Mededeling

**Chocky** · 05-07-13, 13:28

Defogger disable geactiveerd

Malwarebytes Antimalware

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.07.04.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ingrid :: PC_VAN_INGRID [administrator]

5-7-2013 9:05:55
mbam-log-2013-07-05 (09-05-55).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM | P2P
Uitgeschakelde scan opties:
Objecten gescand: 253297
Verstreken tijd: 12 minuut/minuten, 24 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

**Chocky** · 05-07-13, 13:30

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by Ingrid at 9:31:34 on 2013-07-05
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.894.121 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nu.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Presario&pf=desktop
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.EXE -startup
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\msascui.exe" -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\rthdvcpl.exe -s
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - <no file>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1ED079DF-F8E1-4697-9BBF-E2AA44ACA00F} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - <Clsid value has no data>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-4-2 102728]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-24 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-24 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-24 656320]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-10-7 22056]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-9-28 37352]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-17 47696]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-17 32080]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-10-7 2938408]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-10-22 574272]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-9-28 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-9-28 108088]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-9-28 84744]
R2 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2013\DfSdkS.exe [2013-4-3 406016]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2013-7-4 14376]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2013-3-4 45824]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2012-8-11 19712]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-7 21504]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-5-23 209304]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-5 40776]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2013-3-4 56960]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2012-3-18 72704]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c95be95f058815;Google Update Service (gupdate1c95be95f058815);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-10-7 54072]
S3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2013-7-3 50208]
S3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\drivers\hcdriver.sys [2012-3-23 50688]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-4-2 13464]
.
=============== Created Last 30 ================
.
2013-07-05 07:03:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-04 12:37:36 532912 ----a-w- c:\windows\system32\hmpalert.dll
2013-07-04 12:37:36 14376 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2013-07-04 12:37:36 -------- d-----w- c:\program files\HitmanPro.Alert
2013-07-02 16:10:28 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce112acd-dfec-409d-9483-59ff88b1095a}\mpengine.dll
2013-07-01 12:19:24 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-06-20 04:47:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-16 06:34:39 -------- d-----w- c:\users\ingrid\.thumbnails
2013-06-12 07:33:19 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 07:33:17 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 07:33:17 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 07:33:13 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 07:33:13 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 07:33:13 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 07:33:13 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 07:33:12 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 07:32:54 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 07:32:54 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 07:32:48 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 07:20:19 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-08 04:37:41 -------- d-----w- c:\program files\MyPC Backup
2013-06-06 03:29:06 -------- d-----w- c:\program files\KeyScrambler
.
==================== Find3M ====================
.
2013-07-01 06:31:32 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-11 22:38:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 22:38:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:33:28,29 ===============

**Chocky** · 05-07-13, 13:31

GMER

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-05 10:40:41
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000005d WDC_WD32 rev.12.0 298,09GB
Running: 940krq9u.exe; Driver: C:\Users\Ingrid\AppData\Local\Temp\agdiqkog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0x86216F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0x86217230]
SSDT 97D5EFBE ZwCreateSection
SSDT 97D5EFC8 ZwRequestWaitReplyPort
SSDT 97D5EFC3 ZwSetContextThread
SSDT 97D5EFCD ZwSetSecurityObject
SSDT 97D5EFD2 ZwSystemDebugControl
SSDT 97D5EF5F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateUserProcess [0x8621752C]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 209 856E77D4 8 Bytes [68, 6F, 21, 86, 30, 72, 21, ...]
.text ntkrnlpa.exe!KeSetEvent + 215 856E77E0 4 Bytes [BE, EF, D5, 97]
.text ntkrnlpa.exe!KeSetEvent + 539 856E7B04 4 Bytes [C8, EF, D5, 97] {ENTER 0xd5ef, 0x97}
.text ntkrnlpa.exe!KeSetEvent + 56D 856E7B38 4 Bytes [C3, EF, D5, 97] {RET ; OUT DX, EAX; AAD 0x97}
.text ntkrnlpa.exe!KeSetEvent + 5D1 856E7B9C 4 Bytes [CD, EF, D5, 97] {INT 0xef; AAD 0x97}
.text ...
? C:\Users\Ingrid\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[496] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[496] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[496] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[632] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[632] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[632] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\HitmanPro.Alert\hmpalert.exe[772] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\HitmanPro.Alert\hmpalert.exe[772] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\HitmanPro.Alert\hmpalert.exe[772] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[856] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[856] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[856] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\sdclt.exe[944] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\sdclt.exe[944] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\sdclt.exe[944] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\conime.exe[1032] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\conime.exe[1032] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\conime.exe[1032] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1040] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1040] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1040] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Dwm.exe[1196] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Dwm.exe[1196] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Dwm.exe[1196] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1440] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1440] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1440] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1552] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1552] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1552] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[1592] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[1592] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[1592] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\Explorer.EXE[1604] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\Explorer.EXE[1604] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[1884] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[1884] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[1884] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\PSIA.exe[1976] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\PSIA.exe[1976] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\PSIA.exe[1976] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2072] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2072] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2072] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\hp\support\hpsysdrv.exe[2100] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\hp\support\hpsysdrv.exe[2100] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\hp\support\hpsysdrv.exe[2100] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[2132] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[2132] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[2132] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2176] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2176] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2176] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2364] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2364] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2364] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2396] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2396] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2396] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3100] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3100] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3100] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3192] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3192] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3192] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[3300] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[3300] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[3300] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[3452] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[3452] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[3452] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe[3564] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe[3564] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe[3564] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe[3700] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe[3700] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe[3700] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3876] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3876] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3876] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[3940] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[3940] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[3940] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[4264] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[4264] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[4264] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ntdll.dll!NtMapViewOfSection 77BC4994 5 Bytes JMP 6DAB39C3 C:\Windows\AppPatch\emet.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] kernel32.dll!CreateThread 767FCB0E 5 Bytes JMP 6F0F75E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogParamW 779B72A2 5 Bytes JMP 6F289520 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!GetAsyncKeyState 779B863C 5 Bytes JMP 6F0DDECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 6F1325B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CallNextHookEx 779B8E3B 5 Bytes JMP 6F157FF1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 6F17ED14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!EnableWindow 779BCD8B 5 Bytes JMP 6F139EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DefWindowProcA 779BDB88 7 Bytes JMP 6F0F980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateWindowExA 779BDC2A 5 Bytes JMP 6F103643 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateWindowExW 779C1305 5 Bytes JMP 6F1603DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!GetKeyState 779C8CB1 5 Bytes JMP 6F0DDDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DefWindowProcW 779D03B4 7 Bytes JMP 6F158054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!IsDialogMessageW 779D0745 3 Bytes JMP 6F289C7A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!IsDialogMessageW + 4 779D0749 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogParamA 779D17AA 3 Bytes JMP 6F2894E8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogParamA + 4 779D17AE 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!IsDialogMessage 779D1847 3 Bytes JMP 6F289C52 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!IsDialogMessage + 4 779D184B 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogIndirectParamA 779D26F1 3 Bytes JMP 6F289558 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogIndirectParamA + 4 779D26F5 1 Byte [F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!CreateDialogIndirectParamW 779D9A62 5 Bytes JMP 6F289590 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!SetKeyboardState 779E0987 5 Bytes JMP 6F28A571 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxParamW 779E10B0 5 Bytes JMP 6F09189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxIndirectParamW 779E2EF5 5 Bytes JMP 6F2891B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!SendInput 779E2F75 5 Bytes JMP 6F28A519 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!EndDialog 779E326E 5 Bytes JMP 6F289F26 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!SetCursorPos 779F6FB2 5 Bytes JMP 6F28A5F2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxParamA 779F8152 5 Bytes JMP 6F289151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!DialogBoxIndirectParamA 779F847D 5 Bytes JMP 6F28921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxIndirectA 77A0D4D9 5 Bytes JMP 6F2890D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxIndirectW 77A0D5D3 5 Bytes JMP 6F28905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxExA 77A0D639 5 Bytes JMP 6F288FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!MessageBoxExW 77A0D65D 5 Bytes JMP 6F288F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] USER32.dll!keybd_event 77A0D972 5 Bytes JMP 6F28A4D6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] SHELL32.dll!SHRestricted + D95 76A889A8 4 Bytes [CF, 01, 29, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] SHELL32.dll!SHRestricted + D9D 76A889B0 8 Bytes [E0, 61, 28, 6B, 79, F7, 28, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ole32.dll!OleLoadFromStream 77881E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4372] ole32.dll!OleLoadFromStream 77881E80 5 Bytes JMP 6F289984 C:\Windows\system32\IEFRAME.dll
.text C:\Windows\system32\svchost.exe[4456] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[4456] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[4456] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4544] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4544] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4544] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\sua.exe[4652] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\sua.exe[4652] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Secunia\PSI\sua.exe[4652] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6BWO80L\940krq9u.exe[4724] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6BWO80L\940krq9u.exe[4724] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6BWO80L\940krq9u.exe[4724] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4736] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4736] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4736] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\SearchIndexer.exe[5324] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\SearchIndexer.exe[5324] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\SearchIndexer.exe[5324] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] ntdll.dll!NtMapViewOfSection 77BC4994 5 Bytes JMP 6DAB39C3 C:\Windows\AppPatch\emet.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!EnableWindow 779BCD8B 5 Bytes JMP 6F139EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!DialogBoxParamW 779E10B0 5 Bytes JMP 6F09189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!DialogBoxIndirectParamW 779E2EF5 5 Bytes JMP 6F2891B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!DialogBoxParamA 779F8152 5 Bytes JMP 6F289151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!DialogBoxIndirectParamA 779F847D 5 Bytes JMP 6F28921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!MessageBoxIndirectA 77A0D4D9 5 Bytes JMP 6F2890D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!MessageBoxIndirectW 77A0D5D3 5 Bytes JMP 6F28905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!MessageBoxExA 77A0D639 5 Bytes JMP 6F288FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5512] USER32.dll!MessageBoxExW 77A0D65D 5 Bytes JMP 6F288F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[5676] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[5676] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[5676] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[6320] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[6320] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[6320] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[6800] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[6800] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\taskeng.exe[6800] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[6868] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[6868] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Windows\system32\svchost.exe[6868] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Skype\Phone\Skype.exe[7620] ntdll.dll!NtAllocateVirtualMemory 77BC3FA4 5 Bytes JMP 72E9F270 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Skype\Phone\Skype.exe[7620] ntdll.dll!NtFreeVirtualMemory 77BC47B4 5 Bytes JMP 72E9F3A0 C:\WINDOWS\system32\hmpalert.dll
.text C:\Program Files\Skype\Phone\Skype.exe[7620] ntdll.dll!NtProtectVirtualMemory 77BC4BA4 5 Bytes JMP 72E9F2D0 C:\WINDOWS\system32\hmpalert.dll

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

**Marckie** · 06-07-13, 13:50

Downloadt TDSSKiller en plaats het op je bureaublad.
Dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op "Change parameters" en vink aan:
- Services and drivers
- Boot sectors
- Verify drivers digital signatures
Klik op "OK"
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
De unsigned files skip je.
Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
Post dat logje.

**Chocky** · 06-07-13, 15:42

Hoi Marckie,
Hier dan de log (in delen want het bevat teveel tekens)

16:04:17.0892 2360 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:04:19.0654 2360 ============================================================
16:04:19.0654 2360 Current date / time: 2013/07/06 16:04:19.0654
16:04:19.0654 2360 SystemInfo:
16:04:19.0654 2360
16:04:19.0654 2360 OS Version: 6.0.6002 ServicePack: 2.0
16:04:19.0654 2360 Product type: Workstation
16:04:19.0670 2360 ComputerName: PC_VAN_INGRID
16:04:19.0670 2360 UserName: Ingrid
16:04:19.0670 2360 Windows directory: C:\Windows
16:04:19.0670 2360 System windows directory: C:\Windows
16:04:19.0670 2360 Processor architecture: Intel x86
16:04:19.0670 2360 Number of processors: 2
16:04:19.0670 2360 Page size: 0x1000
16:04:19.0670 2360 Boot type: Normal boot
16:04:19.0670 2360 ============================================================
16:04:23.0648 2360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:04:23.0695 2360 ============================================================
16:04:23.0695 2360 \Device\Harddisk0\DR0:
16:04:23.0710 2360 MBR partitions:
16:04:23.0710 2360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x248F66A6
16:04:23.0710 2360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x248F66E5, BlocksNum 0xB36FDC
16:04:23.0710 2360 ============================================================
16:04:23.0882 2360 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:24.0054 2360 D: <-> \Device\Harddisk0\DR0\Partition2
16:04:24.0054 2360 ============================================================
16:04:24.0054 2360 Initialize success
16:04:24.0054 2360 ============================================================
16:05:04.0052 5980 ============================================================
16:05:04.0052 5980 Scan started
16:05:04.0052 5980 Mode: Manual; SigCheck;
16:05:04.0052 5980 ============================================================
16:05:07.0110 5980 ================ Scan services =============================
16:05:07.0390 5980 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:05:08.0404 5980 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0404 5980 !SASCORE - detected UnsignedFile.Multi.Generic (1)
16:05:08.0514 5980 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:05:08.0638 5980 a2acc - ok
16:05:09.0621 5980 [ 4B9C5EEBEE862574CF794582104F0C91 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
16:05:10.0058 5980 a2AntiMalware - ok
16:05:10.0120 5980 [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
16:05:13.0287 5980 A2DDA - ok
16:05:13.0974 5980 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:05:14.0067 5980 ACPI - ok
16:05:14.0223 5980 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:05:14.0286 5980 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
16:05:14.0286 5980 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
16:05:14.0379 5980 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:14.0566 5980 AdobeFlashPlayerUpdateSvc - ok
16:05:14.0676 5980 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:05:14.0785 5980 adp94xx - ok
16:05:14.0894 5980 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:05:14.0956 5980 adpahci - ok
16:05:14.0972 5980 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:05:15.0034 5980 adpu160m - ok
16:05:15.0097 5980 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:05:15.0144 5980 adpu320 - ok
16:05:15.0362 5980 [ 9243229DFCCC99B5441750EBA49F1B14 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
16:05:15.0534 5980 AdvancedSystemCareService6 - ok
16:05:15.0612 5980 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:05:16.0080 5980 AeLookupSvc - ok
16:05:16.0173 5980 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
16:05:16.0236 5980 Afc - ok
16:05:16.0360 5980 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:05:16.0532 5980 AFD - ok
16:05:16.0563 5980 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:05:16.0610 5980 agp440 - ok
16:05:16.0672 5980 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:05:16.0719 5980 aic78xx - ok
16:05:16.0735 5980 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:05:17.0640 5980 ALG - ok
16:05:17.0780 5980 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:05:17.0858 5980 aliide - ok
16:05:17.0905 5980 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:05:17.0952 5980 amdagp - ok
16:05:18.0014 5980 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:05:18.0061 5980 amdide - ok
16:05:18.0092 5980 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:05:18.0685 5980 AmdK7 - ok
16:05:18.0747 5980 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:05:18.0825 5980 AmdK8 - ok
16:05:18.0997 5980 [ 2E2B1A491CB78C7D8C8A265C004B1F79 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:05:19.0028 5980 AntiVirSchedulerService - ok
16:05:19.0059 5980 [ AAE3238C2A0B2CF17851B3D06C8EA8C0 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:05:19.0137 5980 AntiVirService - ok
16:05:19.0246 5980 [ 3ADDE2DE22D3C3F6D7FBDB450C6287D2 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:05:19.0387 5980 ApfiltrService - ok
16:05:19.0434 5980 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:05:19.0543 5980 Appinfo - ok
16:05:19.0621 5980 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:05:19.0668 5980 arc - ok
16:05:19.0699 5980 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:05:19.0761 5980 arcsas - ok
16:05:19.0855 5980 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:19.0995 5980 AsyncMac - ok
16:05:20.0120 5980 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:05:20.0167 5980 atapi - ok
16:05:20.0354 5980 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:20.0510 5980 AudioEndpointBuilder - ok
16:05:20.0526 5980 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:05:20.0588 5980 Audiosrv - ok
16:05:20.0682 5980 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:05:20.0760 5980 avgntflt - ok
16:05:20.0806 5980 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:05:20.0900 5980 avipbb - ok
16:05:21.0025 5980 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:05:21.0118 5980 avkmgr - ok
16:05:21.0212 5980 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:05:21.0337 5980 Beep - ok
16:05:21.0555 5980 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

**Chocky** · 06-07-13, 15:43

6:05:21.0696 5980 BFE - ok
16:05:22.0070 5980 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:05:22.0335 5980 BITS - ok
16:05:22.0335 5980 blbdrive - ok
16:05:22.0429 5980 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:05:22.0569 5980 bowser - ok
16:05:22.0585 5980 bqirik - ok
16:05:22.0663 5980 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:05:22.0756 5980 BrFiltLo - ok
16:05:22.0788 5980 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:05:22.0897 5980 BrFiltUp - ok
16:05:22.0975 5980 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:05:23.0131 5980 Browser - ok
16:05:23.0209 5980 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:05:23.0396 5980 Brserid - ok
16:05:23.0443 5980 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:05:23.0552 5980 BrSerWdm - ok
16:05:23.0599 5980 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:05:23.0724 5980 BrUsbMdm - ok
16:05:23.0770 5980 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:05:23.0895 5980 BrUsbSer - ok
16:05:23.0942 5980 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:05:24.0067 5980 BTHMODEM - ok
16:05:24.0160 5980 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:05:24.0301 5980 cdfs - ok
16:05:24.0363 5980 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:05:24.0488 5980 cdrom - ok
16:05:24.0582 5980 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:05:24.0722 5980 CertPropSvc - ok
16:05:24.0816 5980 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:05:24.0956 5980 circlass - ok
16:05:25.0424 5980 [ 614B1AAB543E06CEF3D39B8495B81EDC ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
16:05:25.0486 5980 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
16:05:25.0486 5980 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
16:05:25.0689 5980 [ 333A88E0227007E2E0677A92057A6D90 ] cleanhlp C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys
16:05:25.0783 5980 cleanhlp - ok
16:05:25.0939 5980 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:05:26.0017 5980 CLFS - ok
16:05:26.0329 5980 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:26.0516 5980 clr_optimization_v2.0.50727_32 - ok
16:05:26.0828 5980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:27.0280 5980 clr_optimization_v4.0.30319_32 - ok
16:05:27.0374 5980 [ D15A4E6E1F67950A2DAC7148FCE8FFF9 ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
16:05:27.0436 5980 CLSched ( UnsignedFile.Multi.Generic ) - warning
16:05:27.0436 5980 CLSched - detected UnsignedFile.Multi.Generic (1)
16:05:27.0530 5980 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:05:27.0624 5980 cmdide - ok
16:05:27.0670 5980 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:05:27.0764 5980 Compbatt - ok
16:05:27.0780 5980 COMSysApp - ok
16:05:27.0826 5980 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:05:27.0889 5980 crcdisk - ok
16:05:27.0920 5980 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:05:28.0029 5980 Crusoe - ok
16:05:28.0154 5980 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:05:28.0294 5980 CryptSvc - ok
16:05:28.0840 5980 [ 18AA92BA15EBB0C61C72308C6F20DD0E ] CyberLink Media Library Service C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
16:05:29.0246 5980 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
16:05:29.0246 5980 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
16:05:29.0464 5980 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:05:29.0698 5980 DcomLaunch - ok
16:05:29.0823 5980 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:05:29.0979 5980 DfsC - ok
16:05:30.0541 5980 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe
16:05:31.0336 5980 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
16:05:31.0336 5980 DfSdkS - detected UnsignedFile.Multi.Generic (1)
16:05:32.0241 5980 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:05:34.0222 5980 DFSR - ok
16:05:34.0456 5980 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:05:34.0706 5980 Dhcp - ok
16:05:34.0846 5980 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:05:34.0924 5980 disk - ok
16:05:35.0034 5980 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:05:35.0221 5980 Dnscache - ok
16:05:35.0408 5980 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:05:35.0548 5980 dot3svc - ok
16:05:35.0767 5980 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:05:35.0860 5980 DPS - ok
16:05:35.0970 5980 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:05:36.0141 5980 drmkaud - ok
16:05:36.0516 5980 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:05:37.0155 5980 DXGKrnl - ok
16:05:37.0327 5980 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:05:37.0467 5980 E1G60 - ok
16:05:37.0701 5980 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:05:37.0904 5980 EapHost - ok
16:05:38.0107 5980 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:05:38.0169 5980 Ecache - ok
16:05:38.0434 5980 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:05:38.0622 5980 elxstor - ok
16:05:38.0871 5980 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:05:39.0152 5980 EMDMgmt - ok
16:05:39.0308 5980 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:05:39.0417 5980 EventSystem - ok
16:05:39.0542 5980 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:05:39.0714 5980 exfat - ok
16:05:39.0807 5980 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:05:39.0901 5980 fastfat - ok
16:05:39.0994 5980 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:05:40.0166 5980 fdc - ok
16:05:40.0260 5980 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

**Chocky** · 06-07-13, 15:47

16:05:40.0353 5980 fdPHost - ok
16:05:40.0462 5980 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:05:40.0618 5980 FDResPub - ok
16:05:40.0650 5980 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:05:40.0712 5980 FileInfo - ok
16:05:40.0852 5980 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:05:41.0024 5980 Filetrace - ok
16:05:41.0118 5980 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:05:41.0242 5980 flpydisk - ok
16:05:41.0289 5980 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:05:41.0445 5980 FltMgr - ok
16:05:41.0601 5980 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:05:42.0007 5980 FontCache - ok
16:05:42.0178 5980 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:42.0319 5980 FontCache3.0.0.0 - ok
16:05:42.0522 5980 [ C96C52D0D80666AF585516FFA97B7C00 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
16:05:42.0615 5980 ForceWare Intelligent Application Manager (IAM) - ok
16:05:42.0662 5980 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:05:42.0802 5980 Fs_Rec - ok
16:05:42.0880 5980 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:05:42.0958 5980 gagp30kx - ok
16:05:43.0036 5980 [ B56EB0A2210980E76390BD670BCB618B ] gmer C:\Windows\system32\DRIVERS\gmer.sys
16:05:43.0083 5980 gmer ( UnsignedFile.Multi.Generic ) - warning
16:05:43.0083 5980 gmer - detected UnsignedFile.Multi.Generic (1)
16:05:43.0395 5980 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:05:43.0879 5980 gpsvc - ok
16:05:44.0284 5980 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c95be95f058815 C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:44.0378 5980 gupdate1c95be95f058815 - ok
16:05:44.0550 5980 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:44.0596 5980 gupdatem - ok
16:05:44.0862 5980 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:45.0142 5980 gusvc - ok
16:05:45.0298 5980 [ 6858AC07F86AAAB72DDB559F21176707 ] hcdriver C:\Windows\system32\DRIVERS\hcdriver.sys
16:05:45.0454 5980 hcdriver - ok
16:05:45.0673 5980 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:46.0281 5980 HdAudAddService - ok
16:05:46.0593 5980 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:05:47.0077 5980 HDAudBus - ok
16:05:47.0202 5980 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:05:47.0358 5980 HidBth - ok
16:05:47.0467 5980 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:05:47.0810 5980 HidIr - ok
16:05:47.0935 5980 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:05:48.0028 5980 hidserv - ok
16:05:48.0138 5980 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:05:48.0325 5980 HidUsb - ok
16:05:48.0559 5980 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:05:48.0652 5980 hkmsvc - ok
16:05:48.0918 5980 [ 3B51EE8B969D21006A0EED5A2A96BAFB ] hmpalert C:\Windows\system32\drivers\hmpalert.sys
16:05:48.0980 5980 hmpalert - ok
16:05:49.0588 5980 [ EB7DD53BA02501C7748FAD99A0CF7E57 ] hmpalertsvc C:\Program Files\HitmanPro.Alert\hmpalert.exe
16:05:50.0665 5980 hmpalertsvc - ok
16:05:50.0821 5980 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:05:50.0914 5980 HpCISSs - ok
16:05:50.0930 5980 hqmpym - ok
16:05:51.0289 5980 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:05:51.0882 5980 HTTP - ok
16:05:51.0913 5980 hzgqpf - ok
16:05:52.0038 5980 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:05:52.0116 5980 i2omp - ok
16:05:52.0225 5980 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:05:52.0443 5980 i8042prt - ok
16:05:52.0630 5980 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:05:52.0989 5980 iaStorV - ok
16:05:53.0332 5980 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:05:53.0644 5980 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:05:53.0644 5980 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:05:54.0331 5980 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:55.0329 5980 idsvc - ok
16:05:55.0532 5980 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:05:55.0626 5980 iirsp - ok
16:05:55.0844 5980 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:05:55.0953 5980 IKEEXT - ok
16:05:56.0094 5980 [ A2CD11137AF87848CDEA37A6C5A6BAEE ] ImmunetProtectDriver C:\Windows\system32\DRIVERS\ImmunetProtect.sys
16:05:56.0218 5980 ImmunetProtectDriver - ok
16:05:56.0359 5980 [ 6161D8F598E983A311A49FDEC4406B18 ] ImmunetSelfProtectDriver C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
16:05:56.0499 5980 ImmunetSelfProtectDriver - ok
16:05:58.0059 5980 [ 8A78932EC5784319A26177254F0FEEFE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:06:02.0630 5980 IntcAzAudAddService - ok
16:06:02.0833 5980 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
16:06:02.0895 5980 intelide - ok
16:06:02.0942 5980 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:06:03.0176 5980 intelppm - ok
16:06:03.0207 5980 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:06:03.0348 5980 IPBusEnum - ok
16:06:03.0472 5980 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:03.0613 5980 IpFilterDriver - ok
16:06:03.0691 5980 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:06:03.0816 5980 iphlpsvc - ok
16:06:03.0831 5980 IpInIp - ok
16:06:03.0925 5980 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:06:04.0081 5980 IPMIDRV - ok
16:06:04.0190 5980 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:06:04.0299 5980 IPNAT - ok
16:06:04.0377 5980 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:06:04.0486 5980 IRENUM - ok
16:06:04.0549 5980 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:06:04.0611 5980 isapnp - ok
16:06:04.0689 5980 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:04.0736 5980 iScsiPrt - ok
16:06:04.0783 5980 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:06:04.0861 5980 iteatapi - ok
16:06:05.0017 5980 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:06:05.0110 5980 iteraid - ok
16:06:05.0282 5980 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:05.0376 5980 kbdclass - ok
16:06:05.0547 5980 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:06:05.0672 5980 kbdhid - ok
16:06:05.0781 5980 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:06:05.0906 5980 KeyIso - ok
16:06:06.0218 5980 [ D56C01321117CE8E073DE21C6365971E ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
16:06:06.0312 5980 KeyScrambler - ok
16:06:06.0390 5980 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:06:06.0468 5980 KSecDD - ok
16:06:06.0624 5980 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:06:06.0873 5980 KtmRm - ok
16:06:07.0014 5980 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:06:07.0232 5980 LanmanServer - ok
16:06:07.0497 5980 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:06:08.0620 5980 LanmanWorkstation - ok
16:06:08.0636 5980 Lavasoft Kernexplorer - ok
16:06:09.0120 5980 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:06:09.0260 5980 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:06:09.0260 5980 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:06:09.0463 5980 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:06:09.0681 5980 lltdio - ok
16:06:09.0978 5980 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:06:10.0399 5980 lltdsvc - ok
16:06:10.0570 5980 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:06:10.0804 5980 lmhosts - ok
16:06:10.0976 5980 [ A71AD0EB2FDC1710E465E13B8C2C39C9 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
16:06:11.0070 5980 LPCFilter - ok
16:06:11.0506 5980 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:06:11.0834 5980 LSI_FC - ok
16:06:11.0943 5980 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:06:12.0068 5980 LSI_SAS - ok
16:06:12.0146 5980 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:06:12.0224 5980 LSI_SCSI - ok
16:06:12.0333 5980 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:06:12.0474 5980 luafv - ok
16:06:12.0520 5980 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:06:12.0583 5980 megasas - ok
16:06:12.0645 5980 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:06:12.0786 5980 MMCSS - ok
16:06:12.0864 5980 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:06:12.0957 5980 Modem - ok
16:06:13.0051 5980 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:06:13.0144 5980 monitor - ok
16:06:13.0176 5980 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:06:13.0222 5980 mouclass - ok
16:06:13.0254 5980 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
16:06:13.0410 5980 mouhid - ok
16:06:13.0503 5980 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:06:13.0597 5980 MountMgr - ok
16:06:13.0706 5980 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:06:13.0768 5980 mpio - ok
16:06:13.0800 5980 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:06:13.0909 5980 mpsdrv - ok
16:06:14.0112 5980 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:06:14.0299 5980 MpsSvc - ok
16:06:14.0439 5980 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:06:14.0486 5980 Mraid35x - ok
16:06:14.0533 5980 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:06:14.0595 5980 MRxDAV - ok
16:06:14.0658 5980 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:14.0767 5980 mrxsmb - ok
16:06:14.0814 5980 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:14.0860 5980 mrxsmb10 - ok
16:06:14.0907 5980 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:15.0032 5980 mrxsmb20 - ok
16:06:15.0063 5980 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
16:06:15.0110 5980 msahci - ok
16:06:15.0157 5980 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:06:15.0219 5980 msdsm - ok
16:06:15.0344 5980 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:06:15.0500 5980 MSDTC - ok
16:06:15.0625 5980 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:06:15.0750 5980 Msfs - ok
16:06:15.0796 5980 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:06:15.0859 5980 msisadrv - ok
16:06:15.0906 5980 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:06:15.0999 5980 MSiSCSI - ok
16:06:16.0015 5980 msiserver - ok
16:06:16.0155 5980 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:06:16.0249 5980 MSKSSRV - ok
16:06:16.0358 5980 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:16.0530 5980 MSPCLOCK - ok
16:06:16.0623 5980 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:06:16.0717 5980 MSPQM - ok
16:06:16.0857 5980 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:06:16.0904 5980 MsRPC - ok
16:06:17.0013 5980 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:17.0076 5980 mssmbios - ok
16:06:17.0169 5980 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:06:17.0263 5980 MSTEE - ok
16:06:17.0325 5980 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:06:17.0372 5980 Mup - ok
16:06:17.0419 5980 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF32.sys
16:06:17.0481 5980 MxEFUF - ok
16:06:17.0668 5980 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:06:17.0840 5980 napagent - ok
16:06:17.0965 5980 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:06:18.0058 5980 NativeWifiP - ok
16:06:18.0277 5980 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:06:18.0370 5980 NDIS - ok
16:06:18.0433 5980 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:18.0526 5980 NdisTapi - ok
16:06:18.0573 5980 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:18.0698 5980 Ndisuio - ok
16:06:18.0745 5980 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:18.0838 5980 NdisWan - ok
16:06:18.0932 5980 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:06:19.0026 5980 NDProxy - ok
16:06:19.0072 5980 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:06:19.0213 5980 NetBIOS - ok
16:06:19.0322 5980 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:06:19.0462 5980 netbt - ok
16:06:19.0525 5980 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:06:19.0603 5980 Netlogon - ok
16:06:19.0759 5980 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:06:19.0899 5980 Netman - ok
16:06:20.0040 5980 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:06:20.0196 5980 netprofm - ok
16:06:20.0274 5980 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:20.0305 5980 NetTcpPortSharing - ok
16:06:20.0445 5980 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:06:20.0539 5980 nfrd960 - ok
16:06:20.0710 5980 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:06:20.0882 5980 NlaSvc - ok
16:06:21.0007 5980 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:06:21.0194 5980 Npfs - ok
16:06:21.0303 5980 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:06:21.0381 5980 nsi - ok
16:06:21.0444 5980 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:06:21.0537 5980 nsiproxy - ok
16:06:21.0865 5980 [ B6C48D01147EC020DE7F1856734127F8 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
16:06:21.0974 5980 nSvcIp - ok
16:06:22.0286 5980 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:06:22.0411 5980 Ntfs - ok
16:06:22.0442 5980 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:06:22.0567 5980 ntrigdigi - ok
16:06:22.0614 5980 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:06:22.0832 5980 Null - ok
16:06:23.0004 5980 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
16:06:23.0160 5980 NVENETFD - ok
16:06:25.0999 5980 [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:06:36.0934 5980 nvlddmkm - ok
16:06:37.0075 5980 [ 925881CAAC3F68CCB906EF078FBCD838 ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:06:37.0309 5980 NVNET - ok
16:06:37.0434 5980 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:06:37.0512 5980 nvraid - ok
16:06:37.0574 5980 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:06:37.0636 5980 nvstor - ok
16:06:37.0777 5980 [ 97778C3CB3AF6B2243648D0DCD4D8916 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
16:06:37.0855 5980 nvstor32 - ok
16:06:38.0120 5980 [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:06:38.0307 5980 nvsvc - ok
16:06:38.0682 5980 [ F935E817409F78FA50C5921DB39124B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:06:39.0087 5980 nvUpdatusService - ok
16:06:39.0134 5980 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:06:39.0181 5980 nv_agp - ok
16:06:39.0196 5980 NwlnkFlt - ok
16:06:39.0228 5980 NwlnkFwd - ok
16:06:39.0352 5980 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:06:39.0462 5980 ohci1394 - ok
16:06:39.0555 5980 [ 2FADD6E3AEAFF1A6B84B8D304C395BD5 ] ousb2hub C:\Windows\system32\DRIVERS\ousb2hub.sys
16:06:39.0618 5980 ousb2hub ( UnsignedFile.Multi.Generic ) - warning
16:06:39.0618 5980 ousb2hub - detected UnsignedFile.Multi.Generic (1)
16:06:39.0727 5980 [ 961414DACB73858B0A2E9075AB2D1EA8 ] ousbehci C:\Windows\system32\Drivers\ousbehci.sys
16:06:39.0789 5980 ousbehci ( UnsignedFile.Multi.Generic ) - warning
16:06:39.0789 5980 ousbehci - detected UnsignedFile.Multi.Generic (1)
16:06:40.0117 5980 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:06:40.0351 5980 p2pimsvc - ok
16:06:40.0429 5980 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:06:40.0538 5980 p2psvc - ok
16:06:40.0600 5980 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:06:40.0756 5980 Parport - ok
16:06:40.0819 5980 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:06:40.0881 5980 partmgr - ok
16:06:40.0912 5980 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:06:41.0037 5980 Parvdm - ok
16:06:41.0131 5980 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:06:41.0458 5980 PcaSvc - ok
16:06:41.0490 5980 PcdrNdisuio - ok
16:06:41.0630 5980 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:06:41.0677 5980 pci - ok
16:06:41.0724 5980 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:06:41.0786 5980 pciide - ok
16:06:41.0926 5980 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:06:42.0004 5980 pcmcia - ok
16:06:42.0176 5980 [ 6EF125721A9F1F7DBF3229786F7DECD0 ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
16:06:42.0285 5980 PCTCore - ok
16:06:42.0348 5980 [ F820B4C61D1E591325B679D479D4EEA4 ] pctDS C:\Windows\system32\drivers\pctDS.sys
16:06:42.0441 5980 pctDS - ok
16:06:42.0675 5980 [ ACC8C15F3D59F17C5D903FF1DE3B43D3 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
16:06:42.0862 5980 pctEFA - ok
16:06:43.0143 5980 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:06:43.0408 5980 PEAUTH - ok
16:06:43.0564 5980 [ 6FC9CDA0B608DFDA41E42D2E9C7D7874 ] PGR1394b C:\Windows\system32\DRIVERS\HS3dSensor1394.sys
16:06:43.0752 5980 PGR1394b - ok
16:06:44.0438 5980 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:06:45.0249 5980 pla - ok
16:06:45.0405 5980 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:06:45.0577 5980 PlugPlay - ok
16:06:45.0920 5980 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:06:46.0029 5980 PNRPAutoReg - ok
16:06:46.0388 5980 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:06:46.0450 5980 PNRPsvc - ok
16:06:46.0638 5980 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:06:46.0747 5980 PolicyAgent - ok
16:06:46.0856 5980 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:06:46.0996 5980 PptpMiniport - ok
16:06:47.0043 5980 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:06:47.0168 5980 Processor - ok
16:06:47.0293 5980 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:06:47.0433 5980 ProfSvc - ok
16:06:47.0511 5980 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:06:47.0558 5980 ProtectedStorage - ok
16:06:47.0683 5980 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:06:47.0932 5980 PSched - ok
16:06:48.0042 5980 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
16:06:48.0104 5980 PSI - ok
16:06:48.0229 5980 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:06:48.0260 5980 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:06:48.0260 5980 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:06:48.0697 5980 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:06:49.0461 5980 ql2300 - ok
16:06:49.0555 5980 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:06:49.0617 5980 ql40xx - ok
16:06:49.0742 5980 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:06:49.0867 5980 QWAVE - ok
16:06:49.0992 5980 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:06:50.0038 5980 QWAVEdrv - ok
16:06:50.0163 5980 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:06:50.0257 5980 RasAcd - ok
16:06:50.0366 5980 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:06:50.0475 5980 RasAuto - ok
16:06:50.0538 5980 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:50.0647 5980 Rasl2tp - ok
16:06:50.0834 5980 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:06:50.0974 5980 RasMan - ok
16:06:51.0068 5980 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:51.0162 5980 RasPppoe - ok
16:06:51.0224 5980 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:06:51.0364 5980 RasSstp - ok
16:06:51.0505 5980 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:06:51.0614 5980 rdbss - ok
16:06:51.0676 5980 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:51.0786 5980 RDPCDD - ok
16:06:51.0942 5980 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:06:52.0160 5980 rdpdr - ok
16:06:52.0207 5980 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:06:52.0363 5980 RDPENCDD - ok
16:06:52.0519 5980 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:06:52.0690 5980 RDPWD - ok
16:06:52.0971 5980 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
16:06:53.0034 5980 RealNetworks Downloader Resolver Service - ok
16:06:53.0158 5980 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:06:53.0330 5980 RemoteAccess - ok
16:06:53.0392 5980 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:06:53.0502 5980 RemoteRegistry - ok
16:06:53.0860 5980 [ 00F3E30D63078FC4B543C32FD7337A7B ] RoxMediaDB9 c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:06:54.0126 5980 RoxMediaDB9 - ok
16:06:54.0235 5980 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:06:54.0453 5980 RpcLocator - ok
16:06:54.0687 5980 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:06:54.0812 5980 RpcSs - ok
16:06:54.0921 5980 [ F0B146A3FABFA9C6BAD4BF32F1DB7C29 ] rsdsys C:\Windows\system32\drivers\protreg.sys
16:06:54.0984 5980 rsdsys - ok
16:06:55.0093 5980 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:06:55.0186 5980 rspndr - ok
16:06:55.0233 5980 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:06:55.0280 5980 SamSs - ok
16:06:55.0452 5980 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:06:55.0514 5980 SASDIFSV - ok
16:06:55.0608 5980 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:06:55.0654 5980 SASENUM - ok
16:06:55.0748 5980 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:06:55.0826 5980 SASKUTIL - ok
16:06:55.0920 5980 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:06:56.0013 5980 sbp2port - ok
16:06:56.0247 5980 [ 9797749EB2287F92A4B13DF7766EAF18 ] scan C:\Program Files\Immunet\tetra\scan.dll
16:06:56.0325 5980 scan ( UnsignedFile.Multi.Generic ) - warning
16:06:56.0325 5980 scan - detected UnsignedFile.Multi.Generic (1)
16:06:56.0434 5980 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:06:56.0606 5980 SCardSvr - ok
16:06:56.0762 5980 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:06:56.0934 5980 Schedule - ok
16:06:57.0012 5980 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:06:57.0090 5980 SCPolicySvc - ok
16:06:57.0214 5980 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:06:57.0339 5980 SDRSVC - ok
16:06:57.0402 5980 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:06:57.0511 5980 secdrv - ok
16:06:57.0636 5980 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:06:57.0776 5980 seclogon - ok
16:06:58.0291 5980 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
16:06:58.0821 5980 Secunia PSI Agent - ok
16:06:59.0024 5980 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
16:06:59.0102 5980 Secunia Update Agent - ok
16:06:59.0196 5980 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:06:59.0274 5980 SENS - ok
16:06:59.0352 5980 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:06:59.0523 5980 Serenum - ok
16:06:59.0554 5980 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:06:59.0679 5980 Serial - ok
16:06:59.0726 5980 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:06:59.0804 5980 sermouse - ok
16:06:59.0929 5980 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:07:00.0038 5980 SessionEnv - ok
16:07:00.0100 5980 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:07:00.0288 5980 sffdisk - ok
16:07:00.0334 5980 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:07:00.0444 5980 sffp_mmc - ok
16:07:00.0490 5980 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:07:00.0615 5980 sffp_sd - ok
16:07:00.0646 5980 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:07:00.0787 5980 sfloppy - ok
16:07:01.0005 5980 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:07:01.0192 5980 SharedAccess - ok
16:07:01.0348 5980 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:07:01.0536 5980 ShellHWDetection - ok
16:07:01.0645 5980 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:07:01.0707 5980 sisagp - ok
16:07:01.0754 5980 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:07:01.0832 5980 SiSRaid2 - ok
16:07:01.0879 5980 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:07:01.0988 5980 SiSRaid4 - ok
16:07:02.0035 5980 sjzgxw - ok
16:07:02.0238 5980 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:07:02.0799 5980 SkypeUpdate - ok
16:07:03.0408 5980 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:07:03.0922 5980 slsvc - ok
16:07:04.0016 5980 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:07:04.0188 5980 SLUINotify - ok
16:07:04.0281 5980 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:07:04.0453 5980 Smb - ok
16:07:04.0546 5980 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:07:04.0640 5980 SNMPTRAP - ok
16:07:04.0749 5980 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:07:04.0858 5980 spldr - ok
16:07:04.0936 5980 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:07:05.0046 5980 Spooler - ok
16:07:05.0170 5980 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:07:05.0342 5980 srv - ok
16:07:05.0467 5980 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:07:05.0623 5980 srv2 - ok
16:07:05.0670 5980 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:07:05.0748 5980 srvnet - ok
16:07:05.0872 5980 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:07:06.0044 5980 SSDPSRV - ok
16:07:06.0169 5980 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:07:06.0216 5980 ssmdrv - ok
16:07:06.0340 5980 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:07:06.0434 5980 SstpSvc - ok
16:07:06.0574 5980 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:07:06.0730 5980 stisvc - ok
16:07:06.0871 5980 [ D4CE4D370A26AE1BF41BE9F69D24D049 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:07:06.0949 5980 stllssvr - ok
16:07:06.0980 5980 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:07:07.0042 5980 swenum - ok
16:07:07.0214 5980 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:07:07.0386 5980 swprv - ok
16:07:07.0432 5980 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:07:07.0479 5980 Symc8xx - ok
16:07:07.0557 5980 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:07:07.0635 5980 Sym_hi - ok
16:07:07.0760 5980 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:07:07.0807 5980 Sym_u3 - ok
16:07:07.0978 5980 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:07:08.0134 5980 SysMain - ok
16:07:08.0181 5980 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:07:08.0322 5980 TabletInputService - ok
16:07:08.0446 5980 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:07:08.0587 5980 TapiSrv - ok
16:07:08.0649 5980 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:07:08.0758 5980 TBS - ok
16:07:08.0961 5980 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:07:09.0055 5980 Tcpip - ok
16:07:09.0086 5980 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:07:09.0164 5980 Tcpip6 - ok
16:07:09.0258 5980 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:07:09.0570 5980 tcpipreg - ok
16:07:09.0632 5980 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:07:09.0710 5980 TDPIPE - ok
16:07:09.0819 5980 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:07:09.0928 5980 TDTCP - ok
16:07:10.0022 5980 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:07:10.0162 5980 tdx - ok
16:07:10.0225 5980 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:07:10.0256 5980 TermDD - ok
16:07:10.0443 5980 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:07:10.0552 5980 TermService - ok
16:07:10.0630 5980 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:07:10.0708 5980 Themes - ok
16:07:10.0740 5980 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:07:10.0802 5980 THREADORDER - ok
16:07:10.0911 5980 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:07:10.0989 5980 TrkWks - ok
16:07:11.0114 5980 [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
16:07:11.0239 5980 Trufos - ok
16:07:11.0317 5980 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:07:11.0395 5980 TrustedInstaller - ok
16:07:11.0504 5980 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:07:11.0582 5980 tssecsrv - ok
16:07:11.0660 5980 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:07:11.0754 5980 tunmp - ok
16:07:11.0832 5980 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:07:11.0910 5980 tunnel - ok
16:07:11.0972 5980 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:07:12.0034 5980 uagp35 - ok
16:07:12.0144 5980 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:07:12.0206 5980 udfs - ok
16:07:12.0362 5980 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:07:12.0518 5980 UI0Detect - ok
16:07:12.0565 5980 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:07:12.0612 5980 uliagpkx - ok
16:07:12.0705 5980 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:07:12.0783 5980 uliahci - ok
16:07:12.0846 5980 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:07:12.0892 5980 UlSata - ok
16:07:12.0955 5980 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:07:13.0002 5980 ulsata2 - ok
16:07:13.0048 5980 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:07:13.0142 5980 umbus - ok
16:07:13.0314 5980 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:07:13.0407 5980 upnphost - ok
16:07:13.0548 5980 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:07:13.0657 5980 usbccgp - ok
16:07:13.0704 5980 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:07:13.0844 5980 usbcir - ok
16:07:13.0906 5980 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:07:13.0969 5980 usbehci - ok
16:07:14.0078 5980 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:07:14.0172 5980 usbhub - ok
16:07:14.0296 5980 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:07:14.0374 5980 usbohci - ok
16:07:14.0562 5980 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:07:14.0733 5980 usbprint - ok
16:07:14.0827 5980 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:07:14.0889 5980 USBSTOR - ok
16:07:14.0936 5980 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:07:15.0045 5980 usbuhci - ok
16:07:15.0108 5980 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:07:15.0186 5980 UxSms - ok
16:07:15.0248 5980 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:07:15.0451 5980 vds - ok
16:07:15.0513 5980 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:07:15.0654 5980 vga - ok
16:07:15.0747 5980 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:07:15.0856 5980 VgaSave - ok
16:07:15.0903 5980 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:07:15.0981 5980 viaagp - ok
16:07:16.0044 5980 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:07:16.0122 5980 ViaC7 - ok
16:07:16.0168 5980 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:07:16.0231 5980 viaide - ok
16:07:16.0293 5980 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:07:16.0356 5980 volmgr - ok
16:07:16.0480 5980 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:07:16.0558 5980 volmgrx - ok

**Chocky** · 06-07-13, 15:48

6:07:16.0699 5980 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:07:16.0792 5980 volsnap - ok
16:07:16.0886 5980 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:07:16.0980 5980 vsmraid - ok
16:07:17.0136 5980 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:07:17.0260 5980 VSS - ok
16:07:17.0401 5980 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:07:17.0510 5980 W32Time - ok
16:07:17.0635 5980 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:07:17.0760 5980 WacomPen - ok
16:07:17.0806 5980 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:07:17.0884 5980 Wanarp - ok
16:07:17.0916 5980 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:07:17.0962 5980 Wanarpv6 - ok
16:07:18.0056 5980 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:07:18.0181 5980 wcncsvc - ok
16:07:18.0243 5980 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:07:18.0337 5980 WcsPlugInService - ok
16:07:18.0430 5980 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:07:18.0462 5980 Wd - ok
16:07:18.0540 5980 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:07:18.0633 5980 Wdf01000 - ok
16:07:18.0727 5980 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:07:18.0867 5980 WdiServiceHost - ok
16:07:18.0945 5980 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:07:19.0008 5980 WdiSystemHost - ok
16:07:19.0101 5980 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:07:19.0164 5980 WebClient - ok
16:07:19.0257 5980 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:07:19.0444 5980 Wecsvc - ok
16:07:19.0507 5980 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:07:19.0569 5980 wercplsupport - ok
16:07:19.0616 5980 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:07:19.0772 5980 WerSvc - ok
16:07:19.0866 5980 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:07:19.0912 5980 WinDefend - ok
16:07:19.0959 5980 WinHttpAutoProxySvc - ok
16:07:20.0022 5980 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:07:20.0131 5980 Winmgmt - ok
16:07:20.0256 5980 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:07:20.0568 5980 WinRM - ok
16:07:20.0802 5980 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:07:20.0926 5980 Wlansvc - ok
16:07:21.0207 5980 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:07:21.0878 5980 wlidsvc - ok
16:07:21.0956 5980 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:07:22.0081 5980 WmiAcpi - ok
16:07:22.0190 5980 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:07:22.0284 5980 wmiApSrv - ok
16:07:22.0455 5980 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:07:22.0658 5980 WMPNetworkSvc - ok
16:07:22.0736 5980 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:07:22.0892 5980 WPCSvc - ok
16:07:22.0939 5980 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:07:23.0064 5980 WPDBusEnum - ok
16:07:23.0329 5980 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:07:23.0438 5980 WPFFontCache_v0400 - ok
16:07:23.0500 5980 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:07:23.0594 5980 ws2ifsl - ok
16:07:23.0672 5980 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:07:23.0734 5980 wscsvc - ok
16:07:23.0766 5980 WSearch - ok
16:07:23.0984 5980 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:07:24.0483 5980 wuauserv - ok
16:07:24.0608 5980 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:07:24.0748 5980 WudfPf - ok
16:07:24.0889 5980 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:07:24.0982 5980 WUDFRd - ok
16:07:25.0045 5980 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:07:25.0138 5980 wudfsvc - ok
16:07:25.0216 5980 ================ Scan global ===============================
16:07:25.0294 5980 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:07:25.0404 5980 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:07:25.0450 5980 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:07:25.0638 5980 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:07:25.0669 5980 [Global] - ok
16:07:25.0669 5980 ================ Scan MBR ==================================
16:07:25.0716 5980 [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
16:07:26.0776 5980 \Device\Harddisk0\DR0 - ok
16:07:26.0776 5980 ================ Scan VBR ==================================
16:07:26.0823 5980 [ 21E69BA7C5D2CB626A9A0D7AFD5E1ED1 ] \Device\Harddisk0\DR0\Partition1
16:07:26.0823 5980 \Device\Harddisk0\DR0\Partition1 - ok
16:07:26.0870 5980 [ FB475C0D5017E0972763078F3300FBD6 ] \Device\Harddisk0\DR0\Partition2
16:07:26.0886 5980 \Device\Harddisk0\DR0\Partition2 - ok
16:07:26.0886 5980 ============================================================
16:07:26.0886 5980 Scan finished
16:07:26.0886 5980 ============================================================
16:07:26.0917 4836 Detected object count: 13
16:07:26.0917 4836 Actual detected object count: 13
16:07:59.0911 4836 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0911 4836 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0911 4836 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0911 4836 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0926 4836 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0926 4836 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0926 4836 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0926 4836 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0942 4836 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0942 4836 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0942 4836 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0942 4836 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0958 4836 gmer ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0958 4836 gmer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0958 4836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0958 4836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0973 4836 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0973 4836 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0973 4836 ousb2hub ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0973 4836 ousb2hub ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:59.0989 4836 ousbehci ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:59.0989 4836 ousbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:00.0004 4836 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:00.0004 4836 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:00.0004 4836 scan ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:00.0004 4836 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip

**Marckie** · 06-07-13, 19:16

Ik zie geen rare dingen in de log.
Ondervind je problemen?

**Chocky** · 07-07-13, 04:32

Misschien een gekke reactie, maar ik vind het eigenlijk wel jammer dat je niks hebt gevonden....

De pc is nu supertraag en het opstarten is een moeizaam proces. Gisteren lukte het niet: er verscheen eerst een blauw scherm en toen werd Startup Repair ingeschakeld. Dat heeft kennelijk een en ander gefixt en ook systeemherstel gedaan.
Vanochtend duurde het opstarten zeker een kwartier waarbij eerst de mededeling verscheen dat 'persoonlijke instellingen' niet geladen kon worden.
En weer verloopt alles heel traag...

Heb je misschien nog een tip voor mij?

**Chocky** · 07-07-13, 05:06

Misschien van belang:
Vooraf aan de link die de crash veroorzaakte kreeg ik het advies om een scan te doen met 'Remove Policies Set By Infections' en 'Repair Internet Explorer' van tweaking.com. Dit heb ik allebei gedaan, maar leverde niet het gewenste resultaat.

Nu zie ik in het topic 'moet rkill gebruiken om programma's uit te voeren' van Dorado dat Emphyrio zegt dat zijn pc zwaar is getweaked en dat dit rommel is.
Zou dit ook misschien nog kunnen meespelen bij mijn problemen hier?

**Marckie** · 07-07-13, 08:51

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

**Chocky** · 07-07-13, 10:53

Hier dan de log van ComboFix:

ComboFix 13-07-07.01 - Ingrid 07-07-2013 10:47:52.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.894.297 [GMT 2:00]
Gestart vanuit: c:\users\Ingrid\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ingrid\Documents\6_PDF_~1.PDF
c:\users\Ingrid\Documents\Good Bad Ingrid.pdf
c:\users\Ingrid\Documents\helerwordenboekje.pdf
c:\users\Ingrid\Documents\VP3.pdf
c:\users\Ingrid\Documents\Zoektocht-naar-gezondheid.pdf
c:\users\Ingrid\g2mdlhlpx.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-07 to 2013-07-07 ))))))))))))))))))))))))))))))
.
.
2013-07-07 09:06 . 2013-07-07 09:16 -------- d-----w- c:\users\Ingrid\AppData\Local\temp
2013-07-07 09:06 . 2013-07-07 09:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-06 16:00 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4B19DFC-0B88-4AA8-A861-F266869E77C0}\mpengine.dll
2013-07-06 05:03 . 2013-07-06 05:03 532912 ----a-w- c:\windows\system32\hmpalert.dll
2013-07-06 05:03 . 2013-07-06 05:03 14376 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2013-07-06 05:03 . 2013-07-06 05:03 -------- d-----w- c:\program files\HitmanPro.Alert
2013-07-01 12:19 . 2013-07-03 03:50 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-01 12:19 . 2013-07-01 12:19 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-06-20 04:47 . 2013-06-12 19:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-16 06:34 . 2013-06-16 06:34 -------- d-----w- c:\users\Ingrid\.thumbnails
2013-06-12 07:33 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 07:33 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 07:33 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 07:33 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 07:33 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 07:33 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 07:33 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 07:33 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 07:32 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 07:32 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 07:32 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 07:20 . 2013-06-11 07:39 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-08 04:37 . 2013-06-08 04:58 -------- d-----w- c:\program files\MyPC Backup
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:48 . 2012-05-05 09:15 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-12 19:48 . 2010-04-15 17:07 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-11 22:38 . 2012-03-28 15:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:38 . 2011-05-14 07:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 12:34 . 2011-07-29 07:22 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-10-01 14:59 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 10:15 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 10:15 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 10:15 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"RTHDVCPL"="c:\program files\realtek\audio\hda\rthdvcpl.exe" [2012-09-28 11672208]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ingrid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ingrid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2013-07-03 04:00 2928040 ----a-w- c:\program files\Emsisoft Anti-Malware\a2guard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-04-18 18:38 491840 ----a-w- c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-09-08 19:30 472432 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
2012-08-03 12:29 3400600 ----a-w- c:\program files\Ashampoo\Ashampoo Snap 5\ashsnap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Doctor]
2012-01-02 16:13 80016 ----a-w- c:\program files\Device Doctor\DDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMET Notifier]
2012-05-09 12:25 152152 ----a-w- c:\program files\EMET\EMET_notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-05-16 09:52 4760816 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-21 13:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"DPService"="c:\program files\HP\DVDPlay\DPService.exe"
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-06-19 54072]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013-07-03 2938408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 07:08]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 02:08]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 02:08]
.
2013-07-06 c:\windows\Tasks\ReclaimerUpdateXML_Ingrid.job
- c:\users\Ingrid\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 08:01]
.
2013-07-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Ingrid.job
- c:\users\Ingrid\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 08:01]
.
2013-07-07 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-04-24 12:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Presario&pf=desktop
IE: Google Sidewiki...
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{70F241F6-52AB-4D45-993E-C1C09920095B} - (no file)
WebBrowser-{70F241F6-52AB-4D45-993E-C1C09920095B} - (no file)
WebBrowser-{D2AB2732-A124-4FB2-8DA5-4A6A9E379331} - (no file)
ShellIconOverlayIdentifiers-{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-WRConsumerService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-07 11:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,c4,c3,cd,70,f8,e3,4a,99,69,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,c4,c3,cd,70,f8,e3,4a,99,69,ec,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\HitmanPro.Alert\hmpalert.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\conime.exe
c:\windows\system32\sdclt.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Voltooingstijd: 2013-07-07 11:32:12 - machine werd herstart
ComboFix-quarantined-files.txt 2013-07-07 09:31
.
Pre-Run: 213.817.192.448 bytes beschikbaar
Post-Run: 213.958.586.368 bytes beschikbaar
.
- - End Of File - - D16FF1EEF244589A2B9D619C8F3FB5B8
8913823FF508CCF109DB74B636C301DA

**Marckie** · 07-07-13, 11:04

Hoe draait de computer nu?

Mededeling

Corrupte file gedownload

Corrupte file gedownload

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment