14.0287 3212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:14:14.0303 3212 clr_optimization_v2.0.50727_64 - ok
19:14:14.0381 3212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:14.0412 3212 clr_optimization_v4.0.30319_32 - ok
19:14:14.0490 3212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:14:14.0506 3212 clr_optimization_v4.0.30319_64 - ok
19:14:14.0552 3212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:14:14.0568 3212 CmBatt - ok
19:14:14.0599 3212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:14:14.0630 3212 cmdide - ok
19:14:14.0662 3212 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:14:14.0693 3212 CNG - ok
19:14:14.0755 3212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:14:14.0786 3212 Compbatt - ok
19:14:14.0833 3212 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:14:14.0849 3212 CompositeBus - ok
19:14:14.0864 3212 COMSysApp - ok
19:14:14.0896 3212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:14:14.0911 3212 crcdisk - ok
19:14:14.0958 3212 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:14:14.0989 3212 CryptSvc - ok
19:14:15.0036 3212 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:14:15.0083 3212 CSC - ok
19:14:15.0145 3212 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:14:15.0192 3212 CscService - ok
19:14:15.0254 3212 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:14:15.0270 3212 ctxusbm - ok
19:14:15.0348 3212 [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
19:14:15.0364 3212 CyberLink PowerDVD 12 Media Server Monitor Service - ok
19:14:15.0395 3212 [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
19:14:15.0426 3212 CyberLink PowerDVD 12 Media Server Service - ok
19:14:15.0473 3212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:14:15.0566 3212 DcomLaunch - ok
19:14:15.0598 3212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:14:15.0644 3212 defragsvc - ok
19:14:15.0707 3212 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:14:15.0738 3212 DfsC - ok
19:14:15.0785 3212 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:14:15.0816 3212 Dhcp - ok
19:14:15.0863 3212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:14:15.0925 3212 discache - ok
19:14:15.0972 3212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:14:15.0988 3212 Disk - ok
19:14:16.0034 3212 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:14:16.0066 3212 Dnscache - ok
19:14:16.0128 3212 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:14:16.0190 3212 dot3svc - ok
19:14:16.0253 3212 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:14:16.0300 3212 DPS - ok
19:14:16.0346 3212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:14:16.0378 3212 drmkaud - ok
19:14:16.0440 3212 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:14:16.0471 3212 DXGKrnl - ok
19:14:16.0518 3212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:14:16.0580 3212 EapHost - ok
19:14:16.0674 3212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:14:16.0814 3212 ebdrv - ok
19:14:16.0861 3212 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:14:16.0877 3212 EFS - ok
19:14:16.0939 3212 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:14:16.0986 3212 ehRecvr - ok
19:14:17.0033 3212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:14:17.0064 3212 ehSched - ok
19:14:17.0111 3212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:14:17.0142 3212 elxstor - ok
19:14:17.0173 3212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:14:17.0189 3212 ErrDev - ok
19:14:17.0236 3212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:14:17.0282 3212 EventSystem - ok
19:14:17.0314 3212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:14:17.0360 3212 exfat - ok
19:14:17.0376 3212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:14:17.0423 3212 fastfat - ok
19:14:17.0501 3212 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:14:17.0548 3212 Fax - ok
19:14:17.0563 3212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:14:17.0579 3212 fdc - ok
19:14:17.0610 3212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:14:17.0657 3212 fdPHost - ok
19:14:17.0672 3212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:14:17.0704 3212 FDResPub - ok
19:14:17.0719 3212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:14:17.0735 3212 FileInfo - ok
19:14:17.0750 3212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:14:17.0797 3212 Filetrace - ok
19:14:17.0813 3212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:17.0828 3212 flpydisk - ok
19:14:17.0891 3212 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:14:17.0922 3212 FltMgr - ok
19:14:18.0000 3212 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:14:18.0078 3212 FontCache - ok
19:14:18.0140 3212 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:14:18.0156 3212 FontCache3.0.0.0 - ok
19:14:18.0172 3212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:14:18.0203 3212 FsDepends - ok
19:14:18.0234 3212 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:14:18.0265 3212 Fs_Rec - ok
19:14:18.0312 3212 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:14:18.0328 3212 fvevol - ok
19:14:18.0359 3212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:14:18.0374 3212 gagp30kx - ok
19:14:18.0437 3212 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:14:18.0530 3212 gpsvc - ok
19:14:18.0546 3212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:14:18.0562 3212 hcw85cir - ok
19:14:18.0640 3212 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:14:18.0686 3212 HdAudAddService - ok
19:14:18.0718 3212 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:14:18.0733 3212 HDAudBus - ok
19:14:18.0749 3212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:14:18.0764 3212 HidBatt - ok
19:14:18.0780 3212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:14:18.0811 3212 HidBth - ok
19:14:18.0842 3212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:14:18.0858 3212 HidIr - ok
19:14:18.0936 3212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:14:18.0983 3212 hidserv - ok
19:14:19.0045 3212 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:14:19.0061 3212 HidUsb - ok
19:14:19.0123 3212 [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
19:14:19.0154 3212 hitmanpro37 - ok
19:14:19.0186 3212 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:19.0264 3212 hkmsvc - ok
19:14:19.0295 3212 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:14:19.0326 3212 HomeGroupListener - ok
19:14:19.0373 3212 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:14:19.0388 3212 HomeGroupProvider - ok
19:14:19.0451 3212 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:14:19.0466 3212 HpSAMD - ok
19:14:19.0513 3212 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:19.0591 3212 HTTP - ok
19:14:19.0638 3212 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:14:19.0654 3212 hwpolicy - ok
19:14:19.0716 3212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:14:19.0747 3212 i8042prt - ok
19:14:19.0794 3212 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:14:19.0825 3212 iaStor - ok
19:14:19.0888 3212 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:14:19.0919 3212 iaStorV - ok
19:14:19.0981 3212 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:14:20.0044 3212 idsvc - ok
19:14:20.0293 3212 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:14:20.0605 3212 igfx - ok
19:14:20.0699 3212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:14:20.0714 3212 iirsp - ok
19:14:20.0777 3212 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:14:20.0839 3212 IKEEXT - ok
19:14:20.0855 3212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:14:20.0870 3212 intelide - ok
19:14:20.0917 3212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:14:20.0933 3212 intelppm - ok
19:14:20.0980 3212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:14:21.0011 3212 IPBusEnum - ok
19:14:21.0058 3212 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:21.0089 3212 IpFilterDriver - ok
19:14:21.0136 3212 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:14:21.0182 3212 iphlpsvc - ok
19:14:21.0229 3212 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:14:21.0245 3212 IPMIDRV - ok
19:14:21.0292 3212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:14:21.0323 3212 IPNAT - ok
19:14:21.0370 3212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:14:21.0401 3212 IRENUM - ok
19:14:21.0432 3212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:14:21.0448 3212 isapnp - ok
19:14:21.0494 3212 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:14:21.0510 3212 iScsiPrt - ok
19:14:21.0572 3212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:21.0588 3212 kbdclass - ok
19:14:21.0635 3212 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:14:21.0650 3212 kbdhid - ok
19:14:21.0666 3212 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:14:21.0682 3212 KeyIso - ok
19:14:21.0713 3212 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

**Chriskras** · 24-06-13, 18:22

19:14:21.0728 3212 KSecDD - ok
19:14:21.0760 3212 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:14:21.0775 3212 KSecPkg - ok
19:14:21.0806 3212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:14:21.0838 3212 ksthunk - ok
19:14:21.0884 3212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:14:21.0931 3212 KtmRm - ok
19:14:21.0978 3212 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:14:22.0009 3212 LanmanServer - ok
19:14:22.0072 3212 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:22.0103 3212 LanmanWorkstation - ok
19:14:22.0165 3212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:14:22.0196 3212 lltdio - ok
19:14:22.0243 3212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:14:22.0290 3212 lltdsvc - ok
19:14:22.0306 3212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:14:22.0352 3212 lmhosts - ok
19:14:22.0384 3212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:14:22.0399 3212 LSI_FC - ok
19:14:22.0415 3212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:14:22.0430 3212 LSI_SAS - ok
19:14:22.0446 3212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:14:22.0462 3212 LSI_SAS2 - ok
19:14:22.0477 3212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:14:22.0493 3212 LSI_SCSI - ok
19:14:22.0524 3212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:14:22.0586 3212 luafv - ok
19:14:22.0633 3212 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:14:22.0649 3212 Mcx2Svc - ok
19:14:22.0664 3212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:14:22.0680 3212 megasas - ok
19:14:22.0696 3212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:14:22.0727 3212 MegaSR - ok
19:14:22.0805 3212 Microsoft SharePoint Workspace Audit Service - ok
19:14:22.0836 3212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:14:22.0883 3212 MMCSS - ok
19:14:22.0898 3212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:14:22.0945 3212 Modem - ok
19:14:22.0961 3212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:14:22.0992 3212 monitor - ok
19:14:23.0039 3212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:14:23.0054 3212 mouclass - ok
19:14:23.0101 3212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:14:23.0117 3212 mouhid - ok
19:14:23.0164 3212 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:14:23.0195 3212 mountmgr - ok
19:14:23.0273 3212 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:14:23.0288 3212 MpFilter - ok
19:14:23.0335 3212 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:14:23.0351 3212 mpio - ok
19:14:23.0382 3212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:14:23.0444 3212 mpsdrv - ok
19:14:23.0507 3212 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:14:23.0616 3212 MpsSvc - ok
19:14:23.0663 3212 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:14:23.0694 3212 MRxDAV - ok
19:14:23.0741 3212 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:23.0772 3212 mrxsmb - ok
19:14:23.0788 3212 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:23.0803 3212 mrxsmb10 - ok
19:14:23.0866 3212 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:23.0881 3212 mrxsmb20 - ok
19:14:23.0912 3212 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:14:23.0912 3212 msahci - ok
19:14:23.0944 3212 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:14:23.0959 3212 msdsm - ok
19:14:23.0975 3212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:14:23.0990 3212 MSDTC - ok
19:14:24.0037 3212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:14:24.0068 3212 Msfs - ok
19:14:24.0084 3212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:14:24.0131 3212 mshidkmdf - ok
19:14:24.0162 3212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:14:24.0193 3212 msisadrv - ok
19:14:24.0224 3212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:14:24.0302 3212 MSiSCSI - ok
19:14:24.0318 3212 msiserver - ok
19:14:24.0349 3212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:14:24.0412 3212 MSKSSRV - ok
19:14:24.0552 3212 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:14:24.0583 3212 MsMpSvc - ok
19:14:24.0599 3212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:24.0646 3212 MSPCLOCK - ok
19:14:24.0661 3212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:14:24.0708 3212 MSPQM - ok
19:14:24.0755 3212 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:14:24.0786 3212 MsRPC - ok
19:14:24.0817 3212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:14:24.0833 3212 mssmbios - ok
19:14:24.0848 3212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:14:24.0895 3212 MSTEE - ok
19:14:24.0895 3212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:14:24.0911 3212 MTConfig - ok
19:14:24.0958 3212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:14:24.0973 3212 Mup - ok
19:14:25.0020 3212 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:14:25.0098 3212 napagent - ok
19:14:25.0129 3212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:14:25.0145 3212 NativeWifiP - ok
19:14:25.0238 3212 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:14:25.0285 3212 NDIS - ok
19:14:25.0316 3212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:14:25.0363 3212 NdisCap - ok
19:14:25.0394 3212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:25.0426 3212 NdisTapi - ok
19:14:25.0488 3212 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:25.0550 3212 Ndisuio - ok
19:14:25.0597 3212 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:25.0644 3212 NdisWan - ok
19:14:25.0691 3212 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:14:25.0738 3212 NDProxy - ok
19:14:25.0753 3212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:14:25.0800 3212 NetBIOS - ok
19:14:25.0847 3212 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:14:25.0894 3212 NetBT - ok
19:14:25.0894 3212 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:14:25.0909 3212 Netlogon - ok
19:14:25.0956 3212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:14:26.0018 3212 Netman - ok
19:14:26.0050 3212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:14:26.0096 3212 netprofm - ok
19:14:26.0128 3212 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:26.0143 3212 NetTcpPortSharing - ok
19:14:26.0315 3212 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:14:26.0486 3212 netw5v64 - ok
19:14:26.0518 3212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:14:26.0533 3212 nfrd960 - ok
19:14:26.0611 3212 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:14:26.0642 3212 NisDrv - ok
19:14:26.0689 3212 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:14:26.0720 3212 NisSrv - ok
19:14:26.0783 3212 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:14:26.0798 3212 NlaSvc - ok
19:14:26.0814 3212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:14:26.0876 3212 Npfs - ok
19:14:26.0923 3212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:14:26.0970 3212 nsi - ok
19:14:26.0970 3212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:14:27.0017 3212 nsiproxy - ok
19:14:27.0110 3212 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:14:27.0204 3212 Ntfs - ok
19:14:27.0251 3212 [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
19:14:27.0266 3212 ntk_PowerDVD12 - ok
19:14:27.0282 3212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:14:27.0329 3212 Null - ok
19:14:27.0360 3212 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:14:27.0376 3212 nvraid - ok
19:14:27.0422 3212 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:14:27.0454 3212 nvstor - ok
19:14:27.0485 3212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:14:27.0500 3212 nv_agp - ok
19:14:27.0532 3212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:14:27.0547 3212 ohci1394 - ok
19:14:27.0625 3212 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:27.0641 3212 ose - ok
19:14:27.0828 3212 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:14:28.0000 3212 osppsvc - ok
19:14:28.0046 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:14:28.0062 3212 p2pimsvc - ok
19:14:28.0093 3212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:14:28.0124 3212 p2psvc - ok
19:14:28.0202 3212 [ 0950875BC5F7348B263B2A3FC56CBA34 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
19:14:28.0249 3212 PAC7302 - ok
19:14:28.0280 3212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:14:28.0296 3212 Parport - ok
19:14:28.0343 3212 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:14:28.0343 3212 partmgr - ok
19:14:28.0374 3212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:14:28.0390 3212 PcaSvc - ok
19:14:28.0405 3212 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:14:28.0421 3212 pci - ok
19:14:28.0468 3212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:14:28.0483 3212 pciide - ok
19:14:28.0514 3212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:14:28.0530 3212 pcmcia - ok
19:14:28.0546 3212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:14:28.0561 3212 pcw - ok
19:14:28.0592 3212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:14:28.0655 3212 PEAUTH - ok
19:14:28.0702 3212 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:14:28.0748 3212 PeerDistSvc - ok
19:14:28.0842 3212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:14:28.0873 3212 PerfHost - ok
19:14:28.0967 3212 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:14:29.0045 3212 pla - ok
19:14:29.0092 3212 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:14:29.0107 3212 PlugPlay - ok
19:14:29.0154 3212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:14:29.0170 3212 PNRPAutoReg - ok
19:14:29.0185 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:14:29.0216 3212 PNRPsvc - ok
19:14:29.0263 3212 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:14:29.0310 3212 PolicyAgent - ok
19:14:29.0341 3212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:14:29.0388 3212 Power - ok
19:14:29.0435 3212 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:14:29.0513 3212 PptpMiniport - ok
19:14:29.0544 3212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:14:29.0591 3212 Processor - ok
19:14:29.0653 3212 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:14:29.0684 3212 ProfSvc - ok
19:14:29.0700 3212 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:29.0716 3212 ProtectedStorage - ok
19:14:29.0778 3212 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:14:29.0809 3212 Psched - ok
19:14:29.0872 3212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:14:29.0934 3212 ql2300 - ok
19:14:29.0950 3212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:14:29.0965 3212 ql40xx - ok
19:14:30.0012 3212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:14:30.0043 3212 QWAVE - ok
19:14:30.0059 3212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:14:30.0090 3212 QWAVEdrv - ok
19:14:30.0121 3212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:14:30.0152 3212 RasAcd - ok
19:14:30.0199 3212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:14:30.0230 3212 RasAgileVpn - ok
19:14:30.0262 3212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:14:30.0324 3212 RasAuto - ok
19:14:30.0371 3212 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:30.0418 3212 Rasl2tp - ok
19:14:30.0464 3212 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:14:30.0511 3212 RasMan - ok
19:14:30.0542 3212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:30.0589 3212 RasPppoe - ok
19:14:30.0620 3212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:14:30.0667 3212 RasSstp - ok
19:14:30.0714 3212 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:14:30.0745 3212 rdbss - ok
19:14:30.0761 3212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:14:30.0776 3212 rdpbus - ok
19:14:30.0792 3212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:30.0839 3212 RDPCDD - ok
19:14:30.0886 3212 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:14:30.0901 3212 RDPDR - ok
19:14:30.0932 3212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:14:30.0964 3212 RDPENCDD - ok
19:14:30.0979 3212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:14:31.0026 3212 RDPREFMP - ok
19:14:31.0073 3212 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:14:31.0088 3212 RDPWD - ok
19:14:31.0151 3212 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:14:31.0182 3212 rdyboost - ok
19:14:31.0213 3212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:14:31.0276 3212 RemoteAccess - ok
19:14:31.0307 3212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:14:31.0369 3212 RemoteRegistry - ok
19:14:31.0416 3212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:14:31.0463 3212 RpcEptMapper - ok
19:14:31.0510 3212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:14:31.0541 3212 RpcLocator - ok
19:14:31.0588 3212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:14:31.0634 3212 RpcSs - ok
19:14:31.0681 3212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:14:31.0728 3212 rspndr - ok
19:14:31.0759 3212 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:14:31.0775 3212 s3cap - ok
19:14:31.0806 3212 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:14:31.0822 3212 SamSs - ok
19:14:31.0868 3212 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:14:31.0900 3212 sbp2port - ok
19:14:31.0931 3212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:14:31.0978 3212 SCardSvr - ok
19:14:32.0024 3212 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:14:32.0056 3212 scfilter - ok
19:14:32.0134 3212 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:14:32.0227 3212 Schedule - ok
19:14:32.0274 3212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:14:32.0305 3212 SCPolicySvc - ok
19:14:32.0368 3212 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:14:32.0383 3212 SDRSVC - ok
19:14:32.0430 3212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:14:32.0477 3212 secdrv - ok
19:14:32.0508 3212 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:14:32.0570 3212 seclogon - ok
19:14:32.0602 3212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:14:32.0633 3212 SENS - ok
19:14:32.0648 3212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:14:32.0664 3212 SensrSvc - ok
19:14:32.0695 3212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:14:32.0711 3212 Serenum - ok
19:14:32.0726 3212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:14:32.0742 3212 Serial - ok
19:14:32.0804 3212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:14:32.0836 3212 sermouse - ok
19:14:32.0882 3212 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:14:32.0960 3212 SessionEnv - ok
19:14:32.0992 3212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:14:33.0007 3212 sffdisk - ok
19:14:33.0023 3212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:14:33.0038 3212 sffp_mmc - ok
19:14:33.0054 3212 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:14:33.0070 3212 sffp_sd - ok
19:14:33.0085 3212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:14:33.0101 3212 sfloppy - ok
19:14:33.0148 3212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:14:33.0210 3212 SharedAccess - ok
19:14:33.0257 3212 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:33.0350 3212 ShellHWDetection - ok
19:14:33.0413 3212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:14:33.0428 3212 SiSRaid2 - ok
19:14:33.0460 3212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:14:33.0475 3212 SiSRaid4 - ok
19:14:33.0522 3212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:14:33.0553 3212 Smb - ok
19:14:33.0616 3212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:14:33.0631 3212 SNMPTRAP - ok
19:14:33.0662 3212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:14:33.0662 3212 spldr - ok
19:14:33.0725 3212 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:14:33.0756 3212 Spooler - ok
19:14:33.0881 3212 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:14:34.0052 3212 sppsvc - ok
19:14:34.0084 3212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:14:34.0146 3212 sppuinotify - ok
19:14:34.0193 3212 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:14:34.0224 3212 srv - ok
19:14:34.0286 3212 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:14:34.0302 3212 srv2 - ok
19:14:34.0349 3212 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:14:34.0364 3212 srvnet - ok
19:14:34.0411 3212 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:14:34.0442 3212 ssadbus - ok
19:14:34.0474 3212 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:14:34.0489 3212 ssadmdfl - ok
19:14:34.0505 3212 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:14:34.0552 3212 ssadmdm - ok
19:14:34.0598 3212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:14:34.0645 3212 SSDPSRV - ok
19:14:34.0661 3212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:14:34.0708 3212 SstpSvc - ok
19:14:34.0739 3212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:14:34.0754 3212 stexstor - ok
19:14:34.0817 3212 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:14:34.0879 3212 stisvc - ok
19:14:34.0895 3212 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:14:34.0911 3212 storflt - ok
19:14:34.0926 3212 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:14:34.0942 3212 StorSvc - ok
19:14:34.0973 3212 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:14:35.0004 3212 storvsc - ok
19:14:35.0035 3212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:14:35.0067 3212 swenum - ok
19:14:35.0082 3212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:14:35.0129 3212 swprv - ok
19:14:35.0207 3212 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:14:35.0285 3212 SysMain - ok
19:14:35.0332 3212 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:14:35.0347 3212 TabletInputService - ok
19:14:35.0394 3212 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:14:35.0457 3212 TapiSrv - ok
19:14:35.0457 3212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:14:35.0503 3212 TBS - ok
19:14:35.0597 3212 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:14:35.0691 3212 Tcpip - ok
19:14:35.0737 3212 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:14:35.0784 3212 TCPIP6 - ok
19:14:35.0831 3212 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:14:35.0862 3212 tcpipreg - ok
19:14:35.0909 3212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:14:35.0940 3212 TDPIPE - ok
19:14:35.0987 3212 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:14:36.0003 3212 TDTCP - ok
19:14:36.0065 3212 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:14:36.0112 3212 tdx - ok
19:14:36.0159 3212 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:14:36.0190 3212 TermDD - ok
19:14:36.0237 3212 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:14:36.0346 3212 TermService - ok
19:14:36.0377 3212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:14:36.0408 3212 Themes - ok
19:14:36.0424 3212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:14:36.0455 3212 THREADORDER - ok
19:14:36.0471 3212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:14:36.0517 3212 TrkWks - ok
19:14:36.0580 3212 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:14:36.0627 3212 TrustedInstaller - ok
19:14:36.0673 3212 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:36.0736 3212 tssecsrv - ok
19:14:36.0783 3212 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:14:36.0798 3212 TsUsbFlt - ok
19:14:36.0876 3212 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:14:36.0923 3212 tunnel - ok
19:14:36.0954 3212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:14:36.0970 3212 uagp35 - ok
19:14:37.0017 3212 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:14:37.0063 3212 udfs - ok
19:14:37.0110 3212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:14:37.0126 3212 UI0Detect - ok
19:14:37.0157 3212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:14:37.0173 3212 uliagpkx - ok
19:14:37.0219 3212 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:14:37.0251 3212 umbus - ok
19:14:37.0266 3212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:14:37.0282 3212 UmPass - ok
19:14:37.0313 3212 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:14:37.0344 3212 UmRdpService - ok
19:14:37.0375 3212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:14:37.0422 3212 upnphost - ok
19:14:37.0485 3212 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:14:37.0516 3212 usbaudio - ok
19:14:37.0563 3212 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:37.0578 3212 usbccgp - ok
19:14:37.0609 3212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:14:37.0672 3212 usbcir - ok
19:14:37.0703 3212 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:14:37.0719 3212 usbehci - ok
19:14:37.0750 3212 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:14:37.0781 3212 usbhub - ok
19:14:37.0812 3212 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:14:37.0828 3212 usbohci - ok
19:14:37.0875 3212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:14:37.0906 3212 usbprint - ok
19:14:37.0968 3212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:14:37.0999 3212 usbscan - ok
19:14:38.0015 3212 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:38.0031 3212 USBSTOR - ok
19:14:38.0077 3212 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:14:38.0109 3212 usbuhci - ok
19:14:38.0155 3212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:14:38.0202 3212 UxSms - ok
19:14:38.0218 3212 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:14:38.0233 3212 VaultSvc - ok
19:14:38.0265 3212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:14:38.0296 3212 vdrvroot - ok
19:14:38.0343 3212 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:14:38.0421 3212 vds - ok
19:14:38.0452 3212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:38.0483 3212 vga - ok
19:14:38.0514 3212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:14:38.0561 3212 VgaSave - ok
19:14:38.0592 3212 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:14:38.0623 3212 vhdmp - ok
19:14:38.0655 3212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:14:38.0670 3212 viaide - ok
19:14:38.0717 3212 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:14:38.0733 3212 vmbus - ok
19:14:38.0779 3212 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:14:38.0795 3212 VMBusHID - ok
19:14:38.0811 3212 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:14:38.0826 3212 volmgr - ok
19:14:38.0873 3212 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:14:38.0889 3212 volmgrx - ok
19:14:38.0920 3212 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:14:38.0935 3212 volsnap - ok
19:14:38.0967 3212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:14:38.0982 3212 vsmraid - ok
19:14:39.0060 3212 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:14:39.0154 3212 VSS - ok
19:14:39.0154 3212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:14:39.0201 3212 vwifibus - ok
19:14:39.0263 3212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:14:39.0310 3212 W32Time - ok
19:14:39.0325 3212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:14:39.0341 3212 WacomPen - ok
19:14:39.0419 3212 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:14:39.0481 3212 WANARP - ok
19:14:39.0497 3212 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:14:39.0528 3212 Wanarpv6 - ok
19:14:39.0622 3212 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:14:39.0700 3212 WatAdminSvc - ok
19:14:39.0762 3212 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:14:39.0856 3212 wbengine - ok
19:14:39.0903 3212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:14:39.0934 3212 WbioSrvc - ok
19:14:39.0996 3212 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:14:40.0043 3212 wcncsvc - ok
19:14:40.0059 3212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:14:40.0074 3212 WcsPlugInService - ok
19:14:40.0090 3212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:14:40.0105 3212 Wd - ok
19:14:40.0152 3212 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:14:40.0199 3212 Wdf01000 - ok
19:14:40.0215 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:14:40.0246 3212 WdiServiceHost - ok
19:14:40.0246 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:14:40.0261 3212 WdiSystemHost - ok
19:14:40.0308 3212 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:14:40.0355 3212 WebClient - ok
19:14:40.0386 3212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:14:40.0417 3212 Wecsvc - ok
19:14:40.0433 3212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:14:40.0480 3212 wercplsupport - ok
19:14:40.0527 3212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:14:40.0573 3212 WerSvc - ok
19:14:40.0605 3212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:14:40.0636 3212 WfpLwf - ok
19:14:40.0667 3212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:14:40.0683 3212 WIMMount - ok
19:14:40.0698 3212 WinHttpAutoProxySvc - ok
19:14:40.0776 3212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:14:40.0839 3212 Winmgmt - ok
19:14:40.0932 3212 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:14:41.0057 3212 WinRM - ok
19:14:41.0135 3212 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:14:41.0151 3212 WinUsb - ok
19:14:41.0213 3212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:14:41.0260 3212 Wlansvc - ok
19:14:41.0385 3212 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:14:41.0478 3212 wlidsvc - ok
19:14:41.0525 3212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:14:41.0556 3212 WmiAcpi - ok
19:14:41.0587 3212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:14:41.0619 3212 wmiApSrv - ok
19:14:41.0665 3212 WMPNetworkSvc - ok
19:14:41.0681 3212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:14:41.0697 3212 WPCSvc - ok
19:14:41.0743 3212 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:14:41.0759 3212 WPDBusEnum - ok
19:14:41.0790 3212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:14:41.0837 3212 ws2ifsl - ok
19:14:41.0837 3212 WSearch - ok
19:14:41.0931 3212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:14:42.0040 3212 wuauserv - ok
19:14:42.0087 3212 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:14:42.0118 3212 WudfPf - ok
19:14:42.0149 3212 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:42.0196 3212 WUDFRd - ok
19:14:42.0243 3212 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:14:42.0258 3212 wudfsvc - ok
19:14:42.0289 3212 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:14:42.0321 3212 WwanSvc - ok
19:14:42.0367 3212 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:14:42.0399 3212 yukonw7 - ok
19:14:42.0523 3212 [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
19:14:42.0539 3212 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
19:14:42.0555 3212 ================ Scan global ===============================
19:14:42.0586 3212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:14:42.0633 3212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:14:42.0648 3212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:14:42.0695 3212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:14:42.0711 3212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:14:42.0726 3212 [Global] - ok
19:14:42.0726 3212 ================ Scan MBR ==================================
19:14:42.0742 3212 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:14:43.0007 3212 \Device\Harddisk0\DR0 - ok
19:14:43.0023 3212 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:14:43.0038 3212 \Device\Harddisk1\DR1 - ok
19:14:43.0054 3212 [ 6EF3B35686BE2662BD1FA10B31BE15BD ] \Device\Harddisk2\DR3
19:14:43.0069 3212 \Device\Harddisk2\DR3 - ok
19:14:43.0069 3212 ================ Scan VBR ==================================
19:14:43.0069 3212 [ 98D90E844162B4749CD7E4C23BC9CECE ] \Device\Harddisk0\DR0\Partition1
19:14:43.0069 3212 \Device\Harddisk0\DR0\Partition1 - ok
19:14:43.0101 3212 [ F8A6C3F020636D297637F615E8BA4267 ] \Device\Harddisk0\DR0\Partition2
19:14:43.0101 3212 \Device\Harddisk0\DR0\Partition2 - ok
19:14:43.0101 3212 [ 5154651DFAE39CE61CF1E9F1A5423D05 ] \Device\Harddisk1\DR1\Partition1
19:14:43.0116 3212 \Device\Harddisk1\DR1\Partition1 - ok
19:14:43.0116 3212 [ 2B1F6AE7BCE67026C40BEBC5183046B3 ] \Device\Harddisk2\DR3\Partition1
19:14:43.0116 3212 \Device\Harddisk2\DR3\Partition1 - ok
19:14:43.0116 3212 ============================================================
19:14:43.0116 3212 Scan finished
19:14:43.0116 3212 ============================================================
19:14:43.0132 3288 Detected object count: 0
19:14:43.0132 3288 Actual detected object count: 0

Past niet in 1 bericht daarom in 2

**Marckie** · 24-06-13, 20:18

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

**Chriskras** · 26-06-13, 07:48

Combofix had heel veel moeite en duurde langer dan 10minuten.

Dit is de log:

ComboFix 13-06-25.01 - ************* 26-06-2013 8:13.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4056.2780 [GMT 2:00]
Gestart vanuit: c:\users\*************\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ejiw9q.bat
c:\programdata\ejiw9q.pad
c:\programdata\sdaksda.txt
c:\users\*************\AppData\Roaming\skype.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-26 to 2013-06-26 ))))))))))))))))))))))))))))))
.
.
2013-06-26 06:22 . 2013-06-26 06:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-25 15:24 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2E47C43-2C9C-41B5-ABBE-9FA1A33744B0}\mpengine.dll
2013-06-24 13:57 . 2013-06-24 13:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-24 13:57 . 2013-06-24 13:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:26 . 2013-06-24 13:26 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-24 13:11 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-23 18:35 . 2013-06-23 18:35 2680 ----a-w- c:\programdata\ejiw9q.js
2013-06-23 18:35 . 2013-06-23 18:35 152 ----a-w- c:\programdata\ejiw9q.reg
2013-06-22 07:24 . 2013-06-22 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02E2B6A5-9047-42F7-8FCD-1971CF0F0980}\gapaengine.dll
2013-06-18 16:24 . 2013-06-18 16:31 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-06-18 14:54 . 2013-06-18 14:54 -------- d-----w- C:\found.000
2013-06-18 14:42 . 2013-06-18 14:50 -------- d-----w- c:\programdata\HitmanPro
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\programdata\Citrix
2013-06-13 11:18 . 2013-06-13 11:26 -------- d-----w- c:\users\*************\AppData\Roaming\ICAClient
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\users\*************\AppData\Local\Citrix
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\program files (x86)\Citrix
2013-06-12 21:06 . 2013-05-17 00:58 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 21:06 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-12 21:06 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 21:06 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 21:06 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-09 20:14 . 2013-06-09 20:14 -------- d-----w- c:\users\*************\AppData\Local\Adobe_Systems_Incorporate
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 13:56 . 2012-11-01 22:38 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 13:56 . 2012-11-01 22:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 21:07 . 2012-05-03 14:43 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 16:50 . 2012-05-03 14:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:50 . 2012-05-03 14:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 15:31 . 2012-06-12 21:05 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-09 22:48 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-05-03 13:53 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 06:04 . 2013-05-01 06:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 06:04 . 2013-05-01 06:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 06:04 . 2013-05-01 06:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 06:04 . 2013-05-01 06:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 06:04 . 2013-05-01 06:04 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 06:04 . 2013-05-01 06:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 06:04 . 2013-05-01 06:04 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 06:04 . 2013-05-01 06:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 06:04 . 2013-05-01 06:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 06:04 . 2013-05-01 06:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 06:04 . 2013-05-01 06:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 06:04 . 2013-05-01 06:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 06:04 . 2013-05-01 06:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 06:04 . 2013-05-01 06:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 06:04 . 2013-05-01 06:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 06:04 . 2013-05-01 06:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-24 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 15:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 15:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:17 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-24 15:30 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-24 15:30 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-24 15:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-05-24 17:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\ejiw9q.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/03 22:42];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 16:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-26 08:34:30
ComboFix-quarantined-files.txt 2013-06-26 06:34
.
Pre-Run: 55.241.674.752 bytes beschikbaar
Post-Run: 54.724.739.072 bytes beschikbaar
.
- - End Of File - - 4AFC3CD349F44ADDEBB403F287D5D042
D41D8CD98F00B204E9800998ECF8427E

Heb rechts in de taakbalk ook nog een vlagetje met een kruis.
Deze geeft een melding van "De windows security center-service inschakelen (belangrijk)"
Als ik dat doe krijg ik deze foutmelding:
"windows security center-service kan niet worden gestart" met een rond logo met een wit kruis

**Marckie** · 26-06-13, 16:11

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

FILE::
c:\programdata\ejiw9q.js
c:\programdata\ejiw9q.reg
c:\progra~3\ejiw9q.bat
REGISTRY::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe"

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**Chriskras** · 26-06-13, 21:51

ComboFix 13-06-26.01 - ************* 26-06-2013 22:27:39.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4056.2876 [GMT 2:00]
Gestart vanuit: c:\users\*************\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\*************\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~3\ejiw9q.bat"
"c:\programdata\ejiw9q.js"
"c:\programdata\ejiw9q.reg"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ejiw9q.js
c:\programdata\ejiw9q.reg
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-26 to 2013-06-26 ))))))))))))))))))))))))))))))
.
.
2013-06-26 20:35 . 2013-06-26 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 15:56 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBB9DBA-D0CE-441C-9715-B1A93BE76D5B}\mpengine.dll
2013-06-25 15:24 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-24 13:57 . 2013-06-24 13:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-24 13:57 . 2013-06-24 13:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:26 . 2013-06-24 13:26 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-22 07:24 . 2013-06-22 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02E2B6A5-9047-42F7-8FCD-1971CF0F0980}\gapaengine.dll
2013-06-18 16:24 . 2013-06-18 16:31 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-06-18 14:54 . 2013-06-18 14:54 -------- d-----w- C:\found.000
2013-06-18 14:42 . 2013-06-18 14:50 -------- d-----w- c:\programdata\HitmanPro
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\programdata\Citrix
2013-06-13 11:18 . 2013-06-13 11:26 -------- d-----w- c:\users\*************\AppData\Roaming\ICAClient
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\users\*************\AppData\Local\Citrix
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\program files (x86)\Citrix
2013-06-12 21:06 . 2013-05-17 00:58 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 21:06 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-12 21:06 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 21:06 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 21:06 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-09 20:14 . 2013-06-09 20:14 -------- d-----w- c:\users\*************\AppData\Local\Adobe_Systems_Incorporate
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 13:56 . 2012-11-01 22:38 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 13:56 . 2012-11-01 22:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 21:07 . 2012-05-03 14:43 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 16:50 . 2012-05-03 14:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:50 . 2012-05-03 14:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 15:31 . 2012-06-12 21:05 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-09 22:48 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-05-03 13:53 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 06:04 . 2013-05-01 06:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 06:04 . 2013-05-01 06:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 06:04 . 2013-05-01 06:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 06:04 . 2013-05-01 06:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 06:04 . 2013-05-01 06:04 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 06:04 . 2013-05-01 06:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 06:04 . 2013-05-01 06:04 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 06:04 . 2013-05-01 06:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 06:04 . 2013-05-01 06:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 06:04 . 2013-05-01 06:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 06:04 . 2013-05-01 06:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 06:04 . 2013-05-01 06:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 06:04 . 2013-05-01 06:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 06:04 . 2013-05-01 06:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 06:04 . 2013-05-01 06:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 06:04 . 2013-05-01 06:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-24 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 15:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 15:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:17 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-24 15:30 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-24 15:30 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-24 15:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-05-24 17:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\ejiw9q.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/03 22:42];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 16:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-26 22:45:59
ComboFix-quarantined-files.txt 2013-06-26 20:45
ComboFix2.txt 2013-06-26 06:34
.
Pre-Run: 54.543.265.792 bytes beschikbaar
Post-Run: 54.488.596.480 bytes beschikbaar
.
- - End Of File - - 49B2282819C0DEA35958BFAEA625988E
D41D8CD98F00B204E9800998ECF8427E

**Marckie** · 28-06-13, 09:29

Niet helemaal gelukt.

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe"

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**Chriskras** · 29-06-13, 17:12

Het heeft niet voor een reboot gezorgd dus waarschijnlijk weer mislukt...
Toch hier het logje:

ComboFix 13-06-28.02 - ************* 29-06-2013 17:51:05.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4056.2700 [GMT 2:00]
Gestart vanuit: c:\users\*************\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\*************\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-28 to 2013-06-29 ))))))))))))))))))))))))))))))
.
.
2013-06-29 15:59 . 2013-06-29 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 08:39 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA56B494-962E-4C60-9668-E66F83776F62}\mpengine.dll
2013-06-27 19:05 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 15:18 . 2013-06-27 15:19 -------- d-----w- c:\users\*************\AppData\Local\Google
2013-06-27 15:18 . 2013-06-27 15:18 -------- d-----w- c:\program files (x86)\Google
2013-06-24 13:57 . 2013-06-24 13:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-24 13:57 . 2013-06-24 13:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:26 . 2013-06-24 13:26 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-22 07:24 . 2013-06-22 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02E2B6A5-9047-42F7-8FCD-1971CF0F0980}\gapaengine.dll
2013-06-18 16:24 . 2013-06-18 16:31 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-06-18 14:54 . 2013-06-18 14:54 -------- d-----w- C:\found.000
2013-06-18 14:42 . 2013-06-18 14:50 -------- d-----w- c:\programdata\HitmanPro
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\programdata\Citrix
2013-06-13 11:18 . 2013-06-13 11:26 -------- d-----w- c:\users\*************\AppData\Roaming\ICAClient
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\users\*************\AppData\Local\Citrix
2013-06-13 11:18 . 2013-06-13 11:18 -------- d-----w- c:\program files (x86)\Citrix
2013-06-12 21:06 . 2013-05-17 00:58 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 21:06 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-12 21:06 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 21:06 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 21:06 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 21:06 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 21:06 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-09 20:14 . 2013-06-09 20:14 -------- d-----w- c:\users\*************\AppData\Local\Adobe_Systems_Incorporate
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 13:56 . 2012-11-01 22:38 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 13:56 . 2012-11-01 22:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 21:07 . 2012-05-03 14:43 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 16:50 . 2012-05-03 14:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:50 . 2012-05-03 14:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 15:31 . 2012-06-12 21:05 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-09 22:48 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-05-03 13:53 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 06:04 . 2013-05-01 06:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 06:04 . 2013-05-01 06:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 06:04 . 2013-05-01 06:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 06:04 . 2013-05-01 06:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 06:04 . 2013-05-01 06:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 06:04 . 2013-05-01 06:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 06:04 . 2013-05-01 06:04 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 06:04 . 2013-05-01 06:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 06:04 . 2013-05-01 06:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 06:04 . 2013-05-01 06:04 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 06:04 . 2013-05-01 06:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 06:04 . 2013-05-01 06:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 06:04 . 2013-05-01 06:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 06:04 . 2013-05-01 06:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 06:04 . 2013-05-01 06:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 06:04 . 2013-05-01 06:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 06:04 . 2013-05-01 06:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 06:04 . 2013-05-01 06:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 06:04 . 2013-05-01 06:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 06:04 . 2013-05-01 06:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 06:04 . 2013-05-01 06:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 06:04 . 2013-05-01 06:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 06:04 . 2013-05-01 06:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 06:04 . 2013-05-01 06:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 06:04 . 2013-05-01 06:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 06:04 . 2013-05-01 06:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 06:04 . 2013-05-01 06:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 06:04 . 2013-05-01 06:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 06:04 . 2013-05-01 06:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 06:04 . 2013-05-01 06:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 06:04 . 2013-05-01 06:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 06:04 . 2013-05-01 06:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 06:04 . 2013-05-01 06:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-24 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-24 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-24 15:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-24 15:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-24 15:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:17 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-24 15:30 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-24 15:30 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-24 15:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-05-24 17:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
.
c:\users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*************\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\ejiw9q.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/03 22:42];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-27 15:18 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 16:50]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27 15:18]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-27 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\*************\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-06-29 18:10:32
ComboFix-quarantined-files.txt 2013-06-29 16:10
ComboFix2.txt 2013-06-26 20:46
ComboFix3.txt 2013-06-26 06:34
.
Pre-Run: 54.512.021.504 bytes beschikbaar
Post-Run: 54.218.043.392 bytes beschikbaar
.
- - End Of File - - 9970E14941986BA40777191BF1D5DBA3
D41D8CD98F00B204E9800998ECF8427E

**Marckie** · 29-06-13, 17:39

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting Registry Values>>log.txt
REG.EXE DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /f>NUL
IF NOT ERRORLEVEL 1 ECHO "registersleutel : waarde" deleted successfully>>log.txt
IF ERRORLEVEL 1 ECHO "registersleutel : waarde" not deleted>>log.txt
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /d "explorer.exe" /f
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell">>log.txt
START NOTEPAD.EXE log.txt
DEL %0

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Rechtsklik op del.bat en kies voor "Uitvoeren als Administrator".
Krijg je een melding van Gebruikersaccountbeheer dan sta je dit toe.
Post de inhoud van de logfile die opent.

Mededeling

Trojan.Ransom Politie Nederland verwijderen

Trojan.Ransom Politie Nederland verwijderen

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment