vermoeden Malware virus of rootkit!

[boterblommeken]

Hallo iedereen,

Wil iemand dit even nakijken aub.
1) Ik heb een laptop (vista) die slecht opstart.
2) Hij loopt regelmatig vast.
3) bij het openen van IE wil hij steeds iets instaleren. (er verschijnt steeds een schermje "windows installer" dit is maar een seconde of zo, dan is het al weg)
Sorry dat ik het topic hier opgestart heb, maar om één of andere reden krijg ik de melding dat ik een ongeldig forum opgeef als ik de vraag stel in het topic "hulp bij virus" of "vermoeden van spyware"

hier volgen een paar logjes:

# AdwCleaner v3.016 - Report created 28/12/2013 at 20:48:23
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Benny - PC_VAN_BENNY
# Running from : C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ANFA5LM\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Allin1Convert_8h
Folder Deleted : C:\Program Files\Allin1Convert_8hEI
Folder Deleted : C:\Users\Benny\AppData\LocalLow\Allin1Convert_8h
File Deleted : C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\Applications\lollipop.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zh6l4mbi.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [12734 octets] - [23/12/2013 13:23:12]
AdwCleaner[R1].txt - [1422 octets] - [23/12/2013 20:05:54]
AdwCleaner[R2].txt - [2456 octets] - [28/12/2013 20:46:57]
AdwCleaner[S0].txt - [13037 octets] - [23/12/2013 13:25:16]
AdwCleaner[S1].txt - [1454 octets] - [23/12/2013 20:06:52]
AdwCleaner[S2].txt - [2380 octets] - [28/12/2013 20:48:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2440 octets] ##########

Namen zoals "Mobogenie" en "Ask" maken me ongerust
Mijn systeemherstelpunten zijn ook verdwenen vanaf het moment dat de problemen begonnen, nu worden wel weer regelmatig herstelpunten aangemaakt maar ik kan niet verder terug dan 23-12-2013
Ik heb ook gescand met Malwarebytes Anti malware, maar deze vind niets.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:16:06, on 28/12/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
CHROME: 31.0.1650.63
FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Benny\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Oefensite-HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9083 bytes

Alvast bedankt op voorhand voor elke hulp.

 

[Qtex]

in het ontleden van zulke logs ben ik niet bekwaam genoeg dit is meer voor onze medewerker Anthony Kumpen .
toen jij de malwarebijtes heb gestart heb je eerst deze ook geupdate ?
of kon deze de update niet doen !!!
in dat geval dien je de Chameleon functie van malwarebijtes op te starten ...Download hier de Chameleon optie
ook heeft malewarebijtes nu een extra optie om apart te gebruiken namelijk een Rootkit scanner ... Download hier de Rootkit scanner

 

[Zer0Day]

Hey Boterblommeken,

Kan je met deze tool eens een log plaatsen:

Download

RSIT van de onderstaande locaties en sla deze op het bureablad op.
Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
• RSIT 64 bit (RSITx64.exe)

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
• Plaats de inhoud hiervan in het volgende bericht.

 

[boterblommeken]

Dag Anthony,

Ik kon nog kiezen tussen een scan over 1 maand of over 3 maanden.
Ik heb dan maar de 3 maanden aangeduid.
Hier volgt het logje (zeg maar gerust log)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Benny at 2013-12-28 23:29:03
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (41%) free of 212 GB
Total RAM: 3062 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:29:15, on 28/12/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Benny\Downloads\RSIT.exe
C:\Program Files\trend micro\Benny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Oefensite-HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8974 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000UA.job
C:\Windows\tasks\Norton Security Scan for Benny.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0, firefox@bandoo.com:5.0, {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0, {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0, avg@toolbar:9.0.0.18.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class

C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\
71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com
8hffxtbr@Allin1Convert_8h.com
ffxtlbr@babylon(69).com

C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\searchplugins\
Toggle.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-01 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-01 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{eec0f710-38b5-4aba-99bf-ec87564a4e13}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2013-11-07 4956176]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-01 6025216]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
C:\Program Files\Belgium Identity Card\beid35gui.exe [2009-02-02 2035712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
C:\Program Files\FileHippo.com\UpdateChecker.exe [2012-11-23 307712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2012-05-25 6595928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
C:\Program Files\MyTomTom 3\MyTomTomSA.exe [2013-05-23 455608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
C:\Users\Benny\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-29 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2009-07-31 2680160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"=mpegacm.acm
"msacm.ulmp3acm"=ulmp3acm.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2013-12-28 23:29:03 ----D---- C:\rsit
2013-12-28 23:29:03 ----D---- C:\Program Files\trend micro
2013-12-28 20:10:46 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 20:10:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2013-12-28 19:14:41 ----D---- C:\Users\Benny\AppData\Roaming\Yahoo!
2013-12-28 17:07:24 ----D---- C:\Windows\temp
2013-12-28 17:07:23 ----A---- C:\ComboFix.txt
2013-12-28 17:06:40 ----SHD---- C:\$RECYCLE.BIN
2013-12-28 16:48:00 ----D---- C:\ComboFix
2013-12-27 21:27:47 ----D---- C:\found.010
2013-12-27 19:32:52 ----D---- C:\Program Files\Common Files\Protexis
2013-12-27 19:31:13 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-12-27 19:14:27 ----D---- C:\Windows\en
2013-12-27 19:13:40 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2013-12-27 19:12:27 ----D---- C:\Windows\nl
2013-12-27 19:08:51 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-12-27 19:08:51 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-12-27 19:08:51 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-12-27 18:50:30 ----D---- C:\Program Files\MarketResearchHelper
2013-12-27 18:25:02 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-12-27 18:24:50 ----D---- C:\Program Files\DAEMON Tools Lite
2013-12-27 17:35:39 ----D---- C:\Program Files\Smart File Advisor
2013-12-27 17:23:52 ----D---- C:\Users\Benny\AppData\Roaming\newnext.me
2013-12-27 17:10:56 ----D---- C:\Program Files\FileHippo.com
2013-12-24 14:38:56 ----A---- C:\Windows\system32\wininet.dll
2013-12-24 14:38:56 ----A---- C:\Windows\system32\msls31.dll
2013-12-24 14:38:56 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-24 14:38:55 ----A---- C:\Windows\system32\urlmon.dll
2013-12-24 14:38:55 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-12-24 14:38:55 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-24 14:38:55 ----A---- C:\Windows\system32\msrating.dll
2013-12-24 14:38:55 ----A---- C:\Windows\system32\iertutil.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\mshtmler.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\ieui.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\iesysprep.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\ieframe.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\dxtrans.dll
2013-12-24 14:38:54 ----A---- C:\Windows\system32\dxtmsft.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\webcheck.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\url.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\mshtmled.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\licmgr10.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\inseng.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\iesetup.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\iernonce.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\iedkcs32.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-24 14:38:53 ----A---- C:\Windows\system32\ieapfltr.dat
2013-12-24 14:38:53 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-24 14:38:53 ----A---- C:\Windows\system32\icardie.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\wextract.exe
2013-12-24 14:38:52 ----A---- C:\Windows\system32\vbscript.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\pngfilt.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\occache.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\mshtml.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\mshta.exe
2013-12-24 14:38:52 ----A---- C:\Windows\system32\msfeeds.dll
2013-12-24 14:38:52 ----A---- C:\Windows\system32\iexpress.exe
2013-12-24 14:38:52 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-24 14:38:51 ----A---- C:\Windows\system32\msfeedssync.exe
2013-12-24 14:38:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\jscript9.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\jscript.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\imgutil.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\iepeers.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\ieakui.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\ieaksie.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\ieakeng.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\advpack.dll
2013-12-24 14:38:51 ----A---- C:\Windows\system32\admparse.dll
2013-12-23 18:03:43 ----D---- C:\Windows\Migration
2013-12-23 16:46:09 ----D---- C:\found.009
2013-12-23 13:23:05 ----D---- C:\AdwCleaner
2013-12-23 11:57:43 ----D---- C:\68b700753a2b87d59f
2013-12-18 14:55:06 ----D---- C:\found.008
2013-12-11 16:14:02 ----A---- C:\Windows\system32\win32k.sys
2013-12-11 16:14:00 ----A---- C:\Windows\system32\SysFxUI.dll
2013-12-11 16:14:00 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-11 16:14:00 ----A---- C:\Windows\system32\drivers\drmk.sys
2013-12-11 16:13:57 ----A---- C:\Windows\system32\wshcon.dll
2013-12-11 16:13:57 ----A---- C:\Windows\system32\wscript.exe
2013-12-11 16:13:57 ----A---- C:\Windows\system32\scrrun.dll
2013-12-11 16:13:57 ----A---- C:\Windows\system32\cscript.exe
2013-12-11 16:13:56 ----A---- C:\Windows\system32\imagehlp.dll
2013-11-21 15:44:33 ----D---- C:\Windows\system32\drivers\NSS
2013-11-13 15:01:20 ----A---- C:\Windows\system32\gdi32.dll
2013-11-13 15:01:15 ----A---- C:\Windows\system32\crypt32.dll
2013-11-13 15:01:11 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-13 15:01:11 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-07 18:42:09 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-05 21:50:48 ----A---- C:\Windows\system32\drivers\avgdiskx.sys
2013-11-04 21:57:30 ----A---- C:\Windows\system32\drivers\avgidsdriverx.sys
2013-11-01 22:37:23 ----D---- C:\Windows\Sun
2013-11-01 22:37:04 ----D---- C:\ProgramData\Oracle
2013-11-01 22:36:40 ----D---- C:\Program Files\Common Files\Java
2013-11-01 22:36:12 ----A---- C:\Windows\system32\javaws.exe
2013-11-01 22:35:50 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-11-01 22:35:50 ----A---- C:\Windows\system32\javaw.exe
2013-11-01 22:35:50 ----A---- C:\Windows\system32\java.exe
2013-10-31 23:00:28 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2013-10-31 22:30:08 ----A---- C:\Windows\system32\drivers\avglogx.sys
2013-10-31 09:21:07 ----D---- C:\found.007
2013-10-24 22:28:32 ----A---- C:\Windows\system32\drivers\avgidshx.sys
2013-10-09 14:10:32 ----A---- C:\Windows\system32\FntCache.dll
2013-10-09 14:10:32 ----A---- C:\Windows\system32\DWrite.dll
2013-10-09 14:10:31 ----A---- C:\Windows\system32\d3d10warp.dll
2013-10-09 14:10:31 ----A---- C:\Windows\system32\d3d10level9.dll
2013-10-09 14:10:31 ----A---- C:\Windows\system32\d2d1.dll
2013-10-09 14:10:30 ----A---- C:\Windows\system32\d3d10core.dll
2013-10-09 14:10:30 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-10-09 14:10:30 ----A---- C:\Windows\system32\d3d10_1.dll
2013-10-09 14:10:30 ----A---- C:\Windows\system32\d3d10.dll
2013-10-09 14:10:27 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-09 14:10:27 ----A---- C:\Windows\system32\cdd.dll
2013-10-09 14:10:26 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-10-09 14:10:17 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-10-09 14:10:15 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2013-10-09 14:10:15 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-09 14:10:14 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-09 14:10:13 ----A---- C:\Windows\system32\atmlib.dll
2013-10-09 14:10:13 ----A---- C:\Windows\system32\atmfd.dll
2013-10-09 14:10:12 ----A---- C:\Windows\system32\comctl32.dll
2013-10-09 14:10:11 ----A---- C:\Windows\system32\drivers\usbscan.sys
2013-10-09 14:10:11 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-01 00:49:38 ----A---- C:\Windows\system32\drivers\avgmfx86.sys

======List of files/folders modified in the last 3 months======

2013-12-28 23:29:03 ----RD---- C:\Program Files
2013-12-28 23:11:22 ----D---- C:\Windows\System32
2013-12-28 21:37:18 ----D---- C:\Windows\system32\drivers
2013-12-28 20:20:02 ----D---- C:\Program Files\Sophos
2013-12-28 20:19:49 ----D---- C:\Users\Benny\AppData\Roaming\WinRAR
2013-12-28 20:10:46 ----D---- C:\ProgramData
2013-12-28 19:50:58 ----D---- C:\Windows
2013-12-28 19:21:13 ----D---- C:\Windows\pss
2013-12-28 19:18:19 ----D---- C:\Windows\system32\drivers\etc
2013-12-28 19:15:18 ----D---- C:\Users\Benny\AppData\Roaming\Skype
2013-12-28 18:53:43 ----D---- C:\Windows\SoftwareDistribution
2013-12-28 17:15:24 ----SHD---- C:\Windows\Installer
2013-12-28 17:14:24 ----SHD---- C:\System Volume Information
2013-12-28 17:07:26 ----D---- C:\Qoobox
2013-12-28 17:05:08 ----A---- C:\Windows\system.ini
2013-12-28 16:58:44 ----D---- C:\Windows\AppPatch
2013-12-28 16:58:42 ----D---- C:\Program Files\Common Files
2013-12-28 16:17:13 ----D---- C:\ProgramData\MFAData
2013-12-28 12:28:55 ----D---- C:\Windows\Microsoft.NET
2013-12-28 12:28:53 ----RSD---- C:\Windows\assembly
2013-12-28 11:37:02 ----D---- C:\Windows\Prefetch
2013-12-27 21:04:19 ----D---- C:\Windows\system32\wbem
2013-12-27 20:58:08 ----D---- C:\Windows\system32\config
2013-12-27 20:57:55 ----D---- C:\Windows\Tasks
2013-12-27 20:57:55 ----D---- C:\Windows\system32\Tasks
2013-12-27 20:57:55 ----D---- C:\Windows\system32\spool
2013-12-27 20:57:55 ----D---- C:\Windows\system32\catroot2
2013-12-27 20:57:55 ----D---- C:\Windows\inf
2013-12-27 20:57:54 ----D---- C:\Program Files\Canon
2013-12-27 20:57:53 ----D---- C:\Windows\registration
2013-12-27 19:39:31 ----D---- C:\Windows\Logs
2013-12-27 19:34:54 ----D---- C:\Program Files\WinRAR
2013-12-27 19:33:24 ----D---- C:\ProgramData\Corel
2013-12-27 19:31:38 ----D---- C:\Program Files\Corel
2013-12-27 19:30:57 ----D---- C:\Windows\winsxs
2013-12-27 19:26:07 ----SD---- C:\ProgramData\Microsoft
2013-12-27 19:26:06 ----D---- C:\Program Files\Microsoft
2013-12-27 19:13:41 ----DC---- C:\Windows\system32\DRVSTORE
2013-12-27 19:09:43 ----D---- C:\Program Files\Windows Live
2013-12-27 19:09:34 ----D---- C:\Program Files\Common Files\microsoft shared
2013-12-27 19:03:28 ----D---- C:\ProgramData\Skype
2013-12-27 19:03:20 ----RD---- C:\Program Files\Skype
2013-12-27 19:00:03 ----D---- C:\ProgramData\Nero
2013-12-27 19:00:02 ----D---- C:\Program Files\Nero
2013-12-27 18:59:21 ----D---- C:\Program Files\Common Files\Nero
2013-12-27 18:50:59 ----D---- C:\ProgramData\AVG2014
2013-12-27 18:28:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-27 18:27:25 ----D---- C:\Users\Benny\AppData\Roaming\DAEMON Tools Lite
2013-12-27 18:25:35 ----D---- C:\Windows\system32\catroot
2013-12-27 18:01:04 ----D---- C:\Program Files\CCleaner
2013-12-27 17:26:44 ----AD---- C:\ProgramData\TEMP
2013-12-27 17:20:12 ----D---- C:\ProgramData\Adobe
2013-12-27 17:20:11 ----D---- C:\Program Files\Common Files\Adobe
2013-12-27 17:20:09 ----D---- C:\Program Files\Adobe
2013-12-27 16:01:46 ----D---- C:\Windows\Panther
2013-12-25 20:25:34 ----D---- C:\Windows\rescache
2013-12-25 19:27:45 ----D---- C:\Windows\system32\nl-NL
2013-12-25 19:27:45 ----D---- C:\Program Files\Internet Explorer
2013-12-25 19:27:42 ----RD---- C:\Windows\Offline Web Pages
2013-12-25 19:27:42 ----D---- C:\Windows\system32\migration
2013-12-25 19:27:42 ----D---- C:\Windows\system32\en-US
2013-12-25 19:27:42 ----D---- C:\Windows\PolicyDefinitions
2013-12-25 19:27:34 ----SD---- C:\Windows\Downloaded Program Files
2013-12-24 12:15:42 ----D---- C:\Windows\system32\Msdtc
2013-12-23 20:46:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-12-23 20:31:46 ----D---- C:\Program Files\HitmanPro
2013-12-23 15:20:43 ----RSD---- C:\Windows\Media
2013-12-23 15:20:34 ----D---- C:\Windows\system32\RTCOM
2013-12-23 15:20:34 ----D---- C:\Windows\system32\CodeIntegrity
2013-12-23 15:20:23 ----D---- C:\ProgramData\Microsoft Help
2013-12-23 15:20:23 ----D---- C:\Program Files\Mozilla Firefox
2013-12-23 15:20:21 ----D---- C:\Program Files\Google
2013-12-23 14:44:49 ----D---- C:\ProgramData\Google
2013-12-12 20:39:50 ----D---- C:\Windows\Debug
2013-12-12 19:04:06 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 17:00:02 ----D---- C:\Windows\system32\MRT
2013-12-11 16:56:35 ----A---- C:\Windows\system32\mrt.exe
2013-11-26 12:25:54 ----N---- C:\Windows\system32\MpSigStub.exe
2013-11-21 15:44:33 ----D---- C:\ProgramData\Norton
2013-11-21 15:44:33 ----D---- C:\Program Files\Norton Security Scan
2013-11-21 15:44:30 ----D---- C:\Program Files\NortonInstaller
2013-11-21 15:43:53 ----D---- C:\ProgramData\NortonInstaller
2013-11-13 15:56:26 ----D---- C:\Program Files\iTunes
2013-11-13 15:56:26 ----D---- C:\Program Files\iPod
2013-11-01 23:00:41 ----D---- C:\Program Files\FileZilla FTP Client
2013-11-01 22:54:25 ----D---- C:\Windows\system32\Adobe
2013-11-01 22:53:37 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-11-01 22:50:52 ----D---- C:\Program Files\irfanview benny
2013-11-01 22:35:26 ----D---- C:\Program Files\Java
2013-11-01 11:00:40 ----D---- C:\Users\Benny\AppData\Roaming\vlc
2013-11-01 11:00:40 ----D---- C:\Users\Benny\AppData\Roaming\Nvu
2013-11-01 11:00:38 ----D---- C:\Users\Benny\AppData\Roaming\gtk-2.0
2013-11-01 11:00:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-01 10:46:41 ----RD---- C:\Users
2013-10-30 03:13:01 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2013-10-09 16:18:08 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-06 22:28:09 ----D---- C:\Program Files\AVG
2013-10-01 09:03:43 ----D---- C:\Users\Benny\AppData\Roaming\FileZilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-10-01 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 Si3531;SiI-3531 SATA Controller; C:\Windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2009-02-05 17064]
R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [2009-02-05 12200]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-12-27 320120]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-11-05 120600]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-04 209176]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-09-17 22840]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-27 243128]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2010-11-16 13880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-01 2113624]
R3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\74D1.tmp []
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-06-23 259176]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-31 192688]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2009-01-22 36736]
S3 ajeushn0;ajeushn0; C:\Windows\system32\drivers\ajeushn0.sys []
S3 catchme;catchme; \??\C:\Users\Benny\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-11-04 102912]
S3 MFE_RR;MFE_RR; \??\C:\Users\Benny\AppData\Local\Temp\mfe_rr.sys []
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2009-07-07 168936]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-06-19 59888]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-07-28 49016]
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-07-12 73344]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]
S3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2013-04-04 106280]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-30 144752]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-06-14 61440]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-11-16 9216]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12 257416]
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-01 30192]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-01 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-03 117144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

 

[boterblommeken]

Dag Qtex,

Malwarebytes doet automatisch eerst een update alvorens te scannen.
Ik zal dus de chameleon optie niet moeten doen?
Ik ga wel de rootkit scan eens doen en ook een nieuwe volledige scan met dit program.
Deze duurt meer dan 2 uren, dus het logje komt er nog aan.

Ik heb al eens een rootscan gemaakt met "sophos anti root kit" maar daar was ook niets mee te vinden.

 

[Zer0Day]

Wacht eventjes met in het wilde weg dergelijke tools te gebruiken als je wilt. Dat is geen goed idee!
Ik zie dat je ook Combofix al gebruikt hebt?
Kan je daar het log eens van posten. Je vindt dit hier: C:\ComboFix.txt

Voer daarna het volgende uit:

Download TDSSKiller en plaats het op je bureaublad.

• Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
  • Klik hier voor de handleiding van Kaspersky TDSSKiller
• Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
• Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
• Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
• Start nu TDSSkiller opnieuw.
• Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
  
  
• Klik op de knop "Start Scan" en volg de instructies.
  • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
  • Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • Voeg dit log-bestand toe aan het volgende bericht.

 

[boterblommeken]

Hier het logje van combo fix.
De reden dat ik in het wilde weg deze tools ben gaan gebruiken is dat ik het eerst wou oplossen zonder jullie lastig te vallen.
Ik ben dus gaan grasduinen in bestaande topics zodat ik tenminste zelf een poging zou kunnen doen.

ComboFix 13-12-26.01 - Benny 28/12/2013 16:51:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3062.1860 [GMT 1:00]
Gestart vanuit: c:\users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB5MYBLQ\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-11-28 to 2013-12-28 ))))))))))))))))))))))))))))))
.
.
2013-12-28 16:04 . 2013-12-28 16:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-12-28 16:04 . 2013-12-28 16:05 -------- d-----w- c:\users\Benny\AppData\Local\temp
2013-12-28 16:04 . 2013-12-28 16:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-28 16:04 . 2013-12-28 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-28 16:04 . 2013-12-28 16:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-12-28 10:55 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE977FA-5995-478D-B77E-BC7D94B830B3}\mpengine.dll
2013-12-27 20:27 . 2013-12-27 20:27 -------- d-----w- C:\found.010
2013-12-27 18:32 . 2013-12-27 18:32 -------- d-----w- c:\program files\Common Files\Protexis
2013-12-27 18:14 . 2013-12-27 18:14 -------- d-----w- c:\windows\en
2013-12-27 18:13 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-12-27 18:12 . 2013-12-27 18:12 -------- d-----w- c:\windows\nl
2013-12-27 18:08 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-12-27 18:08 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-12-27 18:08 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-27 18:07 . 2013-12-27 18:07 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\720632321cf032e08\bingbarsetup.exe
2013-12-27 18:06 . 2013-12-27 18:06 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\6c8e81e21cf032e07\MeshBetaRemover.exe
2013-12-27 18:06 . 2013-12-27 18:06 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\68e21bb21cf032e06\DSETUP.dll
2013-12-27 18:06 . 2013-12-27 18:06 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\68e21bb21cf032e06\DXSETUP.exe
2013-12-27 18:06 . 2013-12-27 18:06 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\68e21bb21cf032e06\dsetup32.dll
2013-12-27 17:50 . 2013-12-27 17:51 -------- d-----w- c:\program files\MarketResearchHelper
2013-12-27 17:33 . 2013-12-27 19:57 -------- d-----w- c:\program files\Ask.com
2013-12-27 17:25 . 2013-12-27 17:25 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-27 17:24 . 2013-12-27 17:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-12-27 16:35 . 2013-12-27 19:57 -------- d-----w- c:\program files\Smart File Advisor
2013-12-27 16:23 . 2013-12-27 16:24 -------- d-----w- c:\users\Benny\.android
2013-12-27 16:23 . 2013-12-27 16:23 -------- d-----w- c:\users\Benny\AppData\Local\cache
2013-12-27 16:23 . 2013-12-27 17:44 -------- d-----w- c:\users\Benny\AppData\Roaming\newnext.me
2013-12-27 16:23 . 2013-12-27 16:23 -------- d-----w- c:\users\Benny\AppData\Local\genienext
2013-12-27 16:22 . 2013-12-27 19:57 -------- d-----w- c:\program files\Mobogenie
2013-12-27 16:10 . 2013-12-27 16:10 -------- d-----w- c:\program files\FileHippo.com
2013-12-27 15:42 . 2013-12-27 15:42 -------- d-----w- c:\program files\Allin1Convert_8h
2013-12-23 17:03 . 2013-12-23 17:03 -------- d-----w- c:\windows\Migration
2013-12-23 16:23 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2013-12-23 15:46 . 2013-12-23 15:46 -------- d-----w- C:\found.009
2013-12-23 14:51 . 2013-12-23 14:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-12-23 12:23 . 2013-12-23 19:06 -------- d-----w- C:\AdwCleaner
2013-12-23 10:57 . 2013-12-23 10:57 -------- d-----w- C:\68b700753a2b87d59f
2013-12-18 13:55 . 2013-12-18 13:55 -------- d-----w- C:\found.008
2013-12-11 15:14 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 15:14 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 15:14 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 15:14 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 15:13 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 15:13 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 15:13 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 15:13 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 15:13 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 15:13 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-27 18:09 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-27 16:27 . 2010-10-25 20:49 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-12 18:04 . 2013-04-12 10:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 18:04 . 2013-04-12 10:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 11:25 . 2009-10-02 19:53 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-01 21:35 . 2013-11-01 21:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-31 22:00 . 2013-10-31 22:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 21:30 . 2013-10-31 21:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-24 21:28 . 2013-10-24 21:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-11 02:08 . 2013-11-13 14:01 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 14:01 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45 . 2013-11-13 14:01 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 14:01 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-09-30 23:49 . 2013-09-30 23:49 102712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-09-05 14:03 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2012-01-05 15:42 75624 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-02-02 11:32 2035712 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-10-28 08:29 3675352 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-25 21:18 133104 ----atw- c:\users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 02:25 6595928 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2013-05-23 11:53 455608 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2013-11-14 02:53 1283584 ----a-w- c:\users\Benny\AppData\Roaming\newnext.me\nengine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-01 14:31 6025216 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-08-29 08:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-01-22 36736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 18:04]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:21]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:21]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000Core.job
- c:\users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 21:18]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000UA.job
- c:\users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 21:18]
.
2013-12-21 c:\windows\Tasks\Norton Security Scan for Benny.job
- c:\progra~1\NORTON~2\NORTON~1\Engine\403~1.24\Nss.exe [2013-11-21 06:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://users.skynet.be/oefensite-HTML
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-23 03:29; firefox@marketresearchhelper.com; c:\users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\firefox@marketresearchhelper.com.xpi
FF - ExtSQL: 2013-12-27 16:42; 8hffxtbr@Allin1Convert_8h.com; c:\users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\8hffxtbr@Allin1Convert_8h.com
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-12-28 17:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2013-12-28 17:07:22
ComboFix-quarantined-files.txt 2013-12-28 16:07
.
Pre-Run: 91.833.262.080 bytes beschikbaar
Post-Run: 90.992.308.224 bytes beschikbaar
.
- - End Of File - - 0C4EF3CA606436EC1A4E1955BBF56A2C
5C616939100B85E558DA92B899A0FC36

 

[boterblommeken]

00:36:54.0793 0x12b4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
00:37:00.0661 0x12b4 ============================================================
00:37:00.0662 0x12b4 Current date / time: 2013/12/29 00:37:00.0661
00:37:00.0662 0x12b4 SystemInfo:
00:37:00.0662 0x12b4
00:37:00.0662 0x12b4 OS Version: 6.0.6002 ServicePack: 2.0
00:37:00.0662 0x12b4 Product type: Workstation
00:37:00.0663 0x12b4 ComputerName: PC_VAN_BENNY
00:37:00.0664 0x12b4 UserName: Benny
00:37:00.0664 0x12b4 Windows directory: C:\Windows
00:37:00.0664 0x12b4 System windows directory: C:\Windows
00:37:00.0664 0x12b4 Processor architecture: Intel x86
00:37:00.0664 0x12b4 Number of processors: 2
00:37:00.0664 0x12b4 Page size: 0x1000
00:37:00.0664 0x12b4 Boot type: Normal boot
00:37:00.0664 0x12b4 ============================================================
00:37:01.0255 0x12b4 KLMD registered as C:\Windows\system32\drivers\68502969.sys
00:37:01.0511 0x12b4 System UUID: {7C1F270F-045B-01DD-D47C-ADF0F5877865}
00:37:02.0190 0x12b4 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:37:02.0207 0x12b4 ============================================================
00:37:02.0207 0x12b4 \Device\Harddisk0\DR0:
00:37:02.0208 0x12b4 MBR partitions:
00:37:02.0208 0x12b4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x19D47260
00:37:02.0254 0x12b4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x19D472DE, BlocksNum 0x347D2A3
00:37:02.0254 0x12b4 ============================================================
00:37:02.0293 0x12b4 C: <-> \Device\Harddisk0\DR0\Partition1
00:37:02.0322 0x12b4 D: <-> \Device\Harddisk0\DR0\Partition2
00:37:02.0322 0x12b4 ============================================================
00:37:02.0322 0x12b4 Initialize success
00:37:02.0322 0x12b4 ============================================================
00:42:06.0498 0x1544 ============================================================
00:42:06.0499 0x1544 Scan started
00:42:06.0499 0x1544 Mode: Manual; SigCheck; TDLFS;
00:42:06.0499 0x1544 ============================================================
00:42:06.0499 0x1544 KSN ping started
00:42:20.0125 0x1544 KSN ping finished: true
00:42:20.0569 0x1544 ================ Scan system memory ========================
00:42:20.0570 0x1544 System memory - ok
00:42:20.0571 0x1544 ================ Scan services =============================
00:42:20.0801 0x1544 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:42:21.0039 0x1544 ACPI - ok
00:42:21.0139 0x1544 [ A9C8D7750F18A4D598308B096B34545B, 9EB295A89B50EA4FE386C954CAC631A5FD798BC55FEFBEFC91F9797D14F45648 ] ACSSCR C:\Windows\system32\DRIVERS\a38usb.sys
00:42:21.0213 0x1544 ACSSCR - ok
00:42:21.0391 0x1544 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:42:21.0411 0x1544 AdobeARMservice - ok
00:42:21.0501 0x1544 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:42:21.0525 0x1544 AdobeFlashPlayerUpdateSvc - ok
00:42:21.0643 0x1544 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:42:21.0680 0x1544 adp94xx - ok
00:42:21.0741 0x1544 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:42:21.0775 0x1544 adpahci - ok
00:42:21.0821 0x1544 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:42:21.0846 0x1544 adpu160m - ok
00:42:21.0892 0x1544 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:42:21.0919 0x1544 adpu320 - ok
00:42:21.0983 0x1544 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:42:22.0105 0x1544 AeLookupSvc - ok
00:42:22.0243 0x1544 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
00:42:22.0367 0x1544 AFD - ok
00:42:22.0458 0x1544 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:42:22.0494 0x1544 agp440 - ok
00:42:22.0541 0x1544 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:42:22.0580 0x1544 aic78xx - ok
00:42:22.0621 0x1544 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
00:42:22.0801 0x1544 ALG - ok
00:42:22.0837 0x1544 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
00:42:22.0870 0x1544 aliide - ok
00:42:22.0901 0x1544 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:42:22.0937 0x1544 amdagp - ok
00:42:22.0957 0x1544 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
00:42:22.0992 0x1544 amdide - ok
00:42:23.0018 0x1544 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:42:23.0115 0x1544 AmdK7 - ok
00:42:23.0149 0x1544 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:42:23.0242 0x1544 AmdK8 - ok
00:42:23.0317 0x1544 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
00:42:23.0413 0x1544 Appinfo - ok
00:42:23.0540 0x1544 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:42:23.0574 0x1544 Apple Mobile Device - ok
00:42:23.0673 0x1544 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
00:42:23.0710 0x1544 arc - ok
00:42:23.0773 0x1544 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:42:23.0812 0x1544 arcsas - ok
00:42:23.0946 0x1544 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:42:23.0992 0x1544 aspnet_state - ok
00:42:24.0055 0x1544 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:42:24.0150 0x1544 AsyncMac - ok
00:42:24.0198 0x1544 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
00:42:24.0234 0x1544 atapi - ok
00:42:24.0333 0x1544 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:42:24.0457 0x1544 AudioEndpointBuilder - ok
00:42:24.0485 0x1544 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:42:24.0522 0x1544 Audiosrv - ok
00:42:24.0595 0x1544 [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
00:42:24.0621 0x1544 Avgdiskx - ok
00:42:24.0901 0x1544 [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
00:42:25.0137 0x1544 AVGIDSAgent - ok
00:42:25.0218 0x1544 [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
00:42:25.0240 0x1544 AVGIDSDriver - ok
00:42:25.0268 0x1544 [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
00:42:25.0287 0x1544 AVGIDSHX - ok
00:42:25.0329 0x1544 [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
00:42:25.0343 0x1544 AVGIDSShim - ok
00:42:25.0374 0x1544 [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
00:42:25.0393 0x1544 Avgldx86 - ok
00:42:25.0425 0x1544 [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
00:42:25.0445 0x1544 Avglogx - ok
00:42:25.0477 0x1544 [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
00:42:25.0495 0x1544 Avgmfx86 - ok
00:42:25.0559 0x1544 [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
00:42:25.0577 0x1544 Avgrkx86 - ok
00:42:25.0633 0x1544 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
00:42:25.0655 0x1544 Avgtdix - ok
00:42:25.0720 0x1544 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
00:42:25.0751 0x1544 avgwd - ok
00:42:25.0837 0x1544 [ 7692F4B242E45870873CAF4CB85CF769, 9D28627FD73F62134792528A9D2F2FCCBB0FDD7E45D8D7D816B9FC3C07AE4CA2 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
00:42:25.0858 0x1544 AxAutoMntSrv - ok
00:42:25.0932 0x1544 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
00:42:26.0005 0x1544 Beep - ok
00:42:26.0085 0x1544 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
00:42:26.0206 0x1544 BFE - ok
00:42:26.0304 0x1544 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
00:42:26.0423 0x1544 BITS - ok
00:42:26.0462 0x1544 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:42:26.0536 0x1544 blbdrive - ok
00:42:26.0626 0x1544 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:42:26.0670 0x1544 Bonjour Service - ok
00:42:26.0703 0x1544 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:42:26.0745 0x1544 bowser - ok
00:42:26.0812 0x1544 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:42:26.0887 0x1544 BrFiltLo - ok
00:42:26.0924 0x1544 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:42:27.0008 0x1544 BrFiltUp - ok
00:42:27.0063 0x1544 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
00:42:27.0176 0x1544 Browser - ok
00:42:27.0216 0x1544 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:42:27.0472 0x1544 Brserid - ok
00:42:27.0498 0x1544 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:42:27.0553 0x1544 BrSerWdm - ok
00:42:27.0574 0x1544 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:42:27.0629 0x1544 BrUsbMdm - ok
00:42:27.0646 0x1544 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:42:27.0721 0x1544 BrUsbSer - ok
00:42:27.0760 0x1544 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:42:27.0836 0x1544 BTHMODEM - ok
00:42:27.0964 0x1544 catchme - ok
00:42:28.0036 0x1544 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:42:28.0097 0x1544 cdfs - ok
00:42:28.0172 0x1544 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:42:28.0223 0x1544 cdrom - ok
00:42:28.0275 0x1544 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
00:42:28.0344 0x1544 CertPropSvc - ok
00:42:28.0393 0x1544 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
00:42:28.0464 0x1544 circlass - ok
00:42:28.0514 0x1544 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
00:42:28.0549 0x1544 CLFS - ok
00:42:28.0601 0x1544 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:42:28.0622 0x1544 clr_optimization_v2.0.50727_32 - ok
00:42:28.0676 0x1544 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:42:28.0710 0x1544 clr_optimization_v4.0.30319_32 - ok
00:42:28.0744 0x1544 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:42:28.0818 0x1544 CmBatt - ok
00:42:28.0857 0x1544 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:42:28.0883 0x1544 cmdide - ok
00:42:28.0905 0x1544 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:42:28.0932 0x1544 Compbatt - ok
00:42:28.0942 0x1544 COMSysApp - ok
00:42:28.0955 0x1544 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:42:28.0982 0x1544 crcdisk - ok
00:42:29.0011 0x1544 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:42:29.0090 0x1544 Crusoe - ok
00:42:29.0151 0x1544 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:42:29.0231 0x1544 CryptSvc - ok
00:42:29.0341 0x1544 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:42:29.0472 0x1544 DcomLaunch - ok
00:42:29.0519 0x1544 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:42:29.0612 0x1544 DfsC - ok
00:42:29.0819 0x1544 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
00:42:30.0072 0x1544 DFSR - ok
00:42:30.0144 0x1544 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:42:30.0197 0x1544 Dhcp - ok
00:42:30.0255 0x1544 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
00:42:30.0272 0x1544 disk - ok
00:42:30.0338 0x1544 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:42:30.0403 0x1544 Dnscache - ok
00:42:30.0444 0x1544 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
00:42:30.0518 0x1544 dot3svc - ok
00:42:30.0575 0x1544 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
00:42:30.0654 0x1544 DPS - ok
00:42:30.0713 0x1544 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:42:30.0784 0x1544 drmkaud - ok
00:42:30.0835 0x1544 [ E6B7D1B24E16FB24CE1FEA964E144EBC, 30F81E0A017163A1AB463FE3A13B5CC2905B973E782AEBC1EB63759BF2470658 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:42:30.0865 0x1544 dtsoftbus01 - ok
00:42:30.0941 0x1544 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:42:31.0003 0x1544 DXGKrnl - ok
00:42:31.0072 0x1544 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:42:31.0155 0x1544 E1G60 - ok
00:42:31.0201 0x1544 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
00:42:31.0256 0x1544 EapHost - ok
00:42:31.0325 0x1544 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
00:42:31.0347 0x1544 Ecache - ok
00:42:31.0419 0x1544 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:42:31.0458 0x1544 ehRecvr - ok
00:42:31.0477 0x1544 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
00:42:31.0524 0x1544 ehSched - ok
00:42:31.0546 0x1544 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
00:42:31.0594 0x1544 ehstart - ok
00:42:31.0658 0x1544 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:42:31.0690 0x1544 elxstor - ok
00:42:31.0741 0x1544 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:42:31.0864 0x1544 EMDMgmt - ok
00:42:31.0913 0x1544 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:42:31.0974 0x1544 ErrDev - ok
00:42:32.0048 0x1544 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
00:42:32.0138 0x1544 EventSystem - ok
00:42:32.0199 0x1544 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
00:42:32.0286 0x1544 exfat - ok
00:42:32.0329 0x1544 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:42:32.0381 0x1544 fastfat - ok
00:42:32.0422 0x1544 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:42:32.0495 0x1544 fdc - ok
00:42:32.0541 0x1544 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
00:42:32.0595 0x1544 fdPHost - ok
00:42:32.0613 0x1544 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
00:42:32.0695 0x1544 FDResPub - ok
00:42:32.0750 0x1544 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:42:32.0768 0x1544 FileInfo - ok
00:42:32.0789 0x1544 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:42:32.0822 0x1544 Filetrace - ok
00:42:32.0841 0x1544 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:42:32.0891 0x1544 flpydisk - ok
00:42:32.0937 0x1544 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:42:32.0959 0x1544 FltMgr - ok
00:42:33.0100 0x1544 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
00:42:33.0310 0x1544 FontCache - ok
00:42:33.0378 0x1544 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:42:33.0396 0x1544 FontCache3.0.0.0 - ok
00:42:33.0478 0x1544 [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:42:33.0497 0x1544 fssfltr - ok
00:42:33.0673 0x1544 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:42:33.0806 0x1544 fsssvc - ok
00:42:33.0855 0x1544 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:42:33.0943 0x1544 Fs_Rec - ok
00:42:33.0980 0x1544 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:42:34.0008 0x1544 gagp30kx - ok
00:42:34.0040 0x1544 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:42:34.0062 0x1544 GEARAspiWDM - ok
00:42:34.0163 0x1544 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
00:42:34.0185 0x1544 GoogleDesktopManager-051210-111108 - ok
00:42:34.0252 0x1544 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
00:42:34.0372 0x1544 gpsvc - ok
00:42:34.0449 0x1544 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:42:34.0474 0x1544 gupdate - ok
00:42:34.0493 0x1544 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:42:34.0519 0x1544 gupdatem - ok
00:42:34.0627 0x1544 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:42:34.0656 0x1544 gusvc - ok
00:42:34.0732 0x1544 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:42:34.0862 0x1544 HdAudAddService - ok
00:42:34.0938 0x1544 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:42:35.0031 0x1544 HDAudBus - ok
00:42:35.0089 0x1544 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:42:35.0142 0x1544 HidBth - ok
00:42:35.0164 0x1544 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
00:42:35.0234 0x1544 HidIr - ok
00:42:35.0273 0x1544 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
00:42:35.0348 0x1544 hidserv - ok
00:42:35.0378 0x1544 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:42:35.0447 0x1544 HidUsb - ok
00:42:35.0526 0x1544 [ 56D2021D02DA247C168543DE1E881067, 6AE7DBB2F174FFFB2F5FD44E4166FADCA7B392E8B29D1FF2B46A686AFD401D97 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
00:42:35.0545 0x1544 HitmanProScheduler - ok
00:42:35.0580 0x1544 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
00:42:35.0647 0x1544 hkmsvc - ok
00:42:35.0699 0x1544 [ 8B566EA71D5B76157A9CDB78F25A5731, 9EE1BF3925F0592F159A96E1224DF04B037F312A903BFEBD87B5188A55F301C3 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
00:42:35.0735 0x1544 Hotkey - detected UnsignedFile.Multi.Generic ( 1 )
00:42:38.0171 0x1544 Detect skipped due to KSN trusted
00:42:38.0172 0x1544 Hotkey - ok
00:42:38.0216 0x1544 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:42:38.0252 0x1544 HpCISSs - ok
00:42:38.0313 0x1544 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:42:38.0440 0x1544 HTTP - ok
00:42:38.0534 0x1544 [ 0515065A3C7E8869DD01253E987C5BD1, B9B8C449061D8532CD5BC447E44F7123043D63B647B86EB06F33CA586B414351 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:42:38.0634 0x1544 hwdatacard - ok
00:42:38.0661 0x1544 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:42:38.0697 0x1544 i2omp - ok
00:42:38.0756 0x1544 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:42:38.0838 0x1544 i8042prt - ok
00:42:38.0926 0x1544 [ 72B53E9C8924949DEC8F3799BCBA2251, FA49C575A9FB45729A9A54CE9A78BD93BAA7A514B1488A8A5BD71489CE033D69 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
00:42:38.0979 0x1544 IAANTMON - ok
00:42:39.0042 0x1544 [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:42:39.0088 0x1544 iaStor - ok
00:42:39.0125 0x1544 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:42:39.0175 0x1544 iaStorV - ok
00:42:39.0283 0x1544 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:42:39.0360 0x1544 idsvc - ok
00:42:39.0545 0x1544 [ 62F534791AE488A475A3E508D92AF4CC, 63F0BCA271EAB73A73ED9908B49332957343CAB00AB39BBBBB8F983C1086DDA9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
00:42:39.0743 0x1544 igfx - ok
00:42:39.0776 0x1544 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:42:39.0791 0x1544 iirsp - ok
00:42:39.0846 0x1544 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
00:42:39.0936 0x1544 IKEEXT - ok
00:42:40.0097 0x1544 [ 2B1B7E0CC16A361FC3E10D5C2E868C72, 4EA5F1C11CA37426A1701E54904825C61D7FBCBDCAC19B90F55C2B27FBF12FE5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:42:40.0233 0x1544 IntcAzAudAddService - ok
00:42:40.0298 0x1544 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
00:42:40.0314 0x1544 intelide - ok
00:42:40.0370 0x1544 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:42:40.0431 0x1544 intelppm - ok
00:42:40.0478 0x1544 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:42:40.0516 0x1544 IPBusEnum - ok
00:42:40.0535 0x1544 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:42:40.0588 0x1544 IpFilterDriver - ok
00:42:40.0643 0x1544 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:42:40.0713 0x1544 iphlpsvc - ok
00:42:40.0721 0x1544 IpInIp - ok
00:42:40.0747 0x1544 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:42:40.0808 0x1544 IPMIDRV - ok
00:42:40.0843 0x1544 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:42:40.0904 0x1544 IPNAT - ok
00:42:40.0933 0x1544 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:42:40.0988 0x1544 IRENUM - ok
00:42:41.0016 0x1544 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:42:41.0035 0x1544 isapnp - ok
00:42:41.0113 0x1544 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:42:41.0140 0x1544 iScsiPrt - ok
00:42:41.0166 0x1544 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:42:41.0184 0x1544 iteatapi - ok
00:42:41.0208 0x1544 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:42:41.0225 0x1544 iteraid - ok
00:42:41.0300 0x1544 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
00:42:41.0321 0x1544 IviRegMgr - ok
00:42:41.0338 0x1544 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:42:41.0360 0x1544 kbdclass - ok
00:42:41.0395 0x1544 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:42:41.0455 0x1544 kbdhid - ok
00:42:41.0498 0x1544 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
00:42:41.0563 0x1544 KeyIso - ok
00:42:41.0612 0x1544 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:42:41.0681 0x1544 KSecDD - ok
00:42:41.0770 0x1544 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:42:41.0882 0x1544 KtmRm - ok
00:42:41.0929 0x1544 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
00:42:42.0016 0x1544 LanmanServer - ok
00:42:42.0098 0x1544 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:42:42.0171 0x1544 LanmanWorkstation - ok
00:42:42.0205 0x1544 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:42:42.0261 0x1544 lltdio - ok
00:42:42.0312 0x1544 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:42:42.0409 0x1544 lltdsvc - ok
00:42:42.0445 0x1544 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:42:42.0572 0x1544 lmhosts - ok
00:42:42.0616 0x1544 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:42:42.0647 0x1544 LSI_FC - ok
00:42:42.0674 0x1544 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:42:42.0705 0x1544 LSI_SAS - ok
00:42:42.0763 0x1544 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:42:42.0793 0x1544 LSI_SCSI - ok
00:42:42.0821 0x1544 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
00:42:42.0908 0x1544 luafv - ok
00:42:42.0950 0x1544 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:42:43.0012 0x1544 Mcx2Svc - ok
00:42:43.0058 0x1544 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
00:42:43.0094 0x1544 megasas - ok
00:42:43.0175 0x1544 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
00:42:43.0237 0x1544 MegaSR - ok
00:42:43.0267 0x1544 MEMSWEEP2 - ok
00:42:43.0289 0x1544 MFE_RR - ok
00:42:43.0392 0x1544 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:42:43.0424 0x1544 Microsoft Office Groove Audit Service - ok
00:42:43.0470 0x1544 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
00:42:43.0511 0x1544 MMCSS - ok
00:42:43.0536 0x1544 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
00:42:43.0596 0x1544 Modem - ok
00:42:43.0635 0x1544 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:42:43.0695 0x1544 monitor - ok
00:42:43.0731 0x1544 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:42:43.0748 0x1544 mouclass - ok
00:42:43.0769 0x1544 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:42:43.0803 0x1544 mouhid - ok
00:42:43.0823 0x1544 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:42:43.0841 0x1544 MountMgr - ok
00:42:43.0927 0x1544 [ 825BF0E46B4470A463AEB641480C5FCA, 321F37EA5D2AF7E3F55399ABE94AC3788B90E254E4A6859059C6BB1C6BEF19D0 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:42:43.0947 0x1544 MozillaMaintenance - ok
00:42:43.0993 0x1544 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
00:42:44.0014 0x1544 mpio - ok
00:42:44.0037 0x1544 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:42:44.0090 0x1544 mpsdrv - ok
00:42:44.0148 0x1544 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:42:44.0244 0x1544 MpsSvc - ok
00:42:44.0290 0x1544 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:42:44.0310 0x1544 Mraid35x - ok
00:42:44.0341 0x1544 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:42:44.0400 0x1544 MRxDAV - ok
00:42:44.0456 0x1544 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:42:44.0540 0x1544 mrxsmb - ok
00:42:44.0576 0x1544 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:42:44.0639 0x1544 mrxsmb10 - ok
00:42:44.0682 0x1544 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:42:44.0741 0x1544 mrxsmb20 - ok
00:42:44.0787 0x1544 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
00:42:44.0822 0x1544 msahci - ok
00:42:44.0852 0x1544 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:42:44.0891 0x1544 msdsm - ok
00:42:44.0929 0x1544 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
00:42:45.0007 0x1544 MSDTC - ok
00:42:45.0068 0x1544 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:42:45.0163 0x1544 Msfs - ok
00:42:45.0190 0x1544 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:42:45.0226 0x1544 msisadrv - ok
00:42:45.0287 0x1544 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:42:45.0367 0x1544 MSiSCSI - ok
00:42:45.0378 0x1544 msiserver - ok
00:42:45.0450 0x1544 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:42:45.0482 0x1544 MSKSSRV - ok
00:42:45.0504 0x1544 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:42:45.0560 0x1544 MSPCLOCK - ok
00:42:45.0595 0x1544 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:42:45.0653 0x1544 MSPQM - ok
00:42:45.0703 0x1544 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:42:45.0727 0x1544 MsRPC - ok
00:42:45.0744 0x1544 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:42:45.0761 0x1544 mssmbios - ok
00:42:45.0780 0x1544 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:42:45.0813 0x1544 MSTEE - ok
00:42:45.0839 0x1544 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
00:42:45.0857 0x1544 Mup - ok
00:42:45.0899 0x1544 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
00:42:45.0983 0x1544 napagent - ok
00:42:46.0042 0x1544 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:42:46.0072 0x1544 NativeWifiP - ok
00:42:46.0190 0x1544 [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
00:42:46.0229 0x1544 NAUpdate - ok
00:42:46.0312 0x1544 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:42:46.0373 0x1544 NDIS - ok
00:42:46.0407 0x1544 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:42:46.0444 0x1544 NdisTapi - ok
00:42:46.0465 0x1544 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:42:46.0542 0x1544 Ndisuio - ok
00:42:46.0581 0x1544 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:42:46.0651 0x1544 NdisWan - ok
00:42:46.0688 0x1544 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:42:46.0762 0x1544 NDProxy - ok
00:42:46.0948 0x1544 [ 78073F606AE3B24F6C1F555759AA8511, 335ED089265B4672FC297F385CA970120B936C9C29A580E6C33EDA701EB9C695 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
00:42:47.0069 0x1544 Nero BackItUp Scheduler 3 - ok
00:42:47.0149 0x1544 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:42:47.0231 0x1544 NetBIOS - ok
00:42:47.0281 0x1544 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:42:47.0364 0x1544 netbt - ok
00:42:47.0395 0x1544 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
00:42:47.0428 0x1544 Netlogon - ok
00:42:47.0472 0x1544 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
00:42:47.0550 0x1544 Netman - ok
00:42:47.0653 0x1544 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:42:47.0692 0x1544 NetMsmqActivator - ok
00:42:47.0709 0x1544 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:42:47.0746 0x1544 NetPipeActivator - ok
00:42:47.0788 0x1544 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
00:42:47.0889 0x1544 netprofm - ok
00:42:47.0959 0x1544 [ B05FFE38336193A9B988B00B230C5B80, 2FE225F449912996C8932817E9F442218B59C571921F0F9B20A8A3DBD700EF86 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
00:42:47.0998 0x1544 netr28 - ok
00:42:48.0009 0x1544 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:42:48.0034 0x1544 NetTcpActivator - ok
00:42:48.0043 0x1544 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:42:48.0067 0x1544 NetTcpPortSharing - ok
00:42:48.0095 0x1544 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:42:48.0111 0x1544 nfrd960 - ok
00:42:48.0133 0x1544 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
00:42:48.0223 0x1544 NlaSvc - ok
00:42:48.0327 0x1544 [ 62F68443D244024845B875B44D76A92F, 60CB13374A8002AFF5AB6D54B0F03ED00A97C4E9D1E1A1BE017A364BA275E928 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
00:42:48.0362 0x1544 NMIndexingService - ok
00:42:48.0395 0x1544 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:42:48.0453 0x1544 Npfs - ok
00:42:48.0501 0x1544 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
00:42:48.0568 0x1544 nsi - ok
00:42:48.0604 0x1544 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:42:48.0663 0x1544 nsiproxy - ok
00:42:48.0782 0x1544 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:42:48.0916 0x1544 Ntfs - ok
00:42:48.0970 0x1544 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:42:49.0059 0x1544 ntrigdigi - ok
00:42:49.0095 0x1544 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
00:42:49.0133 0x1544 Null - ok
00:42:49.0158 0x1544 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:42:49.0194 0x1544 nvraid - ok
00:42:49.0216 0x1544 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:42:49.0234 0x1544 nvstor - ok
00:42:49.0257 0x1544 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:42:49.0277 0x1544 nv_agp - ok
00:42:49.0289 0x1544 NwlnkFlt - ok
00:42:49.0302 0x1544 NwlnkFwd - ok
00:42:49.0384 0x1544 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:42:49.0414 0x1544 odserv - ok
00:42:49.0472 0x1544 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:42:49.0560 0x1544 ohci1394 - ok
00:42:49.0625 0x1544 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:42:49.0642 0x1544 ose - ok
00:42:49.0717 0x1544 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:42:49.0877 0x1544 p2pimsvc - ok
00:42:49.0909 0x1544 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
00:42:49.0990 0x1544 p2psvc - ok
00:42:50.0032 0x1544 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
00:42:50.0095 0x1544 Parport - ok
00:42:50.0131 0x1544 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:42:50.0152 0x1544 partmgr - ok
00:42:50.0174 0x1544 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:42:50.0268 0x1544 Parvdm - ok
00:42:50.0313 0x1544 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
00:42:50.0391 0x1544 PcaSvc - ok
00:42:50.0431 0x1544 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
00:42:50.0455 0x1544 pci - ok
00:42:50.0474 0x1544 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
00:42:50.0491 0x1544 pciide - ok
00:42:50.0524 0x1544 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:42:50.0544 0x1544 pcmcia - ok
00:42:50.0630 0x1544 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:42:50.0753 0x1544 PEAUTH - ok
00:42:50.0874 0x1544 [ F433B5AA6DBAC3C8626EEFAF134E4763, 128B218EC0C7D66B53A11C573A1A44244097EFABC597688EA1D2A21303DB432F ] PhilCap C:\Windows\system32\DRIVERS\PhilCap.sys
00:42:50.0940 0x1544 PhilCap - ok
00:42:51.0055 0x1544 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
00:42:51.0245 0x1544 pla - ok
00:42:51.0298 0x1544 [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
00:42:51.0330 0x1544 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
00:42:53.0764 0x1544 Detect skipped due to KSN trusted
00:42:53.0764 0x1544 PLFlash DeviceIoControl Service - ok
00:42:53.0848 0x1544 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:42:53.0942 0x1544 PlugPlay - ok
00:42:53.0994 0x1544 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:42:54.0128 0x1544 PNRPAutoReg - ok
00:42:54.0159 0x1544 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:42:54.0206 0x1544 PNRPsvc - ok
00:42:54.0258 0x1544 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:42:54.0354 0x1544 PolicyAgent - ok
00:42:54.0404 0x1544 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:42:54.0462 0x1544 PptpMiniport - ok
00:42:54.0501 0x1544 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
00:42:54.0540 0x1544 Processor - ok
00:42:54.0578 0x1544 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
00:42:54.0645 0x1544 ProfSvc - ok
00:42:54.0672 0x1544 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
00:42:54.0713 0x1544 ProtectedStorage - ok
00:42:54.0796 0x1544 [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
00:42:54.0822 0x1544 ProtexisLicensing - ok
00:42:54.0854 0x1544 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:42:54.0909 0x1544 PSched - ok
00:42:54.0971 0x1544 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
00:42:54.0989 0x1544 PSI_SVC_2 - ok
00:42:55.0104 0x1544 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:42:55.0189 0x1544 ql2300 - ok
00:42:55.0220 0x1544 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:42:55.0239 0x1544 ql40xx - ok
00:42:55.0285 0x1544 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
00:42:55.0338 0x1544 QWAVE - ok
00:42:55.0373 0x1544 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:42:55.0414 0x1544 QWAVEdrv - ok
00:42:55.0442 0x1544 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:42:55.0481 0x1544 RasAcd - ok
00:42:55.0497 0x1544 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
00:42:55.0541 0x1544 RasAuto - ok
00:42:55.0554 0x1544 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:42:55.0594 0x1544 Rasl2tp - ok
00:42:55.0645 0x1544 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
00:42:55.0713 0x1544 RasMan - ok
00:42:55.0752 0x1544 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:42:55.0780 0x1544 RasPppoe - ok
00:42:55.0811 0x1544 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:42:55.0833 0x1544 RasSstp - ok
00:42:55.0856 0x1544 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:42:55.0892 0x1544 rdbss - ok
00:42:55.0906 0x1544 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:42:55.0967 0x1544 RDPCDD - ok
00:42:56.0013 0x1544 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:42:56.0054 0x1544 rdpdr - ok
00:42:56.0062 0x1544 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:42:56.0117 0x1544 RDPENCDD - ok
00:42:56.0168 0x1544 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:42:56.0210 0x1544 RDPWD - ok
00:42:56.0286 0x1544 [ 24D3B49DAB660A8B8AFA40240E735E24, 1CA5554C582ADB83476B989845509FD1A1E82DAC627847A7209F9B39E472D8A7 ] regi C:\Windows\system32\drivers\regi.sys
00:42:56.0302 0x1544 regi - ok
00:42:56.0366 0x1544 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
00:42:56.0431 0x1544 RemoteAccess - ok
00:42:56.0477 0x1544 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:42:56.0539 0x1544 RemoteRegistry - ok
00:42:56.0585 0x1544 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
00:42:56.0630 0x1544 RpcLocator - ok
00:42:56.0688 0x1544 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
00:42:56.0775 0x1544 RpcSs - ok
00:42:56.0809 0x1544 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:42:56.0855 0x1544 rspndr - ok
00:42:56.0893 0x1544 [ 2D19A7469EA19993D0C12E627F4530BC, B59F0D4ACAA60ED95093FA561D4C5D87F26C9F6C646858772743038D97B2D6AB ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
00:42:56.0921 0x1544 RTL8169 - ok
00:42:56.0962 0x1544 [ D1FB9A678BD6C2B1129FCB09D5FEB6DD, 61E74F62B2599EAC2322EB7B448E85026B43CF9760582BD95A4B326D3ADEBAE3 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
00:42:56.0999 0x1544 RTSTOR - ok
00:42:57.0008 0x1544 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
00:42:57.0035 0x1544 SamSs - ok
00:42:57.0063 0x1544 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:42:57.0085 0x1544 sbp2port - ok
00:42:57.0119 0x1544 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:42:57.0176 0x1544 SCardSvr - ok
00:42:57.0245 0x1544 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
00:42:57.0393 0x1544 Schedule - ok
00:42:57.0482 0x1544 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
00:42:57.0514 0x1544 SCPolicySvc - ok
00:42:57.0553 0x1544 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:42:57.0621 0x1544 SDRSVC - ok
00:42:57.0661 0x1544 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:42:57.0741 0x1544 secdrv - ok
00:42:57.0794 0x1544 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
00:42:57.0853 0x1544 seclogon - ok
00:42:57.0885 0x1544 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
00:42:57.0921 0x1544 SENS - ok
00:42:57.0943 0x1544 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
00:42:57.0997 0x1544 Serenum - ok
00:42:58.0021 0x1544 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
00:42:58.0095 0x1544 Serial - ok
00:42:58.0126 0x1544 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:42:58.0163 0x1544 sermouse - ok
00:42:58.0193 0x1544 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
00:42:58.0259 0x1544 SessionEnv - ok
00:42:58.0291 0x1544 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:42:58.0318 0x1544 sffdisk - ok
00:42:58.0331 0x1544 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:42:58.0363 0x1544 sffp_mmc - ok
00:42:58.0382 0x1544 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:42:58.0419 0x1544 sffp_sd - ok
00:42:58.0440 0x1544 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:42:58.0528 0x1544 sfloppy - ok
00:42:58.0583 0x1544 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:42:58.0667 0x1544 SharedAccess - ok
00:42:58.0725 0x1544 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:42:58.0813 0x1544 ShellHWDetection - ok
00:42:58.0853 0x1544 [ 93BEACC3815A4653A655C8BD7622FF63, 511DBFCE8DA6876BD062216EBA168F47A84F439C201885987A170783D4FEB197 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
00:42:58.0881 0x1544 Si3531 - ok
00:42:58.0899 0x1544 [ 165448BC832D424B97270C8D1276E24A, B6D69505835DB78F45D347D60438DB5B8F61F20085C8D0051E8B383DF0A11168 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
00:42:58.0916 0x1544 SiFilter - ok
00:42:58.0930 0x1544 [ 9BE8EA3A8C7E6D47E710F6FA14B7442B, E6C2CDB148A361C558C54B3BB1850858FA3ABBD4FD3A9269B4C1D1BAD5991F4A ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
00:42:58.0948 0x1544 SiRemFil - ok
00:42:58.0987 0x1544 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:42:59.0011 0x1544 sisagp - ok
00:42:59.0030 0x1544 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:42:59.0054 0x1544 SiSRaid2 - ok
00:42:59.0072 0x1544 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:42:59.0096 0x1544 SiSRaid4 - ok
00:42:59.0257 0x1544 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:42:59.0289 0x1544 SkypeUpdate - ok
00:42:59.0545 0x1544 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
00:42:59.0912 0x1544 slsvc - ok
00:42:59.0979 0x1544 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:43:00.0032 0x1544 SLUINotify - ok
00:43:00.0085 0x1544 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:43:00.0116 0x1544 Smb - ok
00:43:00.0181 0x1544 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:43:00.0204 0x1544 SNMPTRAP - ok
00:43:00.0236 0x1544 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
00:43:00.0260 0x1544 spldr - ok
00:43:00.0287 0x1544 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
00:43:00.0365 0x1544 Spooler - ok
00:43:00.0452 0x1544 [ CBEAEA2729985BFB260641AB424E0166, 2FCED2951D5A1ACF93150BB0CA2293CCBE4227EBAAEA8438A78B5AFC6591F375 ] sptd C:\Windows\System32\Drivers\sptd.sys
00:43:00.0481 0x1544 sptd - ok
00:43:00.0521 0x1544 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
00:43:00.0616 0x1544 srv - ok
00:43:00.0663 0x1544 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:43:00.0745 0x1544 srv2 - ok
00:43:00.0776 0x1544 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:43:00.0837 0x1544 srvnet - ok
00:43:00.0887 0x1544 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:43:00.0979 0x1544 SSDPSRV - ok
00:43:01.0030 0x1544 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:43:01.0073 0x1544 SstpSvc - ok
00:43:01.0232 0x1544 [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
00:43:01.0302 0x1544 StarWindServiceAE - detected UnsignedFile.Multi.Generic ( 1 )
00:43:03.0734 0x1544 Detect skipped due to KSN trusted
00:43:03.0734 0x1544 StarWindServiceAE - ok
00:43:03.0849 0x1544 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
00:43:04.0026 0x1544 stisvc - ok
00:43:04.0076 0x1544 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:43:04.0110 0x1544 swenum - ok
00:43:04.0255 0x1544 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:43:04.0325 0x1544 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
00:43:06.0766 0x1544 Detect skipped due to KSN trusted
00:43:06.0766 0x1544 SwitchBoard - ok
00:43:06.0858 0x1544 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
00:43:06.0980 0x1544 swprv - ok
00:43:07.0011 0x1544 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:43:07.0045 0x1544 Symc8xx - ok
00:43:07.0074 0x1544 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:43:07.0107 0x1544 Sym_hi - ok
00:43:07.0133 0x1544 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:43:07.0167 0x1544 Sym_u3 - ok
00:43:07.0207 0x1544 [ 4C6DE67EBB6C487F7690A373FCFDE279, 66323CDB87D0D881EC44AEEE6BA67AB9DE4ED48018F60D3686DB9707DD0384E6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:43:07.0226 0x1544 SynTP - ok
00:43:07.0282 0x1544 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
00:43:07.0383 0x1544 SysMain - ok
00:43:07.0429 0x1544 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:43:07.0481 0x1544 TabletInputService - ok
00:43:07.0542 0x1544 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:43:07.0621 0x1544 TapiSrv - ok
00:43:07.0652 0x1544 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
00:43:07.0693 0x1544 TBS - ok
00:43:07.0779 0x1544 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:43:07.0882 0x1544 Tcpip - ok
00:43:07.0952 0x1544 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:43:08.0018 0x1544 Tcpip6 - ok
00:43:08.0065 0x1544 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:43:08.0158 0x1544 tcpipreg - ok
00:43:08.0206 0x1544 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:43:08.0249 0x1544 TDPIPE - ok
00:43:08.0269 0x1544 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:43:08.0325 0x1544 TDTCP - ok
00:43:08.0374 0x1544 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:43:08.0424 0x1544 tdx - ok
00:43:08.0462 0x1544 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:43:08.0481 0x1544 TermDD - ok
00:43:08.0531 0x1544 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
00:43:08.0631 0x1544 TermService - ok
00:43:08.0670 0x1544 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
00:43:08.0724 0x1544 Themes - ok
00:43:08.0759 0x1544 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
00:43:08.0799 0x1544 THREADORDER - ok
00:43:08.0908 0x1544 [ AC88D258F20909EEB91796F490CFBB73, F9AD49F3A9536BCDDE578A36B6F96ECA08A529E702EA11E5F970866758306A2F ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
00:43:08.0927 0x1544 TOSHIBA Bluetooth Service - ok
00:43:08.0958 0x1544 [ 90AFA1A4451BBBEE87C9F18A665D8121, 592AE754F117018E8777C541437544E1BC7FD93F460F3EE5DDBBC150448BFBD7 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
00:43:08.0972 0x1544 tosporte - ok
00:43:09.0009 0x1544 [ B168B345FB7073930C31E0D8B85E8353, 8B5F1F72408A3BF378EC5655EAC831E26DC7243F72D74BB51F4EB1924B967579 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
00:43:09.0029 0x1544 tosrfbd - ok
00:43:09.0054 0x1544 [ 74392BAB3F0D4810DA8436EC79D6955D, 8BF02D67CE1B1C4F2E3624FF6EFEA798F8735F3D8B8AF82D0754B0A63BDCCA38 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
00:43:09.0068 0x1544 tosrfbnp - ok
00:43:09.0090 0x1544 [ 1AD9EB1B5ABD0AEEE4084C8153476F1E, 8B527DDB38710B5A19956DDF56AE8CDDD9590ADD4731CACB7086A8626CF4A29B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
00:43:09.0106 0x1544 Tosrfcom - ok
00:43:09.0135 0x1544 [ A72A3473180F378CC07D342803FFD580, A3CCF5CD9A3EE8B8FF9E9175BEB51783F9378B22562D90A8D901FD8BE901CCD3 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
00:43:09.0151 0x1544 Tosrfhid - ok
00:43:09.0208 0x1544 [ B2A1A6538245FD69578224BBF2FD4677, 0393ECF2541A269169BA23D007266750958CD35E05FA7FCBEE1CF9727E07D9C4 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
00:43:09.0222 0x1544 tosrfnds - ok
00:43:09.0259 0x1544 [ 8B57D3D384102BD7987A33F171CB4F11, 9A4116BFCE591AD43A531BAFA9893199B15153EAD47A22672735724177493866 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
00:43:09.0274 0x1544 TosRfSnd - ok
00:43:09.0307 0x1544 [ 97529D04178BF604C62C5BE4B8BB2129, 17CA434C44C5D5B184B145A602589AECE1F14D5359A0F3FF24580E454C220F60 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
00:43:09.0322 0x1544 Tosrfusb - ok
00:43:09.0351 0x1544 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
00:43:09.0395 0x1544 TrkWks - ok
00:43:09.0442 0x1544 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:43:09.0502 0x1544 TrustedInstaller - ok
00:43:09.0553 0x1544 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:43:09.0631 0x1544 tssecsrv - ok
00:43:09.0694 0x1544 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:43:09.0771 0x1544 tunmp - ok
00:43:09.0813 0x1544 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:43:09.0868 0x1544 tunnel - ok
00:43:09.0903 0x1544 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:43:09.0931 0x1544 uagp35 - ok
00:43:09.0982 0x1544 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:43:10.0040 0x1544 udfs - ok
00:43:10.0087 0x1544 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:43:10.0144 0x1544 UI0Detect - ok
00:43:10.0184 0x1544 [ BE788A747457E6916586C410EC0111E7, 525F9065270AF40FED854C5B3C7E690783F5169C2F9286EE225F6C817ED1E237 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
00:43:10.0218 0x1544 UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 )
00:43:12.0665 0x1544 Detect skipped due to KSN trusted
00:43:12.0665 0x1544 UleadBurningHelper - ok
00:43:13.0317 0x1544 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:43:13.0355 0x1544 uliagpkx - ok
00:43:13.0389 0x1544 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:43:13.0438 0x1544 uliahci - ok
00:43:13.0469 0x1544 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:43:13.0496 0x1544 UlSata - ok
00:43:13.0540 0x1544 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:43:13.0559 0x1544 ulsata2 - ok
00:43:13.0574 0x1544 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:43:13.0648 0x1544 umbus - ok
00:43:13.0710 0x1544 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
00:43:13.0766 0x1544 upnphost - ok
00:43:14.0730 0x1544 [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:43:14.0812 0x1544 usbaudio - ok
00:43:14.0849 0x1544 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:43:14.0938 0x1544 usbccgp - ok
00:43:15.0147 0x1544 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:43:15.0286 0x1544 usbcir - ok
00:43:15.0376 0x1544 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:43:15.0396 0x1544 usbehci - ok
00:43:15.0458 0x1544 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:43:15.0518 0x1544 usbhub - ok
00:43:15.0561 0x1544 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:43:15.0660 0x1544 usbohci - ok
00:43:15.0721 0x1544 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:43:15.0759 0x1544 usbprint - ok
00:43:15.0833 0x1544 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:43:15.0928 0x1544 usbscan - ok
00:43:15.0958 0x1544 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:43:15.0992 0x1544 USBSTOR - ok
00:43:16.0018 0x1544 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:43:16.0068 0x1544 usbuhci - ok
00:43:16.0142 0x1544 [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:43:16.0292 0x1544 usbvideo - ok
00:43:16.0365 0x1544 [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
00:43:16.0461 0x1544 usb_rndisx - ok
00:43:16.0501 0x1544 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
00:43:16.0568 0x1544 UxSms - ok
00:43:16.0718 0x1544 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
00:43:16.0816 0x1544 vds - ok
00:43:16.0875 0x1544 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:43:16.0969 0x1544 vga - ok
00:43:17.0001 0x1544 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:43:17.0084 0x1544 VgaSave - ok
00:43:17.0118 0x1544 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:43:17.0146 0x1544 viaagp - ok
00:43:17.0171 0x1544 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:43:17.0226 0x1544 ViaC7 - ok
00:43:17.0265 0x1544 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
00:43:17.0291 0x1544 viaide - ok
00:43:17.0467 0x1544 [ 2C9965F11443A82538C79FCAC5969183, 1E94159DCE78663BAD3477656F318B6B0180A276F85759E4C5E6BA7A694B01A9 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
00:43:17.0477 0x1544 VMCService - detected UnsignedFile.Multi.Generic ( 1 )
00:43:19.0917 0x1544 Detect skipped due to KSN trusted
00:43:19.0917 0x1544 VMCService - ok
00:43:19.0968 0x1544 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:43:20.0006 0x1544 volmgr - ok
00:43:20.0075 0x1544 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:43:20.0180 0x1544 volmgrx - ok
00:43:20.0310 0x1544 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:43:20.0370 0x1544 volsnap - ok
00:43:20.0434 0x1544 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:43:20.0453 0x1544 vsmraid - ok
00:43:20.0540 0x1544 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
00:43:20.0717 0x1544 VSS - ok
00:43:20.0783 0x1544 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
00:43:20.0864 0x1544 W32Time - ok
00:43:20.0904 0x1544 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:43:20.0979 0x1544 WacomPen - ok
00:43:20.0992 0x1544 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:43:21.0038 0x1544 Wanarp - ok
00:43:21.0045 0x1544 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:43:21.0076 0x1544 Wanarpv6 - ok
00:43:21.0185 0x1544 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:43:21.0234 0x1544 wcncsvc - ok
00:43:21.0259 0x1544 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:43:21.0325 0x1544 WcsPlugInService - ok
00:43:21.0366 0x1544 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
00:43:21.0382 0x1544 Wd - ok
00:43:21.0440 0x1544 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:43:21.0497 0x1544 Wdf01000 - ok
00:43:21.0534 0x1544 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:43:21.0572 0x1544 WdiServiceHost - ok
00:43:21.0579 0x1544 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:43:21.0618 0x1544 WdiSystemHost - ok
00:43:21.0667 0x1544 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
00:43:21.0699 0x1544 WebClient - ok
00:43:21.0822 0x1544 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:43:21.0927 0x1544 Wecsvc - ok
00:43:21.0969 0x1544 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:43:22.0046 0x1544 wercplsupport - ok
00:43:22.0093 0x1544 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
00:43:22.0159 0x1544 WerSvc - ok
00:43:22.0236 0x1544 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:43:22.0272 0x1544 WinDefend - ok
00:43:22.0286 0x1544 WinHttpAutoProxySvc - ok
00:43:22.0435 0x1544 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:43:22.0489 0x1544 Winmgmt - ok
00:43:22.0583 0x1544 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
00:43:22.0766 0x1544 WinRM - ok
00:43:22.0843 0x1544 [ F0FE933E27F1E2A83FF322A0693A4724, 52F2BD4A5B0FB1A6702A7521D91EE55CAC04E9821C592FF7E0CE601943C0EFA6 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
00:43:22.0896 0x1544 WisLMSvc - detected UnsignedFile.Multi.Generic ( 1 )
00:43:32.0993 0x1544 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
00:43:32.0993 0x1544 Force sending object to P2P due to detect: C:\Program Files\Launch Manager\WisLMSvc.exe
00:43:36.0506 0x1544 Object send P2P result: true
00:43:39.0014 0x1544 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:43:39.0161 0x1544 Wlansvc - ok
00:43:39.0252 0x1544 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:43:39.0268 0x1544 wlcrasvc - ok
00:43:39.0423 0x1544 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:43:39.0558 0x1544 wlidsvc - ok
00:43:39.0613 0x1544 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:43:39.0682 0x1544 WmiAcpi - ok
00:43:39.0737 0x1544 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:43:39.0805 0x1544 wmiApSrv - ok
00:43:39.0947 0x1544 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:43:40.0126 0x1544 WMPNetworkSvc - ok
00:43:40.0170 0x1544 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:43:40.0251 0x1544 WPCSvc - ok
00:43:40.0303 0x1544 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:43:40.0359 0x1544 WPDBusEnum - ok
00:43:40.0425 0x1544 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:43:40.0458 0x1544 WpdUsb - ok
00:43:40.0832 0x1544 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:43:40.0933 0x1544 WPFFontCache_v0400 - ok
00:43:40.0974 0x1544 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:43:41.0055 0x1544 ws2ifsl - ok
00:43:41.0128 0x1544 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
00:43:41.0197 0x1544 wscsvc - ok
00:43:41.0204 0x1544 WSearch - ok
00:43:41.0345 0x1544 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
00:43:41.0588 0x1544 wuauserv - ok
00:43:41.0734 0x1544 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:43:41.0816 0x1544 WudfPf - ok
00:43:41.0844 0x1544 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:43:41.0904 0x1544 WUDFRd - ok
00:43:41.0950 0x1544 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:43:41.0982 0x1544 wudfsvc - ok
00:43:42.0034 0x1544 [ AB2D77BF7222B007717ABB61B15F9AE2, 9495D99385C91115583F6CD0E26B39D4F04FB3472EA53ADE51DA03043468A896 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
00:43:42.0052 0x1544 X10Hid - ok
00:43:42.0159 0x1544 [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
00:43:42.0170 0x1544 x10nets - detected UnsignedFile.Multi.Generic ( 1 )
00:43:44.0622 0x1544 Detect skipped due to KSN trusted
00:43:44.0622 0x1544 x10nets - ok
00:43:44.0721 0x1544 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B, 2F667F6170F120F038122A6567C59836D5EC0FC966244DECDF974E0D25509C72 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
00:43:44.0750 0x1544 XUIF - ok
00:43:44.0825 0x1544 ================ Scan global ===============================
00:43:44.0875 0x1544 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
00:43:44.0966 0x1544 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
00:43:45.0055 0x1544 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
00:43:45.0379 0x1544 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
00:43:45.0401 0x1544 [ Global ] - ok
00:43:45.0402 0x1544 ================ Scan MBR ==================================
00:43:45.0436 0x1544 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:43:46.0249 0x1544 \Device\Harddisk0\DR0 - ok
00:43:46.0249 0x1544 ================ Scan VBR ==================================
00:43:46.0253 0x1544 [ 12279A4199BD9172BBF2817658F3F746 ] \Device\Harddisk0\DR0\Partition1
00:43:46.0258 0x1544 \Device\Harddisk0\DR0\Partition1 - ok
00:43:46.0279 0x1544 [ 1C8C4E0516EA0D8F3D0AC5195CA8C137 ] \Device\Harddisk0\DR0\Partition2
00:43:46.0280 0x1544 \Device\Harddisk0\DR0\Partition2 - ok
00:43:46.0281 0x1544 Waiting for KSN requests completion. In queue: 18
00:43:47.0281 0x1544 Waiting for KSN requests completion. In queue: 18
00:43:48.0281 0x1544 Waiting for KSN requests completion. In queue: 18
00:43:49.0408 0x1544 AV detected via SS2: AVG Internet Security 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
00:43:49.0422 0x1544 Win FW state via NFP2: enabled
00:43:51.0861 0x1544 ============================================================
00:43:51.0861 0x1544 Scan finished
00:43:51.0861 0x1544 ============================================================
00:43:51.0886 0x10b8 Detected object count: 1
00:43:51.0886 0x10b8 Actual detected object count: 1
00:45:22.0348 0x10b8 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:22.0348 0x10b8 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:46:13.0999 0x14f4 Deinitialize success

.

 

[Zer0Day]

We gaan eens een nieuwe tool inzetten:

Download

Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
• Dubbelklik vervolgens op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc};c
{1FD91A9C-410C-4090-BBCC-55D3450EF433};c
{7FF99715-3016-4381-84CE-E4E4C9673020};c
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive];r64
C:\Users\Benny\AppData\Roaming\newnext.me;fs
MEMSWEEP2;s
C:\Windows\system32\74D1.tmp;f
ajeushn0;s
C:\Windows\system32\drivers\ajeushn0.sys;f
MFE_RR;s
C:\Users\Benny\AppData\Local\Temp\mfe_rr.sys;f
c:\program files\Ask.com;fs
c:\program files\Mobogenie;fs
C:\found.*;fs
C:\68b700753a2b87d59f;fs
8hffxtbr@Allin1Convert_8h.com;ff
firefox@marketresearchhelper.com;ff
ffxtlbr@babylon(69).com;ff
emptyclsid;
autoclean;
startupall; 
filesrcm;

• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht.

 

[boterblommeken]

Hier het logje van zoek:

Zoek.exe v5.0.0.0 Updated 28-December-2013
Tool run by Benny on zo 29/12/2013 at 11:24:40,33.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Benny\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29/12/2013 11:25:57 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2882329227-1665283863-2783355996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MEMSWEEP2 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MFE_RR deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MFE_RR deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zh6l4mbi.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


ProfilePath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]

==== Deleting Files \ Folders ======================

c:\program files\Ask.com not found
c:\program files\Mobogenie not found
"C:\Windows\system32\74D1.tmp" not found
"C:\Windows\system32\drivers\ajeushn0.sys" not found
"C:\Users\Benny\AppData\Local\Temp\mfe_rr.sys" not found
C:\Users\Benny\AppData\Roaming\newnext.me deleted
C:\68b700753a2b87d59f deleted
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\Benny\AppData\Local\genienext deleted
C:\Users\Benny\daemonprocess.txt deleted
C:\Users\Benny\.android deleted
C:\Program Files\Yahoo! deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\found.006 deleted
C:\found.007 deleted
C:\found.008 deleted
C:\found.009 deleted
C:\found.010 deleted
C:\Users\Benny\AppData\Roaming\Yahoo! deleted
C:\Users\Benny\AppData\Roaming\Sammsoft deleted
C:\ProgramData\Yahoo! deleted
C:\Users\Benny\AppData\Local\cache deleted
C:\Users\Benny\AppData\LocalLow\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\firefox@glindorus.net.xpi deleted
C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\firefox@marketresearchhelper.com.xpi deleted
C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\ffxtlbr@babylon(69).com deleted
C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com deleted
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zh6l4mbi.default\extensions\8hffxtbr@Allin1Convert_8h.com deleted
C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default\extensions\8hffxtbr@Allin1Convert_8h.com deleted
"C:\Users\Benny\AppData\Roaming\DMCache" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Benny\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2013-12-27 18:31:13 99F4FC172A5ACE36CF00AA7038D23F2C 2332368 ----a-w- C:\Windows\System32\d3dx9_29.dll
2013-12-27 18:08:51 8B01FB723F3B30AB3DEBDDBF97CFE577 515416 ----a-w- C:\Windows\System32\XAudio2_5.dll
2013-12-27 18:08:51 501AC862517C5445742BEE8A2B88414E 453456 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-12-27 18:08:51 30686ECE80545E06D78D156EB9F7D463 69464 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2013-12-24 13:38:56 822E4743E61687933629AE3A8DECABC2 65024 ----a-w- C:\Windows\System32\jsproxy.dll
2013-12-24 13:38:56 4CC9DF09C3D915BA0A101A11DB684F26 1129472 ----a-w- C:\Windows\System32\wininet.dll
2013-12-24 13:38:56 35AAE2E841AA1A949775168E119482C9 161792 ----a-w- C:\Windows\System32\msls31.dll
2013-12-24 13:38:55 B787EE3F327ABAC1EC47313B3A673598 1796096 ----a-w- C:\Windows\System32\iertutil.dll
2013-12-24 13:38:55 736D1B28224F9DF8008BE8B0DEDFC9EF 76800 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-12-24 13:38:55 6B036492120E65C0C367DC31D01088A1 74752 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-24 13:38:55 5AAFA41F2A09D68F43741EF13937650A 1105408 ----a-w- C:\Windows\System32\urlmon.dll
2013-12-24 13:38:55 0B8FE658BD033EC8B1F6FBC305CC65E7 162304 ----a-w- C:\Windows\System32\msrating.dll
2013-12-24 13:38:54 EE0AFCEE88098F754212F9069E80A766 86528 ----a-w- C:\Windows\System32\iesysprep.dll
2013-12-24 13:38:54 E8F37AF4D09972684D9EE1786901F540 176640 ----a-w- C:\Windows\System32\ieui.dll
2013-12-24 13:38:54 CA493A92DA9880B6F1A89C3DBD54BA5B 223232 ----a-w- C:\Windows\System32\dxtrans.dll
2013-12-24 13:38:54 B231416DD7569B5C16F2DD2D2D64BB5A 9739264 ----a-w- C:\Windows\System32\ieframe.dll
2013-12-24 13:38:54 76EB0222590D5DCD050CF862237F414A 63488 ----a-w- C:\Windows\System32\tdc.ocx
2013-12-24 13:38:54 76E987D8CF0683337CF165363B6FDFD9 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2013-12-24 13:38:54 4312DEBDACBE338F0B90E7F08E7672BE 353792 ----a-w- C:\Windows\System32\dxtmsft.dll
2013-12-24 13:38:54 09C9E7F477FB225FDB3B6DE8FED0AA9B 367104 ----a-w- C:\Windows\System32\html.iec
2013-12-24 13:38:53 F83865A3007357A5E498EB9E3BED273D 31744 ----a-w- C:\Windows\System32\iernonce.dll
2013-12-24 13:38:53 F0FEFB0B5D25A75D478A4317139D937E 353584 ----a-w- C:\Windows\System32\iedkcs32.dll
2013-12-24 13:38:53 EE9D715AF1B928982F417238B9914484 434176 ----a-w- C:\Windows\System32\ieapfltr.dll
2013-12-24 13:38:53 C0B8B96D018849FD8CCF15FED84E8782 74240 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-12-24 13:38:53 BDA52464C16707EAA513C8A2920ACE1F 231936 ----a-w- C:\Windows\System32\url.dll
2013-12-24 13:38:53 83F5D4B41BB12CE146786E97F6AAD75E 3695416 ----a-w- C:\Windows\System32\ieapfltr.dat
2013-12-24 13:38:53 802B0229D904E28C1EA9A5274AB457FC 74752 ----a-w- C:\Windows\System32\iesetup.dll
2013-12-24 13:38:53 7AC9B18F1BE210702DA5E586224B1571 66048 ----a-w- C:\Windows\System32\icardie.dll
2013-12-24 13:38:53 6B4701D3D9724812E8C3801E7BF87157 23552 ----a-w- C:\Windows\System32\licmgr10.dll
2013-12-24 13:38:53 60B4F624BB87A3B21D3EC68F38DA6B61 78848 ----a-w- C:\Windows\System32\inseng.dll
2013-12-24 13:38:53 5193DE33F3284C447E0D31DAFBF92570 203776 ----a-w- C:\Windows\System32\webcheck.dll
2013-12-24 13:38:53 4B333D3CC96AE66BD754329FD2989EE2 72822 ----a-w- C:\Windows\System32\ieuinit.inf
2013-12-24 13:38:53 2429485305BCCFB1014B19BFB512E8F9 73216 ----a-w- C:\Windows\System32\mshtmled.dll
2013-12-24 13:38:53 06FDA396980A0157469A334E1BFEAF17 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-12-24 13:38:52 C89906FA43A58FD4CFC7EA06D885A597 12344320 ----a-w- C:\Windows\System32\mshtml.dll
2013-12-24 13:38:52 C2E35F6FCBD5B4DB2B52B32D1153EC04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-12-24 13:38:52 ADB9477A9C95C79FDF5DC214225603B0 420864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-24 13:38:52 A0C6AFE2C9C74573F5C0776CDE1128B1 142848 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-12-24 13:38:52 67BC2BA6F94D2D0C51213691FBFEEBB1 152064 ----a-w- C:\Windows\System32\wextract.exe
2013-12-24 13:38:52 5B37190F79F5D63C1033ED88C006080C 123392 ----a-w- C:\Windows\System32\occache.dll
2013-12-24 13:38:52 51AF0A12CD86E22E1A027C38CC021AC6 150528 ----a-w- C:\Windows\System32\iexpress.exe
2013-12-24 13:38:52 36E4D129029784EE37A2C14393B6A4E8 607744 ----a-w- C:\Windows\System32\msfeeds.dll
2013-12-24 13:38:52 061CBB1058A10C0875D18CAFF835AE97 11776 ----a-w- C:\Windows\System32\mshta.exe
2013-12-24 13:38:52 04A8B2F67825380BC0C7C46D56776133 54272 ----a-w- C:\Windows\System32\pngfilt.dll
2013-12-24 13:38:51 ED6F6FBBCDEC95483B7351E23F4FCDF6 110592 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-12-24 13:38:51 DB754FF5F6ADBA2A25EC1B6672D1C91E 163840 ----a-w- C:\Windows\System32\ieakui.dll
2013-12-24 13:38:51 C05A60DB2ED385E9BB5CF7AE773A3D9B 717824 ----a-w- C:\Windows\System32\jscript.dll
2013-12-24 13:38:51 90A57CA422923286838AAC7DE2D41B92 118784 ----a-w- C:\Windows\System32\iepeers.dll
2013-12-24 13:38:51 795202EFA9ED73F99C96235C1DC6A1AC 1806848 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-24 13:38:51 68563AC389F92EE79F1C714288BA1DCE 35840 ----a-w- C:\Windows\System32\imgutil.dll
2013-12-24 13:38:51 4B80D1F847C0658977E1E8051A4DE002 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll
2013-12-24 13:38:51 49729570B7FD369BBDEC16D7683324A0 227840 ----a-w- C:\Windows\System32\ieaksie.dll
2013-12-24 13:38:51 3F7A8BCF37433A69CEEDE1E6AEE79784 101888 ----a-w- C:\Windows\System32\admparse.dll
2013-12-24 13:38:51 1E7094AFAD0C369DD6D400C7047E4AB2 130560 ----a-w- C:\Windows\System32\ieakeng.dll
2013-12-24 13:38:51 1D3EE28BA231CBB9600F5D102EAF4EA7 10752 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-12-24 13:38:51 031DA76A5A7DC13F015DD3491394865E 114176 ----a-w- C:\Windows\System32\advpack.dll
====== C:\Windows\system32\drivers =====
2013-12-28 19:10:08 14EA85B4C79B655C229D3596342A833A 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-27 18:13:40 B0082808A6856A252F7CDD939892CE50 39272 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2013-12-27 17:25:02 E6B7D1B24E16FB24CE1FEA964E144EBC 243128 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-11 15:14:00 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 15:14:00 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\drivers\drmk.sys
====== C:\Windows\Tasks ======
2013-12-29 10:23:38 3F8753CAF27FA740B5B45F98D866B79A 3002 ----a-w- C:\Windows\system32\Tasks\{25981ECD-E55D-4728-BCF5-61362ABA5B75}
2013-12-25 18:31:27 744DA9CB122AD440BC14FFB2180D741C 3734 ----a-w- C:\Windows\system32\Tasks\User_Feed_Synchronization-{9F89B87A-0EDA-456A-95AD-DDFCA491ECDD}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-12-28 22:29:03 -------- d-----w- C:\Program Files\trend micro
2013-12-27 18:32:52 -------- d-----w- C:\Program Files\Common Files\Protexis
2013-12-27 17:50:30 -------- d-----w- C:\Program Files\MarketResearchHelper
2013-12-27 17:24:50 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2013-12-27 16:35:39 -------- d-----w- C:\Program Files\Smart File Advisor
2013-12-27 16:10:56 -------- d-----w- C:\Program Files\FileHippo.com
======= C: =====
====== C:\Users\Benny\AppData\Roaming ======
2013-12-28 16:07:24 -------- d-----w- C:\Users\TEMP\AppData\Local\temp
2013-12-28 16:07:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-12-28 16:07:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-12-28 16:07:24 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2013-12-28 16:07:24 -------- d-----w- C:\Users\Benny\AppData\Local\temp
2013-12-28 16:07:24 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2013-12-23 15:06:13 -------- d-----w- C:\Users\Administrator\AppData\Locallow\Sun
====== C:\Users\Benny ======
2013-12-29 03:10:28 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Benny\Downloads\adwcleaner.exe
2013-12-28 23:35:42 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Benny\Downloads\tdsskiller.exe
2013-12-28 22:43:41 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Benny\Downloads\mbar-1.07.0.1008.exe
2013-12-28 22:28:07 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Benny\Downloads\RSIT.exe
2013-12-28 19:20:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2013-12-27 17:59:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2013-12-27 17:29:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2013-12-27 17:26:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2013-12-27 16:35:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2013-12-27 16:22:33 7B1FA6728D2098F4C7761836F695E00E 9417592 ----a-w- C:\Users\Benny\Downloads\_Alcohol120_trial_2.0.2.5830.exe
2013-12-23 19:31:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2013-12-16 13:45:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

====== C: exe-files ==
2013-12-29 03:10:28 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Benny\Downloads\adwcleaner.exe
2013-12-28 23:35:42 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Benny\Downloads\tdsskiller.exe
2013-12-28 22:44:40 6CB8527528BFA9F690CD158EB61285C5 1175352 ----a-w- C:\Users\Benny\Desktop\mbar\mbar.exe
2013-12-28 22:44:40 255411A7AC135FB4A1E90A2A6EA6C7C5 821560 ----a-w- C:\Users\Benny\Desktop\mbar\Plugins\fixdamage.exe
2013-12-28 22:43:41 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Benny\Downloads\mbar-1.07.0.1008.exe
2013-12-28 22:29:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Benny.exe
2013-12-28 22:28:07 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Benny\Downloads\RSIT.exe
2013-12-28 19:20:02 BCFEFCF80E09551315F2C517B5FE928B 433192 ----a-w- C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
2013-12-28 19:20:02 AEE70B180FCA9D378A300F82E9D6313F 61440 ----a-w- C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe
2013-12-28 19:20:02 67CA453505042403CB82189D867208EA 162856 ----a-w- C:\Program Files\Sophos\Sophos Anti-Rootkit\sarcli.exe
2013-12-27 18:07:09 DC5AFC9E6DBB2C866F7AFABCFB1A8E39 7450888 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\720632321cf032e08\bingbarsetup.exe
2013-12-27 18:06:55 A0EE8879A17B1D4B00B37D294AF106D0 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\6c8e81e21cf032e07\MeshBetaRemover.exe
2013-12-27 18:06:49 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\68e21bb21cf032e06\DXSETUP.exe
2013-12-27 16:35:40 5F83CA95F9404519AE7E9957E7B9AB5C 655936 ----a-w- C:\Program Files\Smart File Advisor\SFAUpdater.exe
2013-12-27 16:22:33 7B1FA6728D2098F4C7761836F695E00E 9417592 ----a-w- C:\Users\Benny\Downloads\_Alcohol120_trial_2.0.2.5830.exe
2013-12-27 16:10:56 C16DCB2E91D2814D769B104F75437391 133920 ----a-w- C:\Program Files\FileHippo.com\Uninstall.exe
2013-12-24 13:38:56 73C8D00A87332F2DF0A7CFF87CEE1A82 107008 ----a-w- C:\Program Files\Internet Explorer\iecleanup.exe
2013-12-24 13:38:55 825E01EEC25E744FBCFB92F07FF411EE 307200 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
2013-12-24 13:38:55 736D1B28224F9DF8008BE8B0DEDFC9EF 76800 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-12-24 13:38:55 6B036492120E65C0C367DC31D01088A1 74752 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-24 13:38:55 43E6F2A7FB182F2D7CB0CE5B8F1005CF 757488 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-12-24 13:38:54 8911702CC546B76FE8F9C61987C68C43 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2013-12-24 13:38:54 3348D1B1D702E333CE99F7E0FD313460 468480 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-24 13:38:53 C0B8B96D018849FD8CCF15FED84E8782 74240 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-12-24 13:38:52 A0C6AFE2C9C74573F5C0776CDE1128B1 142848 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-12-24 13:38:52 67BC2BA6F94D2D0C51213691FBFEEBB1 152064 ----a-w- C:\Windows\System32\wextract.exe
2013-12-24 13:38:52 51AF0A12CD86E22E1A027C38CC021AC6 150528 ----a-w- C:\Windows\System32\iexpress.exe
2013-12-24 13:38:52 061CBB1058A10C0875D18CAFF835AE97 11776 ----a-w- C:\Windows\System32\mshta.exe
2013-12-24 13:38:51 512C7881C3F7836455ADC9EBF0A0B167 22016 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe
2013-12-24 13:38:51 1D3EE28BA231CBB9600F5D102EAF4EA7 10752 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-12-23 19:31:46 27016D36B811E97BDADABF46204FDF92 9452704 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-12-23 18:39:10 8D8E67E5A438E9906CC90C5ED4AA1AD7 35337056 ----a-w- C:\Users\Benny\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.63\31.0.1650.63_chrome_installer.exe
2013-12-23 18:33:00 600B1A4BCC0823A96DC7B86F005ADBB8 51080 ----atw- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe
2013-12-23 18:32:59 CA0A340ABCF0C14A09691CBC90186AB4 51080 ----atw- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateBroker.exe
2013-12-23 18:32:53 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateSetup.exe
2013-12-23 18:27:55 9CCBA5E2489E603BB1578D1D541252A8 273800 ----atw- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
2013-12-23 18:27:54 465680BDE344CE4FF6646626AA3A9125 223112 ----atw- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
2013-12-23 18:27:43 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\GoogleUpdate.exe
2013-12-23 18:27:38 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Users\Benny\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe
=== C: other files ==
2013-12-29 10:05:23 F46177EC80A402614D9E936076A46CD3 84 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys
2013-12-28 23:36:41 EB7310B5CFDD5656C192C7096BD586C7 4101441 ----a-w- C:\Users\Benny\Downloads\tdsskiller.zip
2013-12-28 19:20:02 68DE5B1E82D3DD10F5F6169522C7C88A 18816 ----a-w- C:\Program Files\Sophos\Sophos Anti-Rootkit\savrkboottasks.sys
2013-12-28 19:20:02 1595FECFFBE9EA2417E06D5FD0BFA4C4 6144 ----a-w- C:\Program Files\Sophos\Sophos Anti-Rootkit\MEMSWEEP.sys
2013-12-28 19:10:08 14EA85B4C79B655C229D3596342A833A 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-27 18:13:40 B0082808A6856A252F7CDD939892CE50 39272 -c--a-w- C:\Windows\System32\DRVSTORE\fssfltr_F81BFAB31A96EBC51D97A2D005244F41BE442B43\fssfltr.sys
2013-12-27 18:13:40 B0082808A6856A252F7CDD939892CE50 39272 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2013-12-27 17:25:02 E6B7D1B24E16FB24CE1FEA964E144EBC 243128 ----a-w- C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_e1efbc3e\dtsoftbus01.sys
2013-12-27 17:25:02 E6B7D1B24E16FB24CE1FEA964E144EBC 243128 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-27 17:25:02 E6B7D1B24E16FB24CE1FEA964E144EBC 243128 ----a-w- C:\Program Files\DAEMON Tools Lite\dtsoftbus01.sys
2013-12-23 17:44:41 8A0FAAB72370EF0FAE72DB8F4CFDAD22 360705 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_32c233df-a208-47d2-9fec-d143a22bb434.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2882329227-1665283863-2783355996-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Skytel"="Skytel.exe"
"RtHDVCpl"="RtHDVCpl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AlcoholAutomount"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxAutoMntSrv.exe\" -automount"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="beid"
"hkey"="HKCU"
"command"="C:\\Program Files\\Belgium Identity Card\\beid35gui.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileHippo.com]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileHippo.com"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\FileHippo.com\\UpdateChecker.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Benny\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Messenger (Yahoo!)"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MyTomTomSA.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MyTomTom 3\\MyTomTomSA.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth Manager.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth Manager.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TosBtMng.exe "
"item"="Bluetooth Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\McAfee Security Scan\\2.0.181\\SSScheduler.exe "
"item"="McAfee Security Scan Plus"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/12/2013 19:04]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2010 13:21]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2010 13:21]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000Core.job --a------ C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe [25/04/2009 22:18]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000UA.job --a------ C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe [25/04/2009 22:18]
C:\Windows\tasks\Norton Security Scan for Benny.job --ah----- C:\PROGRA1\NORTON2\NORTON1\Engine\4031.24\Nss.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-PC_van_Benny-Benny" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000Core" [C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2882329227-1665283863-2783355996-1000UA" [C:\Users\Benny\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Norton Security Scan for Benny" [C:\PROGRA~1\NORTON~2\NORTON~1\Engine\403~1.24\Nss.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{9F89B87A-0EDA-456A-95AD-DDFCA491ECDD}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{394E346B-EA73-4282-BF29-587734DDBDFA}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\NCH Swift Sound\wavepadShakeIcon" [C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [13/08/2009 22:06]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0dz9mean.default
C36444D7301A8C881FC7296B092609C7 - C:\Users\Benny\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.1.0.30109.0.dll - Silverlight Plug-In
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edoiniiopjcdfgbmifhffjabckanjblk - C:\Program Files\glindorus\edoiniiopjcdfgbmifhffjabckanjblk.crx[]
ppkgikfccbpebogfnekmgiomgamjafel - C:\Program Files\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx[23/11/2013 03:29]

MarketResearchHelper - Benny - Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel

==== Chrome Fix ======================

C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edoiniiopjcdfgbmifhffjabckanjblk_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://users.skynet.be/oefensite-HTML"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://users.skynet.be/oefensite-HTML"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_nl"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\edoiniiopjcdfgbmifhffjabckanjblk deleted successfully

==== Empty IE Cache ======================

C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(100)\Content.IE5 emptied successfully
C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(1163)\Content.IE5 emptied successfully
C:\Users\Benny\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zh6l4mbi.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1116 folders=78 33620620 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Benny\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Benny\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Benny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not found

==== EOF on zo 29/12/2013 at 11:51:20,92 ======================

 

[Zer0Day]

Start

Zoek.exe nogmaals met het onderstaande script.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  C:\Program Files\MarketResearchHelper;fs
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk];r64
  C:\\Program Files\\McAfee Security Scan;fs
  C:\Windows\tasks\Norton Security Scan for Benny.job;f
  C:\ProgramData\Norton;fs
  C:\Program Files\Norton Security Scan;fs
  C:\Program Files\NortonInstaller;fs
  C:\ProgramData\NortonInstaller;fs
  ppkgikfccbpebogfnekmgiomgamjafel;chr

• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht.

 

[boterblommeken]

Deze scan was blijkbaar een vluggertje:

Zoek.exe v5.0.0.0 Updated 28-December-2013
Tool run by Benny on zo 29/12/2013 at 12:41:51,80.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Benny\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-29-105120.log 35459 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

==== Deleting Files \ Folders ======================

C:\\Program Files\\McAfee Security Scan not found
C:\Program Files\MarketResearchHelper deleted
C:\ProgramData\Norton deleted
C:\Program Files\Norton Security Scan deleted
C:\Program Files\NortonInstaller deleted
C:\ProgramData\NortonInstaller deleted
"C:\Windows\tasks\Norton Security Scan for Benny.job" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ppkgikfccbpebogfnekmgiomgamjafel - C:\Program Files\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx[]

Google Wallet - Benny - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
MarketResearchHelper - Benny - Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel

==== Chrome Fix ======================

C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel deleted successfully
C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ppkgikfccbpebogfnekmgiomgamjafel_0.localstorage deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ppkgikfccbpebogfnekmgiomgamjafel deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1215 folders=113 67403897 bytes)

==== EOF on zo 29/12/2013 at 12:44:37,61 ======================

 

[Zer0Day]

Ja, dat waren enkele restantjes en wat overbodige scanners zoals McAffee enz.

Hoe gaat het nu met de problemen?

 

[boterblommeken]

1) Opstarten:
Hier kan ik nog niets over zeggen, want als hij eenmaal opgestart heeft is er geen enkel probleem om hem steeds opnieuw op te starten. Bij de allereerste opstart na enkele uren stilstand beginnen de problemen.

2) Vastlopen:
Hij loopt nog steeds vast, eigenaardig genoeg doet hij dit meestal vanaf het moment dat ik naar facebook surf (was ik er voor vergeten te melden) als ik daar wegblijf blijft het vastlopen ook weg?

3) Bij het openen van IE wil hij steeds iets instaleren. (er verschijnt steeds een schermje "windows installer" dit is maar een seconde of zo, dan is het al weg)

Dit is nog steeds zo, ik heb dit niet als ik met fire fox of chroome surf?
Ik heb de indruk dat er bij IE iets veranderd is.
Mijn startpagina is deze Oefensite-HTML en ik kan me niet van de indruk ontdoen dat IE problemen heeft met de buienradar of de link van google streetvieuw die op deze pagina staat? of zie ik spoken?

Ik denk zelfs dat het vastlopen als ik naar facebook surf ook iets met de instellingen van IE te maken heeft?

 

[Qtex]

uw oefensite opent hier gewoon op de IE11 zonder moeilijk te doen er word ook niets genoemd om te installeren ...
heb je de IE al eens opnieuw ingesteld via de internet opties tap geavanceerd " opnieuw instellen "