Mededeling

Collapse
No announcement yet.

ziggo brief u heeft een Torpig virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • ziggo brief u heeft een Torpig virus

    geachte lezer,
    zojuist na van de schrik van de bekende ziggo brief te zijn bekomen, Malewarebytes, DDS en GMER gedraaid. Ik vermoed dat het meevalt en dat het geteste systeem niet is besmet maar liever save then sorry. Dus ik hoop dat een van jullie experts mijn log files zou willen controleren. Alvast bedankt voor jullie.
    groet harry


    Malewarebytes geeft;
    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.06.18.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ter_haar :: REKENDOOS [administrator]

    Bescherming: Ingeschakeld

    18-6-2013 17:28:40
    mbam-log-2013-06-18 (17-28-40).txt

    Scan type: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 383743
    Verstreken tijd: 54 minuut/minuten, 20 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS geeft;

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by ter_haar at 18:24:09 on 2013-06-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.1952 [GMT 2:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\dlbkcoms.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\System32\vds.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    mWinlogon: Userinit = userinit.exe
    BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\ter_haar\AppData\Roaming\Complitly\Complitly.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\ter_haar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\Users\ter_haar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\ter_haar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcam.enschede.nl:48250/activex/AxisCamControl.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://telework.vredestein.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{9F653882-2A2D-43C8-8A75-D18A7BFCEBCE} : DHCPNameServer = 212.54.35.25 212.54.40.25
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\ter_haar\AppData\Roaming\Complitly\64\Complitly64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-9 55280]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
    R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-4 86752]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-4 110816]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
    R2 dlbk_device;dlbk_device;C:\Windows\System32\dlbkcoms.exe -service --> C:\Windows\System32\dlbkcoms.exe -service [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-18 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-18 701512]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-3-9 27136]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-9 656624]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-3-6 58400]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-18 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-9 43008]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-3-9 24064]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-9 43008]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-18 15:26:32 -------- d-----w- C:\Users\ter_haar\AppData\Roaming\Malwarebytes
    2013-06-18 15:26:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-06-18 15:26:23 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-06-18 15:26:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-18 15:26:08 -------- d-----w- C:\Users\ter_haar\AppData\Local\Programs
    .
    ==================== Find3M ====================
    .
    2013-05-13 10:45:46 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2013-03-30 15:42:38 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-03-30 15:42:38 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    .
    ============= FINISH: 18:25:02,52 ===============

    Indien nodig kan ik ook de Attach posten!


    GMER geeft:
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-06-18 21:01:06
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
    Running: y72l2p9n.exe; Driver: C:\Users\ter_haar\AppData\Local\Temp\pwtdrpow.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880047b5c34 12 bytes {MOV RAX, 0xfffffa800613a2a0; JMP RAX}

    ---- User code sections - GMER 2.1 ----

    .text C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe[2216] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
    .text C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe[2216] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
    .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
    .text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
    .text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075841465 2 bytes [84, 75]
    .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758414bb 2 bytes [84, 75]
    .text ... * 2

    ---- Kernel IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff8800107a650] \SystemRoot\System32\Drivers\spkn.sys [unknown section]
    IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff8800107a5dc] \SystemRoot\System32\Drivers\spkn.sys [unknown section]

    ---- Devices - GMER 2.1 ----

    Device \Driver\agssc9uo \Device\Scsi\agssc9uo1 fffffa80062da2c0
    Device \Driver\agssc9uo \Device\Scsi\agssc9uo1Port1Path0Target0Lun0 fffffa80062da2c0
    Device \FileSystem\Ntfs \Ntfs fffffa80049f32c0
    Device \FileSystem\fastfat \Fat fffffa80064b72c0
    Device \Driver\USBSTOR \Device\0000007a fffffa8006da22c0
    Device \Driver\usbuhci \Device\USBPDO-5 fffffa800626f2c0
    Device \Driver\USBSTOR \Device\00000078 fffffa8006da22c0
    Device \Driver\usbuhci \Device\USBFDO-3 fffffa800626f2c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{400180DA-8ADE-4D80-8127-E565AFFC585C} fffffa80060672c0
    Device \Driver\USBSTOR \Device\00000088 fffffa8006da22c0
    Device \Driver\usbuhci \Device\USBPDO-1 fffffa800626f2c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{9F653882-2A2D-43C8-8A75-D18A7BFCEBCE} fffffa80060672c0
    Device \Driver\cdrom \Device\CdRom0 fffffa8005f822c0
    Device \Driver\cdrom \Device\CdRom1 fffffa8005f822c0
    Device \Driver\USBSTOR \Device\0000007b fffffa8006da22c0
    Device \Driver\USBSTOR \Device\00000079 fffffa8006da22c0
    Device \Driver\usbehci \Device\USBPDO-6 fffffa80062852c0
    Device \Driver\usbuhci \Device\USBFDO-4 fffffa800626f2c0
    Device \Driver\usbuhci \Device\USBFDO-0 fffffa800626f2c0
    Device \Driver\usbehci \Device\USBPDO-2 fffffa80062852c0
    Device \Driver\USBSTOR \Device\0000007c fffffa8006da22c0
    Device \Driver\usbuhci \Device\USBFDO-5 fffffa800626f2c0
    Device \Driver\usbuhci \Device\USBPDO-3 fffffa800626f2c0
    Device \Driver\usbuhci \Device\USBFDO-1 fffffa800626f2c0
    Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8003cb52c0
    Device \Driver\volmgr \Device\FtControl fffffa8003cb52c0
    Device \Driver\volmgr \Device\VolMgrControl fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume5 fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume6 fffffa8003cb52c0
    Device \Driver\volmgr \Device\HarddiskVolume7 fffffa8003cb52c0
    Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80060672c0
    Device \Driver\volmgr \Device\HarddiskVolume8 fffffa8003cb52c0
    Device \Driver\usbehci \Device\USBFDO-6 fffffa80062852c0
    Device \Driver\usbuhci \Device\USBPDO-4 fffffa800626f2c0
    Device \Driver\usbehci \Device\USBFDO-2 fffffa80062852c0
    Device \Driver\usbuhci \Device\USBPDO-0 fffffa800626f2c0
    Device \Driver\USBSTOR \Device\00000087 fffffa8006da22c0
    Device \Driver\agssc9uo \Device\ScsiPort1 fffffa80062da2c0

    ---- Modules - GMER 2.1 ----

    Module \SystemRoot\System32\Drivers\agssc9uo.SYS fffff8800558a000-fffff880055cf000 (282624 bytes)

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:728] 000007fefb522a7c

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x2B 0x26 0xAF 0xF0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBC 0xB9 0xC0 0x49 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB7 0x12 0xB9 0x07 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x2B 0x26 0xAF 0xF0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBC 0xB9 0xC0 0x49 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB7 0x12 0xB9 0x07 ...

    ---- EOF - GMER 2.1 ----

  • #2
    Zie deze post: http://www.nucia.eu/forum/threads/12...ericht-plaatst!
    Cd-emulatie software is nog actief, en dat bemoeilijkt het lezen van de log.
    Schakel die software uit met Defogger.
    Herstart de computer en maak dan een nieuwe log met Gmer.

    Comment


    • #3
      Beste Marckie,
      srry wist niet dat er uberhaubt emulatoren draaiden. Tijdens GMER scan plots een blue screen met volgende melding;

      Probleemhandtekening:
      Gebeurtenisnaam van probleem: BlueScreen
      Versie van besturingssysteem: 6.1.7601.2.1.0.768.3
      Landinstelling-id: 1043

      Aanvullende informatie over dit probleem:
      BCCode: 1000007e
      BCP1: FFFFFFFF80000004
      BCP2: FFFFF8000340B3D3
      BCP3: FFFFF880031BD428
      BCP4: FFFFF880031BCC80
      OS Version: 6_1_7601
      Service Pack: 1_0
      Product: 768_1

      Bestanden die helpen bij het beschrijven van het probleem:
      C:\Windows\Minidump\061913-15880-01.dmp
      C:\Users\ter_haar\AppData\Local\Temp\WER-43196-0.sysdata.xml

      Kan beide bestanden niet openen

      GMER scan geeft volgende;
      GMER 2.1.19163 - http://www.gmer.net
      Rootkit scan 2013-06-19 18:15:03
      Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
      Running: y72l2p9n.exe; Driver: C:\Users\ter_haar\AppData\Local\Temp\pwtdrpow.sys


      ---- User code sections - GMER 2.1 ----

      .text C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe[3132] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76]
      .text C:\Users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe[3132] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76]
      .text ... * 2
      .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76]
      .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76]
      .text ... * 2
      .text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76]
      .text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76]
      .text ... * 2
      .text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5052] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76]
      .text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5052] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76]
      .text ... * 2
      .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768d1465 2 bytes [8D, 76]
      .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768d14bb 2 bytes [8D, 76]
      .text ... * 2

      ---- Registry - GMER 2.1 ----

      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x2B 0x26 0xAF 0xF0 ...
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBC 0xB9 0xC0 0x49 ...
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
      Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB7 0x12 0xB9 0x07 ...
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x2B 0x26 0xAF 0xF0 ...
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBC 0xB9 0xC0 0x49 ...
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB7 0x12 0xB9 0x07 ...

      ---- Disk sectors - GMER 2.1 ----

      Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior

      ---- EOF - GMER 2.1 ----

      m.vr.gr. Harry

      Comment


      • #4
        Hallo Harry,

        Downloadt TDSSKiller en plaats het op je bureaublad.
        Dubbelklik op TDSSKiller.exe om de tool te starten.
        Klik op "Change parameters" en vink aan:
        - Services and drivers
        - Boot sectors
        - Verify drivers digital signatures
        Klik op "OK"
        Klik op de knop "Start Scan" en volg de instructies.
        Wanneer de scan klaar is klik je op de knop "Report".
        Er opent een kladblokbestand. Post de inhoud van dit bestand.
        Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
        De unsigned files skip je.
        Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
        Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
        Post dat logje.

        Comment


        • #5
          Hallo Marckie,
          onderstaande file is van kaspersky, alleen 3 unsigned files geskipped! (file is meer dan 5000 tekens, in 2 keer gepost)

          19:32:48.0867 1752 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
          19:32:49.0116 1752 ============================================================
          19:32:49.0116 1752 Current date / time: 2013/06/19 19:32:49.0116
          19:32:49.0116 1752 SystemInfo:
          19:32:49.0116 1752
          19:32:49.0116 1752 OS Version: 6.1.7601 ServicePack: 1.0
          19:32:49.0116 1752 Product type: Workstation
          19:32:49.0116 1752 ComputerName: REKENDOOS
          19:32:49.0116 1752 UserName: ter_haar
          19:32:49.0116 1752 Windows directory: C:\Windows
          19:32:49.0116 1752 System windows directory: C:\Windows
          19:32:49.0116 1752 Running under WOW64
          19:32:49.0116 1752 Processor architecture: Intel x64
          19:32:49.0116 1752 Number of processors: 4
          19:32:49.0116 1752 Page size: 0x1000
          19:32:49.0116 1752 Boot type: Normal boot
          19:32:49.0116 1752 ============================================================
          19:32:49.0444 1752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
          19:32:49.0475 1752 ============================================================
          19:32:49.0475 1752 \Device\Harddisk0\DR0:
          19:32:49.0475 1752 MBR partitions:
          19:32:49.0475 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1139000
          19:32:49.0475 1752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1160800, BlocksNum 0x496F7000
          19:32:49.0475 1752 ============================================================
          19:32:49.0491 1752 C: <-> \Device\Harddisk0\DR0\Partition2
          19:32:49.0491 1752 ============================================================
          19:32:49.0491 1752 Initialize success
          19:32:49.0491 1752 ============================================================
          19:32:55.0778 4844 ============================================================
          19:32:55.0778 4844 Scan started
          19:32:55.0778 4844 Mode: Manual; SigCheck;
          19:32:55.0778 4844 ============================================================
          19:32:55.0949 4844 ================ Scan system memory ========================
          19:32:55.0949 4844 System memory - ok
          19:32:55.0949 4844 ================ Scan services =============================
          19:32:56.0074 4844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
          19:32:56.0152 4844 1394ohci - ok
          19:32:56.0183 4844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
          19:32:56.0199 4844 ACPI - ok
          19:32:56.0230 4844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
          19:32:56.0246 4844 AcpiPmi - ok
          19:32:56.0277 4844 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          19:32:56.0277 4844 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
          19:32:56.0277 4844 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
          19:32:56.0308 4844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
          19:32:56.0339 4844 adp94xx - ok
          19:32:56.0355 4844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
          19:32:56.0386 4844 adpahci - ok
          19:32:56.0402 4844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
          19:32:56.0417 4844 adpu320 - ok
          19:32:56.0433 4844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
          19:32:56.0495 4844 AeLookupSvc - ok
          19:32:56.0542 4844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
          19:32:56.0573 4844 AFD - ok
          19:32:56.0589 4844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
          19:32:56.0604 4844 agp440 - ok
          19:32:56.0620 4844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
          19:32:56.0636 4844 ALG - ok
          19:32:56.0651 4844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
          19:32:56.0667 4844 aliide - ok
          19:32:56.0698 4844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
          19:32:56.0714 4844 amdide - ok
          19:32:56.0729 4844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
          19:32:56.0745 4844 AmdK8 - ok
          19:32:56.0760 4844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
          19:32:56.0760 4844 AmdPPM - ok
          19:32:56.0776 4844 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
          19:32:56.0792 4844 amdsata - ok
          19:32:56.0807 4844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
          19:32:56.0823 4844 amdsbs - ok
          19:32:56.0838 4844 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
          19:32:56.0854 4844 amdxata - ok
          19:32:56.0932 4844 [ 075DE33661971DE058854C526BDBBF0D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
          19:32:56.0948 4844 AntiVirSchedulerService - ok
          19:32:56.0963 4844 [ 826ADD8689FA33632CF98A0EAC89F156 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
          19:32:56.0979 4844 AntiVirService - ok
          19:32:57.0026 4844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
          19:32:57.0072 4844 AppID - ok
          19:32:57.0088 4844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
          19:32:57.0119 4844 AppIDSvc - ok
          19:32:57.0150 4844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
          19:32:57.0182 4844 Appinfo - ok
          19:32:57.0213 4844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
          19:32:57.0213 4844 arc - ok
          19:32:57.0228 4844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
          19:32:57.0244 4844 arcsas - ok
          19:32:57.0260 4844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
          19:32:57.0291 4844 AsyncMac - ok
          19:32:57.0338 4844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
          19:32:57.0353 4844 atapi - ok
          19:32:57.0384 4844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
          19:32:57.0431 4844 AudioEndpointBuilder - ok
          19:32:57.0447 4844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
          19:32:57.0478 4844 AudioSrv - ok
          19:32:57.0525 4844 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
          19:32:57.0540 4844 avgntflt - ok
          19:32:57.0587 4844 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
          19:32:57.0603 4844 avipbb - ok
          19:32:57.0618 4844 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
          19:32:57.0634 4844 avkmgr - ok
          19:32:57.0665 4844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
          19:32:57.0696 4844 AxInstSV - ok
          19:32:57.0728 4844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
          19:32:57.0743 4844 b06bdrv - ok
          19:32:57.0774 4844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
          19:32:57.0790 4844 b57nd60a - ok
          19:32:57.0821 4844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
          19:32:57.0837 4844 BDESVC - ok
          19:32:57.0852 4844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
          19:32:57.0884 4844 Beep - ok
          19:32:57.0930 4844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
          19:32:57.0977 4844 BFE - ok
          19:32:58.0008 4844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
          19:32:58.0040 4844 BITS - ok
          19:32:58.0055 4844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
          19:32:58.0071 4844 blbdrive - ok
          19:32:58.0102 4844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
          19:32:58.0118 4844 bowser - ok
          19:32:58.0133 4844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
          19:32:58.0149 4844 BrFiltLo - ok
          19:32:58.0164 4844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
          19:32:58.0180 4844 BrFiltUp - ok
          19:32:58.0196 4844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
          19:32:58.0211 4844 Browser - ok
          19:32:58.0227 4844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
          19:32:58.0242 4844 Brserid - ok
          19:32:58.0242 4844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
          19:32:58.0258 4844 BrSerWdm - ok
          19:32:58.0274 4844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
          19:32:58.0289 4844 BrUsbMdm - ok
          19:32:58.0289 4844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
          19:32:58.0305 4844 BrUsbSer - ok
          19:32:58.0320 4844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
          19:32:58.0336 4844 BTHMODEM - ok
          19:32:58.0352 4844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
          19:32:58.0398 4844 bthserv - ok
          19:32:58.0414 4844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
          19:32:58.0445 4844 cdfs - ok
          19:32:58.0476 4844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
          19:32:58.0492 4844 cdrom - ok
          19:32:58.0523 4844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
          19:32:58.0554 4844 CertPropSvc - ok
          19:32:58.0570 4844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
          19:32:58.0570 4844 circlass - ok
          19:32:58.0586 4844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
          19:32:58.0601 4844 CLFS - ok
          19:32:58.0664 4844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
          19:32:58.0679 4844 clr_optimization_v2.0.50727_32 - ok
          19:32:58.0710 4844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
          19:32:58.0726 4844 clr_optimization_v2.0.50727_64 - ok
          19:32:58.0788 4844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
          19:32:58.0804 4844 clr_optimization_v4.0.30319_32 - ok
          19:32:58.0851 4844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          19:32:58.0866 4844 clr_optimization_v4.0.30319_64 - ok
          19:32:58.0882 4844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
          19:32:58.0898 4844 CmBatt - ok
          19:32:58.0913 4844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
          19:32:58.0929 4844 cmdide - ok
          19:32:58.0960 4844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
          19:32:58.0991 4844 CNG - ok
          19:32:59.0007 4844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
          19:32:59.0022 4844 Compbatt - ok
          19:32:59.0054 4844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
          19:32:59.0069 4844 CompositeBus - ok
          19:32:59.0069 4844 COMSysApp - ok
          19:32:59.0085 4844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
          19:32:59.0085 4844 crcdisk - ok
          19:32:59.0116 4844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
          19:32:59.0132 4844 CryptSvc - ok
          19:32:59.0178 4844 [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
          19:32:59.0194 4844 ctxusbm - ok
          19:32:59.0225 4844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
          19:32:59.0272 4844 DcomLaunch - ok
          19:32:59.0288 4844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
          19:32:59.0319 4844 defragsvc - ok
          19:32:59.0350 4844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
          19:32:59.0381 4844 DfsC - ok
          19:32:59.0428 4844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
          19:32:59.0459 4844 Dhcp - ok
          19:32:59.0475 4844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
          19:32:59.0506 4844 discache - ok
          19:32:59.0522 4844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
          19:32:59.0537 4844 Disk - ok
          19:32:59.0537 4844 dlbk_device - ok
          19:32:59.0568 4844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
          19:32:59.0584 4844 Dnscache - ok
          19:32:59.0662 4844 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
          19:32:59.0662 4844 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
          19:32:59.0662 4844 DockLoginService - detected UnsignedFile.Multi.Generic (1)
          19:32:59.0678 4844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
          19:32:59.0724 4844 dot3svc - ok
          19:32:59.0740 4844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
          19:32:59.0771 4844 DPS - ok
          19:32:59.0802 4844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
          19:32:59.0818 4844 drmkaud - ok
          19:32:59.0849 4844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
          19:32:59.0880 4844 DXGKrnl - ok
          19:32:59.0896 4844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
          19:32:59.0943 4844 EapHost - ok
          19:33:00.0005 4844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
          19:33:00.0052 4844 ebdrv - ok
          19:33:00.0083 4844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
          19:33:00.0083 4844 EFS - ok
          19:33:00.0130 4844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
          19:33:00.0161 4844 ehRecvr - ok
          19:33:00.0177 4844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
          19:33:00.0192 4844 ehSched - ok
          19:33:00.0208 4844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
          19:33:00.0239 4844 elxstor - ok
          19:33:00.0255 4844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
          19:33:00.0270 4844 ErrDev - ok
          19:33:00.0302 4844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
          19:33:00.0333 4844 EventSystem - ok
          19:33:00.0364 4844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
          19:33:00.0395 4844 exfat - ok
          19:33:00.0411 4844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
          19:33:00.0442 4844 fastfat - ok
          19:33:00.0489 4844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
          19:33:00.0504 4844 Fax - ok
          19:33:00.0536 4844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
          19:33:00.0551 4844 fdc - ok
          19:33:00.0567 4844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
          19:33:00.0598 4844 fdPHost - ok
          19:33:00.0614 4844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
          19:33:00.0645 4844 FDResPub - ok
          19:33:00.0660 4844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
          19:33:00.0660 4844 FileInfo - ok
          19:33:00.0692 4844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
          19:33:00.0723 4844 Filetrace - ok
          19:33:00.0723 4844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
          19:33:00.0738 4844 flpydisk - ok
          19:33:00.0754 4844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
          19:33:00.0770 4844 FltMgr - ok
          19:33:00.0801 4844 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
          19:33:00.0848 4844 FontCache - ok
          19:33:00.0894 4844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
          19:33:00.0910 4844 FontCache3.0.0.0 - ok
          19:33:00.0926 4844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
          19:33:00.0941 4844 FsDepends - ok
          19:33:00.0957 4844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
          19:33:00.0972 4844 Fs_Rec - ok
          19:33:01.0004 4844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
          19:33:01.0019 4844 fvevol - ok
          19:33:01.0019 4844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
          19:33:01.0035 4844 gagp30kx - ok
          19:33:01.0050 4844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
          19:33:01.0097 4844 gpsvc - ok
          19:33:01.0113 4844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
          19:33:01.0128 4844 hcw85cir - ok
          19:33:01.0144 4844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
          19:33:01.0160 4844 HDAudBus - ok
          19:33:01.0175 4844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
          19:33:01.0175 4844 HidBatt - ok
          19:33:01.0191 4844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
          19:33:01.0206 4844 HidBth - ok
          19:33:01.0222 4844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
          19:33:01.0238 4844 HidIr - ok
          19:33:01.0253 4844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
          19:33:01.0300 4844 hidserv - ok
          19:33:01.0331 4844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
          19:33:01.0347 4844 HidUsb - ok
          19:33:01.0394 4844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
          19:33:01.0425 4844 hkmsvc - ok
          19:33:01.0456 4844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
          19:33:01.0472 4844 HomeGroupListener - ok
          19:33:01.0503 4844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
          19:33:01.0518 4844 HomeGroupProvider - ok
          19:33:01.0534 4844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
          19:33:01.0550 4844 HpSAMD - ok
          19:33:01.0596 4844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
          19:33:01.0628 4844 HTTP - ok
          19:33:01.0659 4844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
          19:33:01.0659 4844 hwpolicy - ok
          19:33:01.0690 4844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
          19:33:01.0706 4844 i8042prt - ok
          19:33:01.0768 4844 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
          19:33:01.0784 4844 IAANTMON - ok
          19:33:01.0815 4844 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
          19:33:01.0830 4844 iaStor - ok
          19:33:01.0846 4844 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
          19:33:01.0862 4844 iaStorV - ok
          19:33:01.0908 4844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
          19:33:01.0924 4844 idsvc - ok
          19:33:01.0955 4844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
          19:33:01.0971 4844 iirsp - ok
          19:33:01.0986 4844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
          19:33:02.0033 4844 IKEEXT - ok
          19:33:02.0096 4844 [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
          19:33:02.0127 4844 IntcAzAudAddService - ok
          19:33:02.0142 4844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
          19:33:02.0158 4844 intelide - ok
          19:33:02.0189 4844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
          19:33:02.0189 4844 intelppm - ok
          19:33:02.0220 4844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
          19:33:02.0267 4844 IPBusEnum - ok
          19:33:02.0283 4844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
          19:33:02.0314 4844 IpFilterDriver - ok
          19:33:02.0345 4844 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
          19:33:02.0392 4844 iphlpsvc - ok
          19:33:02.0423 4844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
          19:33:02.0439 4844 IPMIDRV - ok
          19:33:02.0454 4844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
          19:33:02.0486 4844 IPNAT - ok
          19:33:02.0501 4844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
          19:33:02.0517 4844 IRENUM - ok
          19:33:02.0532 4844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
          19:33:02.0548 4844 isapnp - ok
          19:33:02.0564 4844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
          19:33:02.0579 4844 iScsiPrt - ok
          19:33:02.0595 4844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
          19:33:02.0610 4844 kbdclass - ok
          19:33:02.0626 4844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
          19:33:02.0642 4844 kbdhid - ok
          19:33:02.0657 4844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
          19:33:02.0673 4844 KeyIso - ok
          19:33:02.0704 4844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
          19:33:02.0720 4844 KSecDD - ok
          19:33:02.0735 4844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
          19:33:02.0751 4844 KSecPkg - ok
          19:33:02.0766 4844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
          19:33:02.0798 4844 ksthunk - ok
          19:33:02.0813 4844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
          19:33:02.0844 4844 KtmRm - ok
          19:33:02.0876 4844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
          19:33:02.0907 4844 LanmanServer - ok
          19:33:02.0954 4844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
          19:33:02.0985 4844 LanmanWorkstation - ok
          19:33:03.0000 4844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
          19:33:03.0032 4844 lltdio - ok
          19:33:03.0047 4844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
          19:33:03.0094 4844 lltdsvc - ok
          19:33:03.0094 4844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
          19:33:03.0125 4844 lmhosts - ok
          19:33:03.0156 4844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
          19:33:03.0172 4844 LSI_FC - ok
          19:33:03.0172 4844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
          19:33:03.0188 4844 LSI_SAS - ok
          19:33:03.0188 4844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
          19:33:03.0203 4844 LSI_SAS2 - ok
          19:33:03.0203 4844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
          19:33:03.0219 4844 LSI_SCSI - ok
          19:33:03.0250 4844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
          19:33:03.0281 4844 luafv - ok
          19:33:03.0312 4844 [ 6F9B043FD18C17D7E719382608817C72 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
          19:33:03.0328 4844 LVUSBS64 - ok
          19:33:03.0375 4844 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
          19:33:03.0390 4844 MBAMProtector - ok
          19:33:03.0453 4844 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
          19:33:03.0468 4844 MBAMScheduler - ok
          19:33:03.0484 4844 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
          19:33:03.0500 4844 MBAMService - ok
          19:33:03.0531 4844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
          19:33:03.0546 4844 Mcx2Svc - ok
          19:33:03.0546 4844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
          19:33:03.0562 4844 megasas - ok
          19:33:03.0578 4844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
          19:33:03.0593 4844 MegaSR - ok
          19:33:03.0671 4844 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
          19:33:03.0687 4844 Microsoft Office Groove Audit Service - ok
          19:33:03.0718 4844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
          19:33:03.0749 4844 MMCSS - ok
          19:33:03.0749 4844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
          19:33:03.0780 4844 Modem - ok
          19:33:03.0827 4844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
          19:33:03.0827 4844 monitor - ok
          19:33:03.0858 4844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
          19:33:03.0874 4844 mouclass - ok
          19:33:03.0890 4844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
          19:33:03.0905 4844 mouhid - ok
          19:33:03.0936 4844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
          19:33:03.0952 4844 mountmgr - ok
          19:33:03.0952 4844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
          19:33:03.0968 4844 mpio - ok
          19:33:03.0983 4844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
          19:33:04.0014 4844 mpsdrv - ok
          19:33:04.0046 4844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
          19:33:04.0092 4844 MpsSvc - ok
          19:33:04.0108 4844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
          19:33:04.0124 4844 MRxDAV - ok
          19:33:04.0155 4844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
          19:33:04.0170 4844 mrxsmb - ok
          19:33:04.0202 4844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
          19:33:04.0217 4844 mrxsmb10 - ok
          19:33:04.0248 4844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
          19:33:04.0264 4844 mrxsmb20 - ok
          19:33:04.0264 4844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
          19:33:04.0280 4844 msahci - ok
          19:33:04.0311 4844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
          19:33:04.0326 4844 msdsm - ok
          19:33:04.0342 4844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
          19:33:04.0358 4844 MSDTC - ok
          19:33:04.0373 4844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
          19:33:04.0404 4844 Msfs - ok
          19:33:04.0420 4844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
          19:33:04.0451 4844 mshidkmdf - ok
          19:33:04.0467 4844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
          19:33:04.0482 4844 msisadrv - ok
          19:33:04.0498 4844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
          19:33:04.0545 4844 MSiSCSI - ok
          19:33:04.0545 4844 msiserver - ok
          19:33:04.0576 4844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
          19:33:04.0607 4844 MSKSSRV - ok
          19:33:04.0623 4844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
          19:33:04.0654 4844 MSPCLOCK - ok
          19:33:04.0654 4844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
          19:33:04.0685 4844 MSPQM - ok
          19:33:04.0716 4844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
          19:33:04.0732 4844 MsRPC - ok
          19:33:04.0748 4844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
          19:33:04.0763 4844 mssmbios - ok
          19:33:04.0779 4844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
          19:33:04.0810 4844 MSTEE - ok
          19:33:04.0826 4844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
          19:33:04.0826 4844 MTConfig - ok
          19:33:04.0857 4844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
          19:33:04.0857 4844 Mup - ok
          19:33:04.0888 4844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
          19:33:04.0935 4844 napagent - ok
          19:33:04.0950 4844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
          19:33:04.0982 4844 NativeWifiP - ok

          Comment


          • #6
            19:33:05.0013 4844 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
            19:33:05.0044 4844 NDIS - ok
            19:33:05.0060 4844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
            19:33:05.0091 4844 NdisCap - ok
            19:33:05.0106 4844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
            19:33:05.0138 4844 NdisTapi - ok
            19:33:05.0169 4844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
            19:33:05.0200 4844 Ndisuio - ok
            19:33:05.0231 4844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
            19:33:05.0262 4844 NdisWan - ok
            19:33:05.0278 4844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
            19:33:05.0309 4844 NDProxy - ok
            19:33:05.0325 4844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
            19:33:05.0372 4844 NetBIOS - ok
            19:33:05.0387 4844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
            19:33:05.0418 4844 NetBT - ok
            19:33:05.0434 4844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
            19:33:05.0450 4844 Netlogon - ok
            19:33:05.0481 4844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
            19:33:05.0512 4844 Netman - ok
            19:33:05.0528 4844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
            19:33:05.0574 4844 netprofm - ok
            19:33:05.0590 4844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
            19:33:05.0606 4844 NetTcpPortSharing - ok
            19:33:05.0606 4844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
            19:33:05.0621 4844 nfrd960 - ok
            19:33:05.0652 4844 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
            19:33:05.0699 4844 NlaSvc - ok
            19:33:05.0746 4844 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
            19:33:05.0762 4844 nmservice - ok
            19:33:05.0777 4844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
            19:33:05.0808 4844 Npfs - ok
            19:33:05.0824 4844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
            19:33:05.0855 4844 nsi - ok
            19:33:05.0871 4844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
            19:33:05.0902 4844 nsiproxy - ok
            19:33:05.0949 4844 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
            19:33:05.0996 4844 Ntfs - ok
            19:33:05.0996 4844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
            19:33:06.0027 4844 Null - ok
            19:33:06.0058 4844 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
            19:33:06.0074 4844 NVHDA - ok
            19:33:06.0261 4844 [ FE625499F48A992FCB0B676F08833FFC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
            19:33:06.0417 4844 nvlddmkm - ok
            19:33:06.0448 4844 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
            19:33:06.0464 4844 nvraid - ok
            19:33:06.0479 4844 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
            19:33:06.0495 4844 nvstor - ok
            19:33:06.0526 4844 [ D2755AFEF371FADCFC5D9B83DCD4F4D4 ] nvsvc C:\Windows\system32\nvvsvc.exe
            19:33:06.0542 4844 nvsvc - ok
            19:33:06.0542 4844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
            19:33:06.0557 4844 nv_agp - ok
            19:33:06.0620 4844 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
            19:33:06.0635 4844 odserv - ok
            19:33:06.0651 4844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
            19:33:06.0666 4844 ohci1394 - ok
            19:33:06.0729 4844 [ D6A4FC3693DE4CDAEB788FF75853124D ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
            19:33:06.0729 4844 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
            19:33:06.0729 4844 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
            19:33:06.0760 4844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
            19:33:06.0776 4844 ose - ok
            19:33:06.0807 4844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
            19:33:06.0838 4844 p2pimsvc - ok
            19:33:06.0854 4844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
            19:33:06.0869 4844 p2psvc - ok
            19:33:06.0885 4844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
            19:33:06.0900 4844 Parport - ok
            19:33:06.0932 4844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
            19:33:06.0947 4844 partmgr - ok
            19:33:06.0963 4844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
            19:33:06.0978 4844 PcaSvc - ok
            19:33:07.0010 4844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
            19:33:07.0025 4844 pci - ok
            19:33:07.0041 4844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
            19:33:07.0041 4844 pciide - ok
            19:33:07.0056 4844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
            19:33:07.0072 4844 pcmcia - ok
            19:33:07.0072 4844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
            19:33:07.0088 4844 pcw - ok
            19:33:07.0103 4844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
            19:33:07.0150 4844 PEAUTH - ok
            19:33:07.0197 4844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
            19:33:07.0212 4844 PerfHost - ok
            19:33:07.0275 4844 [ 309C5941E3FEB1EDB5ACA9CE31B70EB6 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
            19:33:07.0306 4844 PID_PEPI - ok
            19:33:07.0337 4844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
            19:33:07.0384 4844 pla - ok
            19:33:07.0431 4844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
            19:33:07.0462 4844 PlugPlay - ok
            19:33:07.0493 4844 [ FB83B6C62DFF5ABE36304351D2BED581 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys
            19:33:07.0493 4844 pnarp - ok
            19:33:07.0509 4844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
            19:33:07.0524 4844 PNRPAutoReg - ok
            19:33:07.0556 4844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
            19:33:07.0571 4844 PNRPsvc - ok
            19:33:07.0602 4844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
            19:33:07.0634 4844 PolicyAgent - ok
            19:33:07.0665 4844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
            19:33:07.0696 4844 Power - ok
            19:33:07.0727 4844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
            19:33:07.0774 4844 PptpMiniport - ok
            19:33:07.0790 4844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
            19:33:07.0790 4844 Processor - ok
            19:33:07.0805 4844 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
            19:33:07.0852 4844 ProfSvc - ok
            19:33:07.0852 4844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
            19:33:07.0868 4844 ProtectedStorage - ok
            19:33:07.0899 4844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
            19:33:07.0930 4844 Psched - ok
            19:33:07.0977 4844 [ 1B3434642CE3C26E6F24D3A76D749C2A ] purendis C:\Windows\system32\DRIVERS\purendis.sys
            19:33:07.0992 4844 purendis - ok
            19:33:08.0008 4844 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
            19:33:08.0008 4844 PxHlpa64 - ok
            19:33:08.0039 4844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
            19:33:08.0070 4844 ql2300 - ok
            19:33:08.0086 4844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
            19:33:08.0086 4844 ql40xx - ok
            19:33:08.0117 4844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
            19:33:08.0133 4844 QWAVE - ok
            19:33:08.0133 4844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
            19:33:08.0148 4844 QWAVEdrv - ok
            19:33:08.0195 4844 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
            19:33:08.0211 4844 RapiMgr - ok
            19:33:08.0226 4844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
            19:33:08.0258 4844 RasAcd - ok
            19:33:08.0273 4844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
            19:33:08.0304 4844 RasAgileVpn - ok
            19:33:08.0304 4844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
            19:33:08.0351 4844 RasAuto - ok
            19:33:08.0367 4844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
            19:33:08.0414 4844 Rasl2tp - ok
            19:33:08.0429 4844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
            19:33:08.0460 4844 RasMan - ok
            19:33:08.0476 4844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
            19:33:08.0507 4844 RasPppoe - ok
            19:33:08.0523 4844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
            19:33:08.0554 4844 RasSstp - ok
            19:33:08.0585 4844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
            19:33:08.0616 4844 rdbss - ok
            19:33:08.0616 4844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
            19:33:08.0632 4844 rdpbus - ok
            19:33:08.0648 4844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
            19:33:08.0679 4844 RDPCDD - ok
            19:33:08.0710 4844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
            19:33:08.0741 4844 RDPENCDD - ok
            19:33:08.0741 4844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
            19:33:08.0772 4844 RDPREFMP - ok
            19:33:08.0804 4844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
            19:33:08.0819 4844 RDPWD - ok
            19:33:08.0850 4844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
            19:33:08.0866 4844 rdyboost - ok
            19:33:08.0882 4844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
            19:33:08.0913 4844 RemoteAccess - ok
            19:33:08.0928 4844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
            19:33:08.0960 4844 RemoteRegistry - ok
            19:33:08.0975 4844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
            19:33:09.0006 4844 RpcEptMapper - ok
            19:33:09.0038 4844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
            19:33:09.0053 4844 RpcLocator - ok
            19:33:09.0069 4844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
            19:33:09.0116 4844 RpcSs - ok
            19:33:09.0116 4844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
            19:33:09.0162 4844 rspndr - ok
            19:33:09.0178 4844 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
            19:33:09.0194 4844 RTL8167 - ok
            19:33:09.0240 4844 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
            19:33:09.0240 4844 RtNdPt60 - ok
            19:33:09.0256 4844 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
            19:33:09.0272 4844 RTTEAMPT - ok
            19:33:09.0272 4844 [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
            19:33:09.0287 4844 RTVLANPT - ok
            19:33:09.0318 4844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
            19:33:09.0334 4844 SamSs - ok
            19:33:09.0365 4844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
            19:33:09.0381 4844 sbp2port - ok
            19:33:09.0381 4844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
            19:33:09.0412 4844 SCardSvr - ok
            19:33:09.0443 4844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
            19:33:09.0474 4844 scfilter - ok
            19:33:09.0506 4844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
            19:33:09.0537 4844 Schedule - ok
            19:33:09.0568 4844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
            19:33:09.0599 4844 SCPolicySvc - ok
            19:33:09.0630 4844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
            19:33:09.0646 4844 SDRSVC - ok
            19:33:09.0662 4844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
            19:33:09.0708 4844 secdrv - ok
            19:33:09.0724 4844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
            19:33:09.0755 4844 seclogon - ok
            19:33:09.0771 4844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
            19:33:09.0802 4844 SENS - ok
            19:33:09.0818 4844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
            19:33:09.0833 4844 SensrSvc - ok
            19:33:09.0849 4844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
            19:33:09.0864 4844 Serenum - ok
            19:33:09.0880 4844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
            19:33:09.0896 4844 Serial - ok
            19:33:09.0896 4844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
            19:33:09.0911 4844 sermouse - ok
            19:33:09.0942 4844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
            19:33:09.0974 4844 SessionEnv - ok
            19:33:09.0989 4844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
            19:33:10.0005 4844 sffdisk - ok
            19:33:10.0005 4844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
            19:33:10.0020 4844 sffp_mmc - ok
            19:33:10.0036 4844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
            19:33:10.0052 4844 sffp_sd - ok
            19:33:10.0067 4844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
            19:33:10.0067 4844 sfloppy - ok
            19:33:10.0130 4844 [ 16A5CC62F79A32A974B55110A898945C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
            19:33:10.0145 4844 SftService - ok
            19:33:10.0176 4844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
            19:33:10.0223 4844 SharedAccess - ok
            19:33:10.0254 4844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
            19:33:10.0286 4844 ShellHWDetection - ok
            19:33:10.0286 4844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
            19:33:10.0301 4844 SiSRaid2 - ok
            19:33:10.0301 4844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
            19:33:10.0317 4844 SiSRaid4 - ok
            19:33:10.0364 4844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
            19:33:10.0364 4844 SkypeUpdate - ok
            19:33:10.0379 4844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
            19:33:10.0410 4844 Smb - ok
            19:33:10.0442 4844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
            19:33:10.0457 4844 SNMPTRAP - ok
            19:33:10.0457 4844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
            19:33:10.0473 4844 spldr - ok
            19:33:10.0504 4844 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
            19:33:10.0551 4844 Spooler - ok
            19:33:10.0613 4844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
            19:33:10.0676 4844 sppsvc - ok
            19:33:10.0722 4844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
            19:33:10.0754 4844 sppuinotify - ok
            19:33:10.0785 4844 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
            19:33:10.0800 4844 sprtsvc_DellSupportCenter - ok
            19:33:10.0863 4844 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
            19:33:10.0878 4844 sptd - ok
            19:33:10.0894 4844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
            19:33:10.0910 4844 srv - ok
            19:33:10.0925 4844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
            19:33:10.0941 4844 srv2 - ok
            19:33:10.0972 4844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
            19:33:10.0972 4844 srvnet - ok
            19:33:11.0003 4844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
            19:33:11.0034 4844 SSDPSRV - ok
            19:33:11.0050 4844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
            19:33:11.0081 4844 SstpSvc - ok
            19:33:11.0097 4844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
            19:33:11.0112 4844 stexstor - ok
            19:33:11.0144 4844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
            19:33:11.0159 4844 stisvc - ok
            19:33:11.0175 4844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
            19:33:11.0206 4844 swenum - ok
            19:33:11.0237 4844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
            19:33:11.0268 4844 swprv - ok
            19:33:11.0315 4844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
            19:33:11.0362 4844 SysMain - ok
            19:33:11.0393 4844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
            19:33:11.0409 4844 TabletInputService - ok
            19:33:11.0440 4844 [ 595CB8DA5B522AD8CC28193DC21FD496 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
            19:33:11.0456 4844 tap0901 - ok
            19:33:11.0471 4844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
            19:33:11.0518 4844 TapiSrv - ok
            19:33:11.0549 4844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
            19:33:11.0580 4844 TBS - ok
            19:33:11.0643 4844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
            19:33:11.0674 4844 Tcpip - ok
            19:33:11.0736 4844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
            19:33:11.0768 4844 TCPIP6 - ok
            19:33:11.0799 4844 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
            19:33:11.0830 4844 tcpipreg - ok
            19:33:11.0846 4844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
            19:33:11.0861 4844 TDPIPE - ok
            19:33:11.0877 4844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
            19:33:11.0892 4844 TDTCP - ok
            19:33:11.0924 4844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
            19:33:11.0955 4844 tdx - ok
            19:33:11.0970 4844 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
            19:33:11.0970 4844 TEAM - ok
            19:33:11.0986 4844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
            19:33:12.0002 4844 TermDD - ok
            19:33:12.0033 4844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
            19:33:12.0080 4844 TermService - ok
            19:33:12.0095 4844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
            19:33:12.0111 4844 Themes - ok
            19:33:12.0126 4844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
            19:33:12.0158 4844 THREADORDER - ok
            19:33:12.0173 4844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
            19:33:12.0204 4844 TrkWks - ok
            19:33:12.0251 4844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
            19:33:12.0282 4844 TrustedInstaller - ok
            19:33:12.0314 4844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
            19:33:12.0345 4844 tssecsrv - ok
            19:33:12.0376 4844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
            19:33:12.0392 4844 TsUsbFlt - ok
            19:33:12.0438 4844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
            19:33:12.0470 4844 tunnel - ok
            19:33:12.0501 4844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
            19:33:12.0501 4844 uagp35 - ok
            19:33:12.0532 4844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
            19:33:12.0579 4844 udfs - ok
            19:33:12.0594 4844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
            19:33:12.0610 4844 UI0Detect - ok
            19:33:12.0626 4844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
            19:33:12.0641 4844 uliagpkx - ok
            19:33:12.0672 4844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
            19:33:12.0688 4844 umbus - ok
            19:33:12.0688 4844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
            19:33:12.0704 4844 UmPass - ok
            19:33:12.0719 4844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
            19:33:12.0766 4844 upnphost - ok
            19:33:12.0813 4844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
            19:33:12.0828 4844 usbaudio - ok
            19:33:12.0844 4844 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
            19:33:12.0844 4844 usbccgp - ok
            19:33:12.0891 4844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
            19:33:12.0906 4844 usbcir - ok
            19:33:12.0906 4844 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
            19:33:12.0922 4844 usbehci - ok
            19:33:12.0938 4844 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
            19:33:12.0953 4844 usbhub - ok
            19:33:12.0969 4844 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
            19:33:12.0984 4844 usbohci - ok
            19:33:13.0000 4844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
            19:33:13.0016 4844 usbprint - ok
            19:33:13.0047 4844 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
            19:33:13.0062 4844 usbscan - ok
            19:33:13.0078 4844 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
            19:33:13.0094 4844 USBSTOR - ok
            19:33:13.0094 4844 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
            19:33:13.0109 4844 usbuhci - ok
            19:33:13.0125 4844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
            19:33:13.0156 4844 UxSms - ok
            19:33:13.0172 4844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
            19:33:13.0187 4844 VaultSvc - ok
            19:33:13.0187 4844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
            19:33:13.0203 4844 vdrvroot - ok
            19:33:13.0234 4844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
            19:33:13.0281 4844 vds - ok
            19:33:13.0296 4844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
            19:33:13.0312 4844 vga - ok
            19:33:13.0312 4844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
            19:33:13.0343 4844 VgaSave - ok
            19:33:13.0359 4844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
            19:33:13.0359 4844 vhdmp - ok
            19:33:13.0390 4844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
            19:33:13.0406 4844 viaide - ok
            19:33:13.0406 4844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
            19:33:13.0421 4844 volmgr - ok
            19:33:13.0452 4844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
            19:33:13.0484 4844 volmgrx - ok
            19:33:13.0499 4844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
            19:33:13.0499 4844 volsnap - ok
            19:33:13.0515 4844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
            19:33:13.0530 4844 vsmraid - ok
            19:33:13.0577 4844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
            19:33:13.0624 4844 VSS - ok
            19:33:13.0640 4844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
            19:33:13.0655 4844 vwifibus - ok
            19:33:13.0671 4844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
            19:33:13.0718 4844 W32Time - ok
            19:33:13.0733 4844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
            19:33:13.0733 4844 WacomPen - ok
            19:33:13.0749 4844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
            19:33:13.0780 4844 WANARP - ok
            19:33:13.0780 4844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
            19:33:13.0811 4844 Wanarpv6 - ok
            19:33:13.0889 4844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
            19:33:13.0920 4844 WatAdminSvc - ok
            19:33:13.0952 4844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
            19:33:13.0983 4844 wbengine - ok
            19:33:13.0998 4844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
            19:33:14.0030 4844 WbioSrvc - ok
            19:33:14.0061 4844 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
            19:33:14.0076 4844 WcesComm - ok
            19:33:14.0108 4844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
            19:33:14.0123 4844 wcncsvc - ok
            19:33:14.0139 4844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
            19:33:14.0154 4844 WcsPlugInService - ok
            19:33:14.0170 4844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
            19:33:14.0186 4844 Wd - ok
            19:33:14.0201 4844 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
            19:33:14.0217 4844 Wdf01000 - ok
            19:33:14.0232 4844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
            19:33:14.0248 4844 WdiServiceHost - ok
            19:33:14.0248 4844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
            19:33:14.0264 4844 WdiSystemHost - ok
            19:33:14.0295 4844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
            19:33:14.0326 4844 WebClient - ok
            19:33:14.0342 4844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
            19:33:14.0373 4844 Wecsvc - ok
            19:33:14.0388 4844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
            19:33:14.0420 4844 wercplsupport - ok
            19:33:14.0451 4844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
            19:33:14.0482 4844 WerSvc - ok
            19:33:14.0498 4844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
            19:33:14.0529 4844 WfpLwf - ok
            19:33:14.0560 4844 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
            19:33:14.0576 4844 WimFltr - ok
            19:33:14.0591 4844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
            19:33:14.0607 4844 WIMMount - ok
            19:33:14.0607 4844 WinDefend - ok
            19:33:14.0622 4844 WinHttpAutoProxySvc - ok
            19:33:14.0669 4844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
            19:33:14.0700 4844 Winmgmt - ok
            19:33:14.0747 4844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
            19:33:14.0810 4844 WinRM - ok
            19:33:14.0856 4844 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS
            19:33:14.0872 4844 WINUSB - ok
            19:33:14.0903 4844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
            19:33:14.0934 4844 Wlansvc - ok
            19:33:14.0950 4844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
            19:33:14.0950 4844 WmiAcpi - ok
            19:33:14.0981 4844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
            19:33:14.0997 4844 wmiApSrv - ok
            19:33:14.0997 4844 WMPNetworkSvc - ok
            19:33:15.0012 4844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
            19:33:15.0028 4844 WPCSvc - ok
            19:33:15.0059 4844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
            19:33:15.0075 4844 WPDBusEnum - ok
            19:33:15.0075 4844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
            19:33:15.0106 4844 ws2ifsl - ok
            19:33:15.0122 4844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
            19:33:15.0137 4844 wscsvc - ok
            19:33:15.0137 4844 WSearch - ok
            19:33:15.0200 4844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
            19:33:15.0246 4844 wuauserv - ok
            19:33:15.0278 4844 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
            19:33:15.0309 4844 WudfPf - ok
            19:33:15.0340 4844 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
            19:33:15.0371 4844 WUDFRd - ok
            19:33:15.0387 4844 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
            19:33:15.0418 4844 wudfsvc - ok
            19:33:15.0449 4844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
            19:33:15.0465 4844 WwanSvc - ok
            19:33:15.0465 4844 ================ Scan global ===============================
            19:33:15.0480 4844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
            19:33:15.0512 4844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
            19:33:15.0527 4844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
            19:33:15.0543 4844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
            19:33:15.0574 4844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
            19:33:15.0574 4844 [Global] - ok
            19:33:15.0574 4844 ================ Scan MBR ==================================
            19:33:15.0590 4844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
            19:33:15.0777 4844 \Device\Harddisk0\DR0 - ok
            19:33:15.0777 4844 ================ Scan VBR ==================================
            19:33:15.0777 4844 [ B5202DECDA0BAA1CA3318D137EAC8374 ] \Device\Harddisk0\DR0\Partition1
            19:33:15.0777 4844 \Device\Harddisk0\DR0\Partition1 - ok
            19:33:15.0808 4844 [ 3A1FDBBD260F159862146424D211F64C ] \Device\Harddisk0\DR0\Partition2
            19:33:15.0808 4844 \Device\Harddisk0\DR0\Partition2 - ok
            19:33:15.0808 4844 ============================================================
            19:33:15.0808 4844 Scan finished
            19:33:15.0808 4844 ============================================================
            19:33:15.0808 4460 Detected object count: 3
            19:33:15.0808 4460 Actual detected object count: 3
            19:33:24.0014 4460 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
            19:33:24.0014 4460 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
            19:33:24.0014 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
            19:33:24.0014 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
            19:33:24.0014 4460 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
            19:33:24.0014 4460 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

            groet Harry

            Comment


            • #7
              Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
              ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
              Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
              Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
              Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
              Krijg je deze melding dan meld je dit.
              Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
              Post de inhoud van dit bestandje.

              Comment


              • #8
                Beste marckie, hierbij de inhoud van combofix bestand;
                ComboFix 13-06-20.01 - ter_haar 20-06-2013 16:26:37.1.4 - x64
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2807 [GMT 2:00]
                Gestart vanuit: c:\users\ter_haar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X71ILUEA\ComboFix.exe
                AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
                SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
                SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                .
                .
                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                c:\program files (x86)\Complitly
                c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
                c:\program files (x86)\Complitly\FireFoxExtension.exe
                c:\program files (x86)\Complitly\InstTracker.exe
                c:\program files (x86)\Complitly\[email protected]\chrome.manifest
                c:\program files (x86)\Complitly\[email protected]\chrome\content\appIcon.png
                c:\program files (x86)\Complitly\[email protected]\chrome\content\browserOverlay.xul
                c:\program files (x86)\Complitly\[email protected]\chrome\content\options.js
                c:\program files (x86)\Complitly\[email protected]\chrome\content\options.xul
                c:\program files (x86)\Complitly\[email protected]\chrome\content\utils.js
                c:\program files (x86)\Complitly\[email protected]\defaults\preferences\predictad.js
                c:\program files (x86)\Complitly\[email protected]\install.rdf
                c:\program files (x86)\Complitly\unins000.dat
                c:\program files (x86)\Complitly\unins000.exe
                c:\users\ter_haar\AppData\Roaming\Irak
                c:\users\ter_haar\AppData\Roaming\Irak\evar.cin
                c:\users\ter_haar\AppData\Roaming\Naosi
                c:\users\ter_haar\AppData\Roaming\Naosi\olyc.wee
                c:\windows\security\Database\tmp.edb
                .
                .
                (((((((((((((((((((( Bestanden Gemaakt van 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))
                .
                .
                2013-06-20 14:32 . 2013-06-20 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
                2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\users\ter_haar\AppData\Roaming\Malwarebytes
                2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
                2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\programdata\Malwarebytes
                2013-06-18 15:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\users\ter_haar\AppData\Local\Programs
                2013-05-22 20:16 . 2013-05-22 20:16 -------- d-----w- c:\program files\WinRAR
                .
                .
                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2013-05-13 10:45 . 2013-05-13 10:46 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
                2013-05-04 11:04 . 2011-12-10 09:24 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
                2013-03-30 15:42 . 2013-03-30 15:42 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
                2013-03-30 15:42 . 2013-03-30 15:42 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
                2013-03-30 15:42 . 2013-03-30 15:42 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
                .
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                REGEDIT4
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
                "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
                "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
                "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
                "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
                "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
                "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
                "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
                "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
                "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
                "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-12-02 165104]
                .
                c:\users\ter_haar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
                Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
                Dropbox.lnk - c:\users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
                .
                c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                "ConsentPromptBehaviorAdmin"= 5 (0x5)
                "ConsentPromptBehaviorUser"= 3 (0x3)
                "EnableUIADesktopToggle"= 0 (0x0)
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                "Userinit"="userinit.exe"
                .
                [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                @=""
                .
                R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
                R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
                R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
                R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
                S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
                S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
                S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
                S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe;c:\windows\SYSNATIVE\dlbkcoms.exe [x]
                S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
                S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
                S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
                S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
                S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
                S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
                S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                .
                .
                .
                --------- X64 Entries -----------
                .
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
                "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
                "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                "DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-11-23 18160]
                .
                ------- Bijkomende Scan -------
                .
                uLocal Page = c:\windows\system32\blank.htm
                uStart Page = hxxp://www.google.nl/
                mLocal Page = c:\windows\SysWOW64\blank.htm
                IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
                TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
                .
                - - - - ORPHANS VERWIJDERD - - - -
                .
                Toolbar-Locked - (no file)
                Toolbar-Locked - (no file)
                AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
                .
                .
                .
                --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                @Denied: (A 2) (Everyone)
                @="FlashBroker"
                "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                "Enabled"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Shockwave Flash Object"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                @="0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                @="ShockwaveFlash.ShockwaveFlash.10"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="ShockwaveFlash.ShockwaveFlash"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Macromedia Flash Factory Object"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                @="FlashFactory.FlashFactory.1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="FlashFactory.FlashFactory"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                @Denied: (A 2) (Everyone)
                @="IFlashBroker4"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                @="{00020424-0000-0000-C000-000000000046}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                "Version"="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
                "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                @Denied: (Full) (Everyone)
                .
                Voltooingstijd: 2013-06-20 16:34:18
                ComboFix-quarantined-files.txt 2013-06-20 14:34
                .
                Pre-Run: 488.777.277.440 bytes beschikbaar
                Post-Run: 488.418.578.432 bytes beschikbaar
                .
                - - End Of File - - EC9F9BA9E6D1512F92B3AD8FBEEF88AE
                A36C5E4F47E84449FF07ED3517B43A31

                Comment


                • #9
                  Hallo,

                  Je hebt de instructies niet correct uitgevoerd.
                  De bedoeling is dat je combofix start vanop je bureaublad.
                  Doe dit en post de nieuwe log.

                  Comment


                  • #10
                    ComboFix 13-06-20.01 - ter_haar 20-06-2013 17:42:32.2.4 - x64
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2723 [GMT 2:00]
                    Gestart vanuit: c:\users\ter_haar\Desktop\ComboFix.exe
                    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
                    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
                    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))
                    .
                    .
                    2013-06-20 15:49 . 2013-06-20 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
                    2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\users\ter_haar\AppData\Roaming\Malwarebytes
                    2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
                    2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\programdata\Malwarebytes
                    2013-06-18 15:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                    2013-06-18 15:26 . 2013-06-18 15:26 -------- d-----w- c:\users\ter_haar\AppData\Local\Programs
                    2013-05-22 20:16 . 2013-05-22 20:16 -------- d-----w- c:\program files\WinRAR
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2013-05-13 10:45 . 2013-05-13 10:46 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
                    2013-05-04 11:04 . 2011-12-10 09:24 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
                    2013-03-30 15:42 . 2013-03-30 15:42 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
                    2013-03-30 15:42 . 2013-03-30 15:42 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
                    2013-03-30 15:42 . 2013-03-30 15:42 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
                    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
                    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
                    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
                    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
                    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
                    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
                    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
                    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
                    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
                    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-12-02 165104]
                    .
                    c:\users\ter_haar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
                    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
                    Dropbox.lnk - c:\users\ter_haar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
                    .
                    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "ConsentPromptBehaviorAdmin"= 5 (0x5)
                    "ConsentPromptBehaviorUser"= 3 (0x3)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                    "Userinit"="userinit.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                    @=""
                    .
                    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
                    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
                    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
                    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
                    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
                    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
                    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                    S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
                    S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe;c:\windows\SYSNATIVE\dlbkcoms.exe [x]
                    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
                    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
                    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
                    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
                    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
                    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
                    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                    .
                    .
                    --- Andere Services/Drivers In Geheugen ---
                    .
                    *NewlyCreated* - WS2IFSL
                    .
                    .
                    --------- X64 Entries -----------
                    .
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
                    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
                    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                    "DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-11-23 18160]
                    .
                    ------- Bijkomende Scan -------
                    .
                    uLocal Page = c:\windows\system32\blank.htm
                    uStart Page = hxxp://www.google.nl/
                    mLocal Page = c:\windows\SysWOW64\blank.htm
                    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
                    TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
                    .
                    - - - - ORPHANS VERWIJDERD - - - -
                    .
                    Toolbar-Locked - (no file)
                    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
                    .
                    .
                    .
                    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Shockwave Flash Object"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                    @="0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="ShockwaveFlash.ShockwaveFlash.10"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="ShockwaveFlash.ShockwaveFlash"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Macromedia Flash Factory Object"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="FlashFactory.FlashFactory.1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="FlashFactory.FlashFactory"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker4"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
                    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                    @Denied: (Full) (Everyone)
                    .
                    Voltooingstijd: 2013-06-20 17:59:45
                    ComboFix-quarantined-files.txt 2013-06-20 15:59
                    ComboFix2.txt 2013-06-20 14:34
                    .
                    Pre-Run: 487.750.512.640 bytes beschikbaar
                    Post-Run: 487.680.282.624 bytes beschikbaar
                    .
                    - - End Of File - - 41C205D9426C566B3033AB3EB828C570
                    A36C5E4F47E84449FF07ED3517B43A31

                    Comment


                    • #11
                      Prima. Ondervind je nog problemen?

                      Comment


                      • #12
                        ik heb de machine tijdens dit 'onderzoek' eigenlijk niet gebruikt, wilde wachten tot eea was afgerond. Als je zegt dat de machine 'schoon' is ga ik hem gebruiken.

                        Moet ik de gebruikte programma's nog verwijderen?

                        Many thx bdw.
                        groet Harry

                        Comment


                        • #13
                          Zijn er nog andere computers die ook gebruik maken van deze internetverbinding?

                          Comment


                          • #14
                            laptop vh. werk, deze die daar 2 dagen onder 'behandeling' geweest en een black berry

                            Comment


                            • #15
                              Downloadt aswMBR.exe en plaats het op je bureaublad.
                              Dubbelklik op aswMBR.exe om het te starten.
                              Wanneer de scan klaar is klik je op de knop "Save log".
                              Sla het bestand op je bureaublad op en post de inhoud ervan.
                              (wanneer gevraagd wordt om de Avast virus definities te downloaden en te scannen met Avast, klik je op Nee!)

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X