PC zeer traag, MOM.EXE e.d. graag hulp

Hallo,

Mijn PC is zeer traag en altijd zeer druk doende, terwijl er naar mijn weten niets zichtbaars aan progs draait.

Wel zie ik een aantal .EXE files (waaronder MOM.EXE) in windows taakbeheer die ik die ik niet thuis kan brengen.

Alhoewel ik NOD32 als beveiliging heb krijg ik toch nog met dit probleem te maken.

Kan iemand mij helpen dit probleem op te lossen?

OS: Windows XP, 32bits.

12 oktober 2013 aangepast door Bustraa

Nog even dit: Ik lees net dat MOM.EXE niet malware hoeft te zijn.

3x is scheepsrecht:

Verder valt het mij op dat als ik de PC in slaapstand uitzet, dat hij na enkele seconden toch weer aangaat.

Alhoewel NOD niets aangeeft, zou ik toch een grondig malware controle willen doen.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

• RSIT 32 bit (RSIT.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Logfile of random's system information tool 1.09 (written by random/random)

Run by S.M. v.d.Laan at 2013-10-12 15:54:36

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 136 GB (86%) free of 157 GB

Total RAM: 895 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:54:45, on 12-10-2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\EscSvc.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\N5W6JZ1T\RSIT[2].exe

C:\Program Files\trend micro\S.M. v.d.Laan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Clubs T-IF v2.0.4 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\21JRD1PV\rtclubs[1].exe (file missing)

O9 - Extra 'Tools' menuitem: Clubs T-IF v2.0.4 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\21JRD1PV\rtclubs[1].exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aragorn.nl

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\WINDOWS\system32\EscSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

--

End of file - 10810 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}]

E-Web Print - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28 238656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-10 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-10 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

!{EEE6C35B-6118-11DC-9C72-001320C79847}

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26 319488]

{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - E-Web Print - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28 238656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-09 16859648]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"sfagent"=C:\Program Files\Fighters\SPAMfighter\sfagent.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]

"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2011-10-31 1058400]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-21 5078504]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-08-16 152392]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]

C:\PROGRA~1\Raptr\raptrstub.exe --startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^S.M. v.d.Laan^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2007-03-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\WYYE253T\SweetImSetup[1].exe"="C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\WYYE253T\SweetImSetup[1].exe:*:Enabled:SweetIM Installer"

"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"

"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"

"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"

"C:\Program Files\EPSON Software\Event Manager\EEventManager.exe"="C:\Program Files\EPSON Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-10-12 15:54:36 ----D---- C:\rsit

2013-10-11 15:12:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-10-11 15:12:45 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2013-10-11 13:51:07 ----DC---- C:\WINDOWS\$NtUninstallKB2847311$

2013-10-11 13:49:24 ----DC---- C:\WINDOWS\$NtUninstallKB2862335$

2013-10-11 13:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$

2013-10-11 13:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2883150$

2013-10-11 13:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$

2013-09-13 17:03:34 ----D---- C:\WINDOWS\pss

2013-09-13 16:51:47 ----D---- C:\!KillBox

2013-09-13 13:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$

2013-09-13 13:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$

2013-09-13 13:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$

======List of files/folders modified in the last 1 month======

2013-10-12 15:54:45 ----D---- C:\WINDOWS\Prefetch

2013-10-12 15:54:42 ----D---- C:\Program Files\trend micro

2013-10-12 13:09:03 ----D---- C:\WINDOWS\Temp

2013-10-12 11:10:28 ----D---- C:\WINDOWS\Microsoft.NET

2013-10-12 11:10:11 ----RSD---- C:\WINDOWS\assembly

2013-10-12 11:08:06 ----D---- C:\WINDOWS

2013-10-11 15:33:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-10-11 15:33:24 ----D---- C:\Config.Msi

2013-10-11 15:33:19 ----SHD---- C:\WINDOWS\Installer

2013-10-11 15:33:14 ----D---- C:\WINDOWS\system32

2013-10-11 15:33:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2013-10-11 15:32:58 ----D---- C:\WINDOWS\WinSxS

2013-10-11 15:31:03 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-10-11 15:31:03 ----HD---- C:\WINDOWS\inf

2013-10-11 15:31:03 ----D---- C:\WINDOWS\system32\drivers

2013-10-11 15:28:09 ----D---- C:\WINDOWS\system32\CatRoot2

2013-10-11 15:27:13 ----A---- C:\WINDOWS\system32\MRT.exe

2013-10-11 15:12:45 ----D---- C:\Program Files

2013-10-11 13:57:31 ----D---- C:\Program Files\Internet Explorer

2013-10-11 13:55:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-10-11 13:49:29 ----A---- C:\WINDOWS\imsins.BAK

2013-10-11 13:48:13 ----D---- C:\WINDOWS\system32\MRT

2013-10-11 13:20:47 ----D---- C:\WINDOWS\ie8updates

2013-09-23 23:55:12 ----A---- C:\WINDOWS\system32\ieframe.dll

2013-09-23 20:25:15 ----A---- C:\WINDOWS\system32\wininet.dll

2013-09-23 20:25:14 ----N---- C:\WINDOWS\system32\occache.dll

2013-09-23 20:25:14 ----N---- C:\WINDOWS\system32\mstime.dll

2013-09-23 20:25:14 ----A---- C:\WINDOWS\system32\urlmon.dll

2013-09-23 20:25:14 ----A---- C:\WINDOWS\system32\url.dll

2013-09-23 20:25:14 ----A---- C:\WINDOWS\system32\mshtmled.dll

2013-09-23 20:25:14 ----A---- C:\WINDOWS\system32\mshtml.dll

2013-09-23 20:25:12 ----N---- C:\WINDOWS\system32\licmgr10.dll

2013-09-23 20:25:12 ----N---- C:\WINDOWS\system32\jsproxy.dll

2013-09-23 20:25:12 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2013-09-23 20:25:12 ----A---- C:\WINDOWS\system32\msfeeds.dll

2013-09-23 20:25:12 ----A---- C:\WINDOWS\system32\iertutil.dll

2013-09-23 20:25:11 ----A---- C:\WINDOWS\system32\iepeers.dll

2013-09-23 20:25:08 ----N---- C:\WINDOWS\system32\iedkcs32.dll

2013-09-23 20:25:08 ----A---- C:\WINDOWS\system32\corpol.dll

2013-09-23 20:07:19 ----N---- C:\WINDOWS\system32\ie4uinit.exe

2013-09-18 13:36:20 ----D---- C:\WINDOWS\network diagnostic

2013-09-15 14:09:09 ----D---- C:\Documents and Settings\All Users\Application Data\ABBYY

2013-09-15 14:02:50 ----ASH---- C:\boot.ini

2013-09-15 14:02:50 ----A---- C:\WINDOWS\win.ini

2013-09-15 14:02:50 ----A---- C:\WINDOWS\system.ini

2013-09-13 16:37:38 ----D---- C:\Documents and Settings

2013-09-13 16:32:29 ----AC---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]

R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-07 1972736]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-15 4652544]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-07 446464]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]

R2 EpsonScanSvc;Epson Scanner Service; C:\WINDOWS\system32\EscSvc.exe [2011-12-12 122000]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-05-10 181664]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-08-16 553288]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08 256904]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-07-29 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

12 oktober 2013 aangepast door Mako
Dubbellog verwijderd

@ Bustraa,

Van zodra 1 van de experts online is zal deze je zeker verder helpen aangaande je vraag/probleem.

Hallo Bustraa,

1. Download TDSSKiller en plaats het op je bureaublad.
   
   • 
     
   • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
     
     • 
       
     • Klik hier voor de handleiding van Kaspersky TDSSKiller

[*] Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).

[*] Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"

[*] Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.

[*] Start nu TDSSkiller opnieuw.

[*] Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.

[*] Klik op de knop "Start Scan" en volg de instructies.

• 
  
• Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
  
• Wanneer er een herstart nodig was, vind je de logfile in C:\\TDSSKiller.[Version]_[Date]_[Time]_log.txt
  
• Voeg dit log-bestand als bijlage toe aan het volgende bericht.

[*]Download Zoek.zip naar het bureaublad.

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
startupall; 
filesrcm;
emptyalltemp;
{ECC5777A-6E88-BFCE-13CE-81F134789E7B};c
!{EEE6C35B-6118-11DC-9C72-001320C79847};c
{EEE6C35B-6118-11DC-9C72-001320C79847};c
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list];r
"C:\Program Files\IncrediMail\bin\ImApp.exe"=-;r
"C:\Program Files\IncrediMail\bin\IncMail.exe"=-;r
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"=-;r
"C:\Program Files\Vuze\Azureus.exe"=-;r
"C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\WYYE253T\SweetImSetup[1].exe"=-;r
C:\Program Files\IncrediMail;fs
C:\Program Files\Vuze;fs
C:\!KillBox;fs

• 
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Hang beide logjes als bijlage aan je volgende bericht aub.

Hi Mako,

Hier mijn huiswerk:

13:12:55.0156 0x0188 TDSS rootkit removing tool 3.0.0.12 Oct 9 2013 14:59:22

13:12:55.0656 0x0188 ============================================================

13:12:55.0656 0x0188 Current date / time: 2013/10/14 13:12:55.0656

13:12:55.0656 0x0188 SystemInfo:

13:12:55.0656 0x0188

13:12:55.0656 0x0188 OS Version: 5.1.2600 ServicePack: 3.0

13:12:55.0656 0x0188 Product type: Workstation

13:12:55.0656 0x0188 ComputerName: ARAGORN-A02D8D3

13:12:55.0656 0x0188 UserName: S.M. v.d.Laan

13:12:55.0656 0x0188 Windows directory: C:\WINDOWS

13:12:55.0656 0x0188 System windows directory: C:\WINDOWS

13:12:55.0656 0x0188 Processor architecture: Intel x86

13:12:55.0656 0x0188 Number of processors: 1

13:12:55.0656 0x0188 Page size: 0x1000

13:12:55.0656 0x0188 Boot type: Normal boot

13:12:55.0656 0x0188 ============================================================

13:12:57.0531 0x0188 System UUID: {92070D26-1FEE-C80D-0930-5CAEE9B076F9}

13:12:58.0125 0x0188 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:12:58.0140 0x0188 Drive \Device\Harddisk5\DR6 - Size: 0x3F300000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:12:58.0140 0x0188 Drive \Device\Harddisk6\DR7 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:12:58.0140 0x0188 ============================================================

13:12:58.0140 0x0188 \Device\Harddisk0\DR0:

13:12:58.0140 0x0188 MBR partitions:

13:12:58.0140 0x0188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77

13:12:58.0140 0x0188 \Device\Harddisk5\DR6:

13:12:58.0140 0x0188 MBR partitions:

13:12:58.0140 0x0188 \Device\Harddisk6\DR7:

13:12:58.0140 0x0188 MBR partitions:

13:12:58.0140 0x0188 \Device\Harddisk6\DR7\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D7FE0

13:12:58.0140 0x0188 ============================================================

13:12:58.0171 0x0188 C: <-> \Device\Harddisk0\DR0\Partition1

13:12:58.0171 0x0188 ============================================================

13:12:58.0171 0x0188 Initialize success

13:12:58.0171 0x0188 ============================================================

13:13:23.0734 0x01d0 ============================================================

13:13:23.0734 0x01d0 Scan started

13:13:23.0734 0x01d0 Mode: Manual; SigCheck; TDLFS;

13:13:23.0734 0x01d0 ============================================================

13:13:23.0734 0x01d0 KSN ping started

13:13:56.0062 0x01d0 KSN ping finished: true

13:13:56.0203 0x01d0 ================ Scan system memory ========================

13:13:56.0203 0x01d0 System memory - ok

13:13:56.0203 0x01d0 ================ Scan services =============================

13:13:56.0296 0x01d0 Abiosdsk - ok

13:13:56.0296 0x01d0 abp480n5 - ok

13:13:56.0343 0x01d0 [ 02273A448BA21A7D447DAEB47810D40C, 1CB409BE2648ECA04A128230C6DADEA3ADA0720E24BA3BA9267D09751972E519 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:13:57.0687 0x01d0 ACPI - ok

13:13:57.0750 0x01d0 [ 63F517B1A87DABF3F5ACB8A7952FC1D1, 9A08759B9E02509D47FDCEF47C3B8E9081E687D7931D56672A6285E8C3520185 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

13:13:57.0890 0x01d0 ACPIEC - ok

13:13:57.0953 0x01d0 [ 9915504F602D277EE47FD843A677FD15, 308B8FC957AB70FC982ED1B780A3D106B3E372397468795B2A7E7DF30FBB5760 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:13:57.0984 0x01d0 AdobeFlashPlayerUpdateSvc - ok

13:13:57.0984 0x01d0 adpu160m - ok

13:13:58.0015 0x01d0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

13:13:58.0156 0x01d0 aec - ok

13:13:58.0203 0x01d0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

13:13:58.0281 0x01d0 AFD - ok

13:13:58.0281 0x01d0 Aha154x - ok

13:13:58.0296 0x01d0 aic78u2 - ok

13:13:58.0296 0x01d0 aic78xx - ok

13:13:58.0343 0x01d0 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49, ED4EE32A51C7650FB20D10765ADB01B8743228B6BC712D4509571947BAC3AC58 ] Alerter C:\WINDOWS\system32\alrsvc.dll

13:13:58.0468 0x01d0 Alerter - ok

13:13:58.0484 0x01d0 [ DAB2A89FDE5CF791161200D90C1BCB12, 7F14CE7C85CDD5944134CC97A9B3AA0E7A0724D6D7A3DB3E0F68A4E9A1FE1446 ] ALG C:\WINDOWS\System32\alg.exe

13:13:58.0546 0x01d0 ALG - ok

13:13:58.0562 0x01d0 AliIde - ok

13:13:58.0562 0x01d0 amsint - ok

13:13:58.0656 0x01d0 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:13:58.0671 0x01d0 Apple Mobile Device - ok

13:13:58.0671 0x01d0 AppMgmt - ok

13:13:58.0687 0x01d0 asc - ok

13:13:58.0703 0x01d0 asc3350p - ok

13:13:58.0703 0x01d0 asc3550 - ok

13:13:58.0781 0x01d0 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:13:58.0781 0x01d0 aspnet_state - ok

13:13:58.0828 0x01d0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:13:58.0953 0x01d0 AsyncMac - ok

13:13:59.0000 0x01d0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

13:13:59.0140 0x01d0 atapi - ok

13:13:59.0171 0x01d0 [ 0907A12341E56DDA7B22F8FD116A981D, 0BFF1EC85B17086606F664BD9D102B2976FEC4D2A83D23F42FA2FE6C26BCB397 ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys

13:13:59.0218 0x01d0 AtcL001 - ok

13:13:59.0218 0x01d0 Atdisk - ok

13:13:59.0265 0x01d0 [ 982CE0265B922F5F27F36894D51BA990, B821F8B78F6A63CDEC2A0986612E06F2D275457C014E9ED31EC990D9B29A8605 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

13:13:59.0390 0x01d0 Ati HotKey Poller - ok

13:13:59.0500 0x01d0 [ EC933673CF0131C4F1422B348D915F48, 34C2F4999F603C06FEFC071A5B30C554EBCBCEEF69C61D13A111F0E653578446 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

13:13:59.0625 0x01d0 ati2mtag - ok

13:13:59.0640 0x01d0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:13:59.0796 0x01d0 Atmarpc - ok

13:13:59.0828 0x01d0 [ F10745ED3195360E69AA4A6E7768C0E0, 0D8F285AA9AAB23EBF6BFCCDD631134BBFC479790984B8A728D3B1C988AD3F15 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

13:13:59.0968 0x01d0 AudioSrv - ok

13:13:59.0968 0x01d0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

13:14:00.0093 0x01d0 audstub - ok

13:14:00.0140 0x01d0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

13:14:00.0281 0x01d0 Beep - ok

13:14:00.0343 0x01d0 [ 5C0073A51C4873430FA8B262E92183FF, DE035B8F5BDCA347CBB753FE5B731CE41D4C1C49E7091BD90548B8A9C0A1D073 ] BITS C:\WINDOWS\system32\qmgr.dll

13:14:00.0484 0x01d0 BITS - ok

13:14:00.0515 0x01d0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:14:00.0546 0x01d0 Bonjour Service - ok

13:14:00.0578 0x01d0 [ 139102D1865D3C1F152A25ABD16242DB, D667727C89B71C1D823B3DBB75FD91F950C08C7090EB5790197BB50BF9A00A84 ] Browser C:\WINDOWS\System32\browser.dll

13:14:00.0640 0x01d0 Browser - ok

13:14:00.0687 0x01d0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

13:14:00.0843 0x01d0 cbidf2k - ok

13:14:00.0843 0x01d0 cd20xrnt - ok

13:14:00.0859 0x01d0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

13:14:01.0031 0x01d0 Cdaudio - ok

13:14:01.0062 0x01d0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

13:14:01.0218 0x01d0 Cdfs - ok

13:14:01.0218 0x01d0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:14:01.0375 0x01d0 Cdrom - ok

13:14:01.0375 0x01d0 Changer - ok

13:14:01.0406 0x01d0 [ BD85400700B80FBE3D4A3412BCE74861, 78419D94EEDD5C6C82A09425DADA30347D47897D40090E65970DB54F106E014F ] CiSvc C:\WINDOWS\system32\cisvc.exe

13:14:01.0562 0x01d0 CiSvc - ok

13:14:01.0593 0x01d0 [ 4FB6108130829666C8FE96B442FEAD94, 9811037E2A195C05B442F928C4E95FDD1AF249461527269ED8508116A18DBF28 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

13:14:01.0750 0x01d0 ClipSrv - ok

13:14:01.0781 0x01d0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:14:01.0796 0x01d0 clr_optimization_v2.0.50727_32 - ok

13:14:01.0812 0x01d0 CmdIde - ok

13:14:01.0812 0x01d0 COMSysApp - ok

13:14:01.0843 0x01d0 Cpqarray - ok

13:14:01.0859 0x01d0 [ 0A9CF5D3CF63A8699F28C814EF821C7E, D6F09CABB25E557023312EE9921CCC35096B7B36C6A95A520D7514C33F70FCB2 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

13:14:02.0000 0x01d0 CryptSvc - ok

13:14:02.0000 0x01d0 dac2w2k - ok

13:14:02.0015 0x01d0 dac960nt - ok

13:14:02.0062 0x01d0 [ D9883335CC1C17AFC3A09C8AC3E4DBE4, 3EFA827E7E7E5E584AD7AC594B65150F4A433C88AF21684DA7AFC86F98B6C62C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

13:14:02.0125 0x01d0 DcomLaunch - ok

13:14:02.0156 0x01d0 [ 146AB038F5DBB366122D28444999AB2C, 828B0D0061CF8944A409202FA146008D7564768F8B87C7920FFA7779FF0B5126 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

13:14:02.0312 0x01d0 Dhcp - ok

13:14:02.0328 0x01d0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

13:14:02.0484 0x01d0 Disk - ok

13:14:02.0500 0x01d0 dmadmin - ok

13:14:02.0562 0x01d0 [ DEC123E0C75971D0CC7A6C6A75E28429, 7520BD43B0CCCC2F17A9BC7E5330341283BAF6DD10828B1CEBD8634C8EBFAA4F ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

13:14:02.0734 0x01d0 dmboot - ok

13:14:02.0750 0x01d0 [ 7268E66259722F6228C730685B201092, 3B8A38FA33D7C7A523490639B35CF165D512DB6BA64E5F606A54E2C2F12FD121 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

13:14:02.0890 0x01d0 dmio - ok

13:14:02.0921 0x01d0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

13:14:03.0062 0x01d0 dmload - ok

13:14:03.0093 0x01d0 [ 127DB74184E2D3D31655DA525A5EFDE1, 9A632E97AE3C6CD05E36640DFE23420CA1164B5D33E2D849E31CB7BEF104C44C ] dmserver C:\WINDOWS\System32\dmserver.dll

13:14:03.0218 0x01d0 dmserver - ok

13:14:03.0265 0x01d0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

13:14:03.0406 0x01d0 DMusic - ok

13:14:03.0453 0x01d0 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025, 0D19EDB5CA83BE03FD931250935F59AAD2410DE374F20D694CD0E4207D2ED37F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

13:14:03.0531 0x01d0 Dnscache - ok

13:14:03.0562 0x01d0 [ 90EE765E1A598B578852901F74F914F1, 6A262A9234E1E9A19AF948A5E362F4B43CBC6EF2CCE796D4602D303A519CD545 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

13:14:03.0703 0x01d0 Dot3svc - ok

13:14:03.0718 0x01d0 dpti2o - ok

13:14:03.0718 0x01d0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

13:14:03.0859 0x01d0 drmkaud - ok

13:14:03.0890 0x01d0 [ 14EA0C26137744636EB25B3FF1F2B02E, D621C86FBE526323393A359F19564BD9492D3B03C40889C6455337FF93F63A97 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys

13:14:18.0921 0x01d0 eamon - ok

13:14:18.0953 0x01d0 [ E6BBDEBF7081899D161C773E8D84D015, BD0059A3B9A154F2140F35CBF7402F8BB62260087917DA9DE817DEC161D73B8C ] EapHost C:\WINDOWS\System32\eapsvc.dll

13:14:19.0093 0x01d0 EapHost - ok

13:14:19.0140 0x01d0 [ 366369746D1818FDD8589D1F2C8A6D03, 3EF30C36DEAB79C2E971CA189BDEBAC2491956D3C834E0D1ECCACBD23717B128 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys

13:14:19.0156 0x01d0 ehdrv - ok

13:14:19.0265 0x01d0 [ 7FE34FD5652C54BDA8D2DF8AC92E833A, 2B2836F47398AAD173F0D5C016B3B4DAB13F4EEC991B05D3C8B1DF310B25A96A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

13:14:19.0375 0x01d0 ekrn - ok

13:14:19.0406 0x01d0 [ 8BED309AC2E0ACDB9DE6B645B1FBB871, A6D982AB20E460DCECA0A3F8B061C39FA0119E28E670DE77FE2E123E54B2FC28 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

13:14:19.0421 0x01d0 epfwtdir - ok

13:14:19.0468 0x01d0 [ E9EFCB47B90FD5498695BB7FEFD36CAE, 453B956C99C4D3626B0B0BDB449E9F0283D01AD50C331E298D219B4710BD6870 ] EpsonScanSvc C:\WINDOWS\system32\EscSvc.exe

13:14:19.0484 0x01d0 EpsonScanSvc - ok

13:14:19.0500 0x01d0 [ 2F5C7F650B7AF178988946EE4B0D9C01, 3FF2BAAB10A26A3E7A8DA28BE4689623E603403E4B11191BC66E9E4BA8E3988A ] ERSvc C:\WINDOWS\System32\ersvc.dll

13:14:19.0640 0x01d0 ERSvc - ok

13:14:19.0671 0x01d0 [ 657B69389B893F440B07590C9E963F23, 3F426BFDD951DB25C1E3D33EBBA5770A39E39748EC3E3FFD09EC270636BB9E4E ] Eventlog C:\WINDOWS\system32\services.exe

13:14:19.0687 0x01d0 Eventlog - ok

13:14:19.0734 0x01d0 [ 97912DC0679D2DA60CCE589BBC196D72, 21CAC5888F73F5DB34A8AA5BBDEF1494F837B70BE32460CCAF62D4AC8B83F364 ] EventSystem C:\WINDOWS\system32\es.dll

13:14:19.0765 0x01d0 EventSystem - ok

13:14:19.0781 0x01d0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

13:14:19.0937 0x01d0 Fastfat - ok

13:14:19.0968 0x01d0 [ 2D5D4156292150FE571872C1B88E9299, 994B87F4E3FCB3227306E6C1C3EAB5E3C6756BAD94B70CBE790EC953E08EA2E1 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

13:14:20.0062 0x01d0 FastUserSwitchingCompatibility - ok

13:14:20.0078 0x01d0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

13:14:20.0218 0x01d0 Fdc - ok

13:14:20.0218 0x01d0 [ 8BFFFB5AC954E19DFDB96D56512AA518, D4C2502B8B6A1B79711B817AEB671CBA23FBF8CE77743BD892ABFEB7201963D7 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

13:14:20.0343 0x01d0 Fips - ok

13:14:20.0406 0x01d0 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:14:20.0453 0x01d0 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )

13:14:30.0578 0x01d0 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

13:14:50.0578 0x01d0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:14:50.0687 0x01d0 Flpydisk - ok

13:14:50.0718 0x01d0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

13:14:50.0828 0x01d0 FltMgr - ok

13:14:50.0890 0x01d0 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:14:50.0906 0x01d0 FontCache3.0.0.0 - ok

13:14:50.0906 0x01d0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:14:51.0031 0x01d0 Fs_Rec - ok

13:14:51.0046 0x01d0 [ FA8CA22E70245C81FF29C36AF56292FC, 29BE006A4F5B125D1D3A556199690CCF0B537917DD004033659141E72CF3AD49 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:14:51.0156 0x01d0 Ftdisk - ok

13:14:51.0187 0x01d0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:14:51.0203 0x01d0 GEARAspiWDM - ok

13:14:51.0218 0x01d0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:14:51.0328 0x01d0 Gpc - ok

13:14:51.0359 0x01d0 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:14:51.0468 0x01d0 HDAudBus - ok

13:14:51.0515 0x01d0 [ 5327BAD9B35C33D2A64B64E4CF282ECD, 766F9BDE4CAAA058F023C35605E3BD0C267F5D1B6A98A0809F33D89708BA9506 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:14:51.0625 0x01d0 helpsvc - ok

13:14:51.0625 0x01d0 [ 10003105AAB8D5A7DB51A9CB3D9F55A3, C10BDB449CCED819540B462C905E3A9F519BBE1EE6D57961F298F06F866B239F ] HidServ C:\WINDOWS\System32\hidserv.dll

13:14:51.0750 0x01d0 HidServ - ok

13:14:51.0765 0x01d0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:14:51.0890 0x01d0 hidusb - ok

13:14:51.0921 0x01d0 [ 1FF903FFA2DA1704E5A5443D37D8E49E, AB8B43B8869A3CDDA6931BB670CC8D38B89F95B29F39A5DE92DC7BF75D7891CA ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

13:14:52.0046 0x01d0 hkmsvc - ok

13:14:52.0046 0x01d0 hpn - ok

13:14:52.0093 0x01d0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

13:14:52.0140 0x01d0 HTTP - ok

13:14:52.0187 0x01d0 [ 2529C7BA05242BEED0027F554D0513BB, 5110D3D7A604B1F9606C6E1A6029263943B005E0BFEEC49EFB9E7D31A83B2744 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

13:14:52.0312 0x01d0 HTTPFilter - ok

13:14:52.0328 0x01d0 i2omgmt - ok

13:14:52.0328 0x01d0 i2omp - ok

13:14:52.0343 0x01d0 [ C43372D0682F8E32E4EC21117E089EC0, 06C546CA6D75D5C660941957163DF1F2109DFDF8F26C3DCE70DAEFF985ABCF97 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:14:52.0453 0x01d0 i8042prt - ok

13:14:52.0562 0x01d0 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:14:52.0640 0x01d0 idsvc - ok

13:14:52.0671 0x01d0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

13:14:52.0796 0x01d0 Imapi - ok

13:14:52.0859 0x01d0 [ A117772F94C854DE5D1BBC1F1962B192, 420FB45771FF2E068A9D28B290117E94741D8323F90156B5E3E17C1C35AD05F4 ] ImapiService C:\WINDOWS\system32\imapi.exe

13:14:53.0031 0x01d0 ImapiService - ok

13:14:53.0031 0x01d0 ini910u - ok

13:14:53.0281 0x01d0 [ DBC702FBC70DC58D9122CE56EADBD659, 945FF4E896F24A2D015CEFB5D1AD450FD3534985DF160A101417F81E23ABBA85 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:14:53.0640 0x01d0 IntcAzAudAddService - ok

13:14:53.0656 0x01d0 IntelIde - ok

13:14:53.0671 0x01d0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

13:14:53.0812 0x01d0 Ip6Fw - ok

13:14:53.0828 0x01d0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:14:53.0984 0x01d0 IpFilterDriver - ok

13:14:53.0984 0x01d0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:14:54.0125 0x01d0 IpInIp - ok

13:14:54.0140 0x01d0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:14:54.0281 0x01d0 IpNat - ok

13:14:54.0343 0x01d0 [ D8B8B5A8FE57CF4F307A540D9A153C23, 1C5AA5C29204A90D11FF40A5DD5967CC7195F5C4ACD7E41CB94C230A7DFD459D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:14:54.0390 0x01d0 iPod Service - ok

13:14:54.0421 0x01d0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:14:54.0562 0x01d0 IPSec - ok

13:14:54.0593 0x01d0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

13:14:54.0656 0x01d0 IRENUM - ok

13:14:54.0671 0x01d0 [ 0B78E1A31340E1FB1E389D5633F7C3A0, A6BCA5940E5F89602BBB127481CF48E39E7834375D13947A047336E136ADFDA7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:14:54.0812 0x01d0 isapnp - ok

13:14:54.0906 0x01d0 [ 5739F2821D49975CEDE6BF0153D0CF01, DF45BD1A9F6DDB893C99F28C3730C50C61A612C4297A4B00D857533FC0973CD9 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

13:14:54.0921 0x01d0 JavaQuickStarterService - ok

13:14:54.0937 0x01d0 [ 380397621E94B32C744E7B2CC1330390, 6215E8F881642E798D6F2ABC01605D78696B1AA0D3A50C243BB061BFF9AC7BC3 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:14:55.0078 0x01d0 Kbdclass - ok

13:14:55.0078 0x01d0 [ B833B70FE639F01FB36CEDABE57EF031, D5D2D2D7D9EF5A81B6A90BC64A3A5F65AE77A2E9C6B38EBB28A9864D5EDB8109 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:14:55.0171 0x01d0 kbdhid - ok

13:14:55.0203 0x01d0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

13:14:55.0312 0x01d0 kmixer - ok

13:14:55.0343 0x01d0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

13:14:55.0437 0x01d0 KSecDD - ok

13:14:55.0468 0x01d0 [ C7955E7EDAEA462D04F1C4BE1D340372, A216E6651C720330B3BA7533B6FC034AEF7DBEA521F7C94F20259371CFC67CA0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

13:14:55.0500 0x01d0 lanmanserver - ok

13:14:55.0546 0x01d0 [ A936A575EAF6DCE8DC08BC0C53972ADD, CDDEAB90136879882A9DC2AB8AC3A86097ACCBBF144F3FA113578312568A8E3F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

13:14:55.0593 0x01d0 lanmanworkstation - ok

13:14:55.0609 0x01d0 lbrtfdc - ok

13:14:55.0671 0x01d0 [ F34B35F6F74E28A460749DA11D1117F8, 1D5764ACF90899076D736D7AB33BD4C30D51F2C463E337029B56B1C3F224BB1F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

13:14:55.0687 0x01d0 LightScribeService - ok

13:14:55.0718 0x01d0 [ 91AE20C5C2776C511994AA1308C05283, BF085E2F5974404336475CC2E159F4524015AA01B0C76C176AC398DD30AD90A6 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

13:14:55.0828 0x01d0 LmHosts - ok

13:14:55.0875 0x01d0 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

13:14:55.0890 0x01d0 MBAMProtector - ok

13:14:55.0953 0x01d0 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

13:14:56.0000 0x01d0 MBAMScheduler - ok

13:14:56.0062 0x01d0 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:14:56.0109 0x01d0 MBAMService - ok

13:14:56.0156 0x01d0 [ C56A45A03DCA11712DE9FDF98224230B, A1D1F5B12736A9A4300E554930FC11DAFFD901C8ACFC0994BA6FF4A304BCF2CA ] Messenger C:\WINDOWS\System32\msgsvc.dll

13:14:56.0281 0x01d0 Messenger - ok

13:14:56.0328 0x01d0 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

13:14:56.0343 0x01d0 Microsoft Office Groove Audit Service - ok

13:14:56.0375 0x01d0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

13:14:56.0468 0x01d0 mnmdd - ok

13:14:56.0515 0x01d0 [ 5B1D994DCF1895AFA27600E46A2F0FEA, C43E8CEC5865C0EC4BD4E48980C85D6BA7E80A9F702B6E559FE4DCCC16F655C3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

13:14:56.0640 0x01d0 mnmsrvc - ok

13:14:56.0687 0x01d0 [ 8114EEAC353F549331AB73E9AF4219ED, 60B2FC56A2CF6335CFAA62154743863716CBAFEF38A716C755FAC74790C22C56 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

13:14:56.0828 0x01d0 Modem - ok

13:14:56.0843 0x01d0 [ 1A4E2214DD63E4A876463D3427EE8261, E3C137E1A05F46170538D1A2FC23F146A75FA556ADCC1CD48CE6FE412B41DBC5 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:14:56.0953 0x01d0 Mouclass - ok

13:14:56.0968 0x01d0 [ 18017899254E01371E1A39754D6BF98C, 71B5BAF104B12FA2A7F723BE909D2EBC12BE7CBCCEE80060529FFCF6860FC490 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:14:57.0109 0x01d0 mouhid - ok

13:14:57.0125 0x01d0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

13:14:57.0234 0x01d0 MountMgr - ok

13:14:57.0234 0x01d0 mraid35x - ok

13:14:57.0250 0x01d0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:14:57.0375 0x01d0 MRxDAV - ok

13:14:57.0437 0x01d0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:14:57.0546 0x01d0 MRxSmb - ok

13:14:57.0593 0x01d0 [ 21EA21984D7D1AD50DB2E627020AB14C, 5F0BA1973B30CCEE1FED562BA47B2F5E03A7F0EDB1A24200F2B14FE562D021A3 ] MSDTC C:\WINDOWS\system32\msdtc.exe

13:14:57.0718 0x01d0 MSDTC - ok

13:14:57.0718 0x01d0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

13:14:57.0843 0x01d0 Msfs - ok

13:14:57.0843 0x01d0 MSIServer - ok

13:14:57.0859 0x01d0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:14:57.0968 0x01d0 MSKSSRV - ok

13:14:58.0000 0x01d0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:14:58.0109 0x01d0 MSPCLOCK - ok

13:14:58.0125 0x01d0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

13:14:58.0250 0x01d0 MSPQM - ok

13:14:58.0265 0x01d0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:14:58.0375 0x01d0 mssmbios - ok

13:14:58.0421 0x01d0 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys

13:14:58.0453 0x01d0 MTsensor - ok

13:14:58.0468 0x01d0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

13:14:58.0515 0x01d0 Mup - ok

13:14:58.0578 0x01d0 [ 87E394C810794D3C70CF22E8316CB23E, D8CDEB692AA52FC647059F268E075092A213DC1AE70F406589728EF9C7BD28D8 ] napagent C:\WINDOWS\System32\qagentrt.dll

13:14:58.0703 0x01d0 napagent - ok

13:14:58.0718 0x01d0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

13:14:58.0828 0x01d0 NDIS - ok

13:14:58.0843 0x01d0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:14:58.0906 0x01d0 NdisTapi - ok

13:14:58.0921 0x01d0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:14:59.0031 0x01d0 Ndisuio - ok

13:14:59.0046 0x01d0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:14:59.0156 0x01d0 NdisWan - ok

13:14:59.0171 0x01d0 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

13:14:59.0250 0x01d0 NDProxy - ok

13:14:59.0265 0x01d0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

13:14:59.0359 0x01d0 NetBIOS - ok

13:14:59.0390 0x01d0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

13:14:59.0500 0x01d0 NetBT - ok

13:14:59.0515 0x01d0 [ DC6BAE085E9B3C2F3A963ED46791FEAB, BC9B8C4C3E9EB70C8A15125ACE8A0CE9B8455337334860BB02815AE8A4669469 ] NetDDE C:\WINDOWS\system32\netdde.exe

13:14:59.0656 0x01d0 NetDDE - ok

13:14:59.0671 0x01d0 [ DC6BAE085E9B3C2F3A963ED46791FEAB, BC9B8C4C3E9EB70C8A15125ACE8A0CE9B8455337334860BB02815AE8A4669469 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

13:14:59.0781 0x01d0 NetDDEdsdm - ok

13:14:59.0812 0x01d0 [ 8754210A3399D19610CE2D71E0C3E5D9, B10B28B559B447CC9DF317F222BB7641A7317001DA631371E6E6A928D67276A9 ] Netlogon C:\WINDOWS\system32\lsass.exe

13:14:59.0937 0x01d0 Netlogon - ok

13:14:59.0968 0x01d0 [ 5431FB616ECAE0D587C5B97D0B86CBD8, 81B79A2C37118794C8D466084287F4DB7216A1BDD9D65901B3C5E9EA91A134EB ] Netman C:\WINDOWS\System32\netman.dll

13:15:00.0093 0x01d0 Netman - ok

13:15:00.0140 0x01d0 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:15:00.0156 0x01d0 NetTcpPortSharing - ok

13:15:00.0203 0x01d0 [ 4522CBE00A9E9EEE36AA82ED4B319148, 95132755E3CE8F51F7B23999B24C6BE4D61610E44FB647DF0C977633460B1AF6 ] Nla C:\WINDOWS\System32\mswsock.dll

13:15:00.0234 0x01d0 Nla - ok

13:15:00.0250 0x01d0 NMIndexingService - ok

13:15:00.0281 0x01d0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

13:15:00.0390 0x01d0 Npfs - ok

13:15:00.0437 0x01d0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

13:15:00.0562 0x01d0 Ntfs - ok

13:15:00.0578 0x01d0 [ 8754210A3399D19610CE2D71E0C3E5D9, B10B28B559B447CC9DF317F222BB7641A7317001DA631371E6E6A928D67276A9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

13:15:00.0687 0x01d0 NtLmSsp - ok

13:15:00.0750 0x01d0 [ AC1A78237B53044735693633F8235468, 9F5168E92C4897DD0F6744653FB22DEDC8EC83ACE32F3C50D20CF114FA992E01 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

13:15:00.0890 0x01d0 NtmsSvc - ok

13:15:00.0906 0x01d0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

13:15:01.0015 0x01d0 Null - ok

13:15:01.0062 0x01d0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:15:01.0156 0x01d0 NwlnkFlt - ok

13:15:01.0156 0x01d0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:15:01.0265 0x01d0 NwlnkFwd - ok

13:15:01.0343 0x01d0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:15:01.0375 0x01d0 odserv - ok

13:15:01.0406 0x01d0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:15:01.0421 0x01d0 ose - ok

13:15:01.0437 0x01d0 [ E3934CCC20A4D24F1924E13D36D2A5BD, 6681AB6061A5DD28C0DFDDBBF5967A936E67765DD5A77B3F109FE07C6AF5E186 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

13:15:01.0531 0x01d0 Parport - ok

13:15:01.0546 0x01d0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

13:15:01.0656 0x01d0 PartMgr - ok

13:15:01.0687 0x01d0 [ 1EADE28746A64C21E0A808BB12A63326, 88A2E7101B9582DCCF310F128536C24856727A0DE3E5D4D7404CBE79BCC36CF9 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

13:15:01.0781 0x01d0 ParVdm - ok

13:15:01.0796 0x01d0 [ 3B166F9F753C21AEDAA9A6BD76B49655, DD6F13D856890D9CAD83C21BA5C7EEC0D8FBA2EE3678C5F07FE15DDDD5EA4926 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

13:15:01.0921 0x01d0 PCI - ok

13:15:01.0921 0x01d0 PCIDump - ok

13:15:01.0937 0x01d0 [ B31EDEBA4DA28283F6B8DC4756FB9585, 3B296A4A5DFD6A11D6A99A96D84E0DDEA4737C4B09595B82D256CAB4EC1BFC1B ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

13:15:02.0062 0x01d0 PCIIde - ok

13:15:02.0078 0x01d0 [ 2137FFD65F8E609A3A5ACD487C56CCE0, D754BED7C3B13662AC95BE0F234AFB6565BC7EC69DFECF03DA65469DBA974D2D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

13:15:02.0203 0x01d0 Pcmcia - ok

13:15:02.0203 0x01d0 PDCOMP - ok

13:15:02.0218 0x01d0 PDFRAME - ok

13:15:02.0218 0x01d0 PDRELI - ok

13:15:02.0234 0x01d0 PDRFRAME - ok

13:15:02.0234 0x01d0 perc2 - ok

13:15:02.0250 0x01d0 perc2hib - ok

13:15:02.0281 0x01d0 [ 657B69389B893F440B07590C9E963F23, 3F426BFDD951DB25C1E3D33EBBA5770A39E39748EC3E3FFD09EC270636BB9E4E ] PlugPlay C:\WINDOWS\system32\services.exe

13:15:02.0312 0x01d0 PlugPlay - ok

13:15:02.0328 0x01d0 [ 8754210A3399D19610CE2D71E0C3E5D9, B10B28B559B447CC9DF317F222BB7641A7317001DA631371E6E6A928D67276A9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

13:15:02.0421 0x01d0 PolicyAgent - ok

13:15:02.0437 0x01d0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:15:02.0531 0x01d0 PptpMiniport - ok

13:15:02.0546 0x01d0 [ 82A17ECA34D801590A67C0A2244965ED, F0A0AF10C11C6E56E6A71D029BBF24A843FA607E5ADE7831C2C557F00FD2755B ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

13:15:02.0640 0x01d0 Processor - ok

13:15:02.0640 0x01d0 [ 8754210A3399D19610CE2D71E0C3E5D9, B10B28B559B447CC9DF317F222BB7641A7317001DA631371E6E6A928D67276A9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

13:15:02.0750 0x01d0 ProtectedStorage - ok

13:15:02.0765 0x01d0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

13:15:02.0859 0x01d0 PSched - ok

13:15:02.0875 0x01d0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:15:03.0000 0x01d0 Ptilink - ok

13:15:03.0015 0x01d0 [ 1962166E0CEB740704F30FA55AD3D509, 22C21907D7FDCA2CBBE1EC0479D83DDD4C4FCBC07C8791A2F62414EC5E85E488 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:15:03.0015 0x01d0 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )

13:15:13.0015 0x01d0 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

13:15:33.0031 0x01d0 ql1080 - ok

13:15:33.0046 0x01d0 Ql10wnt - ok

13:15:33.0046 0x01d0 ql12160 - ok

13:15:33.0062 0x01d0 ql1240 - ok

13:15:33.0078 0x01d0 ql1280 - ok

13:15:33.0093 0x01d0 [ 0087F01D35A65B32393CC8BBA46EE4A6, BC4B9511F5A39E97247A47491DB85FE109F253ECF541C240128F17C7FF41D65B ] QV2KUX C:\WINDOWS\system32\DRIVERS\qv2kux.sys

13:15:33.0187 0x01d0 QV2KUX - ok

13:15:33.0203 0x01d0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:15:33.0312 0x01d0 RasAcd - ok

13:15:33.0328 0x01d0 [ 0575D034B1292CA3A9BB9F67A8EE289C, 85F9964CEC39F4FFA704C995ECB18995A20FDFB110841867486F9EF3164A8775 ] RasAuto C:\WINDOWS\System32\rasauto.dll

13:15:33.0437 0x01d0 RasAuto - ok

13:15:33.0453 0x01d0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:15:33.0562 0x01d0 Rasl2tp - ok

13:15:33.0593 0x01d0 [ 9E7E2DF6971A5F00102BE3F901CC3BDC, AFD5ECDAF59228A2F51E8F195F4E96C7C1D26740DA7EA4B1F6E491C16EF8B34B ] RasMan C:\WINDOWS\System32\rasmans.dll

13:15:33.0718 0x01d0 RasMan - ok

13:15:33.0734 0x01d0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:15:33.0859 0x01d0 RasPppoe - ok

13:15:33.0859 0x01d0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

13:15:33.0953 0x01d0 Raspti - ok

13:15:33.0984 0x01d0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:15:34.0109 0x01d0 Rdbss - ok

13:15:34.0125 0x01d0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:15:34.0218 0x01d0 RDPCDD - ok

13:15:34.0265 0x01d0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

13:15:34.0312 0x01d0 RDPWD - ok

13:15:34.0343 0x01d0 [ EA9FDF71D696B532BDC44C8BFF03A737, 2D2FFC96F2A88327142EF817AA8D7F62DD9E94555E82292D8933786AF332FA33 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

13:15:34.0437 0x01d0 RDSessMgr - ok

13:15:34.0468 0x01d0 [ 4173BC66E485FD77A03C4819F60BD0DA, FDC4C5ACA5305CCDB1B665D1711A57BB16A9B373913E4B36F32AA159A0A069E3 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

13:15:34.0562 0x01d0 redbook - ok

13:15:34.0593 0x01d0 [ 4007ABF5D9BF0E55451D775443D1F985, EC3BCFCC9629BC6E809A025A0589F2FD96F628CD6B4ED7AC8A1A007832D418DD ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

13:15:34.0718 0x01d0 RemoteAccess - ok

13:15:34.0718 0x01d0 [ BE078F8F7EC2491EFDD79A53353A060F, AC4630E5AC360D0A5C7EE92AA1FEE2F91F5B4FC59CF1F96F03F6EF09D65C9623 ] RpcLocator C:\WINDOWS\system32\locator.exe

13:15:34.0828 0x01d0 RpcLocator - ok

13:15:34.0859 0x01d0 [ D9883335CC1C17AFC3A09C8AC3E4DBE4, 3EFA827E7E7E5E584AD7AC594B65150F4A433C88AF21684DA7AFC86F98B6C62C ] RpcSs C:\WINDOWS\system32\rpcss.dll

13:15:34.0921 0x01d0 RpcSs - ok

13:15:34.0968 0x01d0 [ AD1B5F1B99FFF08C99F443D784711A81, 1BE13FE1E1E45F6D3C4E73BB85D7DD509BCA384B36FC07498A0C5F4BD93B8B20 ] RSVP C:\WINDOWS\system32\rsvp.exe

13:15:35.0078 0x01d0 RSVP - ok

13:15:35.0093 0x01d0 [ 8754210A3399D19610CE2D71E0C3E5D9, B10B28B559B447CC9DF317F222BB7641A7317001DA631371E6E6A928D67276A9 ] SamSs C:\WINDOWS\system32\lsass.exe

13:15:35.0203 0x01d0 SamSs - ok

13:15:35.0203 0x01d0 [ 1B4CD62174E907C7EF8EC5D4D0A2A616, 9BC82E5FB7A1604CE6FB7DBFF8AF58ABDCD7A8AE01EC62CBAC9996D838CC36AB ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

13:15:35.0328 0x01d0 SCardSvr - ok

13:15:35.0343 0x01d0 [ 7C288AE0F75CB18CFF1DF6179A67AD8F, D4B7A1B7BD5B239A7B1E6AF1AA28116FB337765EACEA5357A0EF76AAC53216E1 ] Schedule C:\WINDOWS\system32\schedsvc.dll

13:15:35.0468 0x01d0 Schedule - ok

13:15:35.0515 0x01d0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:15:35.0562 0x01d0 Secdrv - ok

13:15:35.0578 0x01d0 [ 6983665BEA867125B1DA5757CD8B2F9D, EDAE386791F5B390EB1705ED0EE7F67259BC6C0EC8785C0E1161E7C0984EDE64 ] seclogon C:\WINDOWS\System32\seclogon.dll

13:15:35.0687 0x01d0 seclogon - ok

13:15:35.0687 0x01d0 [ F6EC8F1E50E40237BDDEE1CB7FE20B42, 9DAD21F8B052F189F411DB5BD3DE19E3788D5D4ACEF320AC7E188A7A48A77FCA ] SENS C:\WINDOWS\system32\sens.dll

13:15:35.0796 0x01d0 SENS - ok

13:15:35.0796 0x01d0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

13:15:35.0906 0x01d0 serenum - ok

13:15:35.0906 0x01d0 [ 92C21762653BB2CE51147EB8A9AA654F, F8B7C7053D66C3ED8F891F5CEF1D8B208A95805CD74CFD1740B4A2F794808B1D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

13:15:36.0015 0x01d0 Serial - ok

13:15:36.0031 0x01d0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

13:15:36.0140 0x01d0 Sfloppy - ok

13:15:36.0187 0x01d0 [ 7579C4BE909D47F10F3D8D801CB13ED9, 9BAED675EDD92CAF0863DDD15761DA020160CEEBA4664CE9E9D063764BCD1CD4 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

13:15:36.0343 0x01d0 SharedAccess - ok

13:15:36.0359 0x01d0 [ 2D5D4156292150FE571872C1B88E9299, 994B87F4E3FCB3227306E6C1C3EAB5E3C6756BAD94B70CBE790EC953E08EA2E1 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

13:15:36.0390 0x01d0 ShellHWDetection - ok

13:15:36.0406 0x01d0 Simbad - ok

13:15:36.0421 0x01d0 Sparrow - ok

13:15:36.0437 0x01d0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

13:15:36.0531 0x01d0 splitter - ok

13:15:36.0546 0x01d0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

13:15:36.0578 0x01d0 Spooler - ok

13:15:36.0593 0x01d0 [ 64D2A7640E0767ECD3BCB38D3200E7CE, B1F5662A2A4F0587CBD5058358B3C0E30E258C995FB2E902165FAB76571E66C9 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

13:15:36.0671 0x01d0 sr - ok

13:15:36.0703 0x01d0 [ 81CBF363C414620CAA61BD6843D8FDB9, AA1552BF9D7B21DB7B1D9AF9D53FE1DC90150F03035F21999715F95BE0E2EE6A ] srservice C:\WINDOWS\system32\srsvc.dll

13:15:36.0765 0x01d0 srservice - ok

13:15:36.0796 0x01d0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

13:15:36.0859 0x01d0 Srv - ok

13:15:36.0890 0x01d0 [ 5B9D0DE64BE96A806819516440FD211C, 5C632D05A83F8C4BCD3E412F4ECDBA1D00B48F0A162B305940E6396D765F27F0 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

13:15:36.0953 0x01d0 SSDPSRV - ok

13:15:36.0953 0x01d0 StarOpen - ok

13:15:36.0968 0x01d0 [ 5AE996186D2DC694FEF88F14A3FC9242, 496C74364C750DA0851647B08DF731DFED2E2CD0BDB795C0E48821F457D2DD9A ] stisvc C:\WINDOWS\system32\wiaservc.dll

13:15:37.0093 0x01d0 stisvc - ok

13:15:37.0109 0x01d0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

13:15:37.0218 0x01d0 swenum - ok

13:15:37.0234 0x01d0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

13:15:37.0328 0x01d0 swmidi - ok

13:15:37.0343 0x01d0 SwPrv - ok

13:15:37.0343 0x01d0 symc810 - ok

13:15:37.0359 0x01d0 symc8xx - ok

13:15:37.0375 0x01d0 sym_hi - ok

13:15:37.0375 0x01d0 sym_u3 - ok

13:15:37.0406 0x01d0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

13:15:37.0500 0x01d0 sysaudio - ok

13:15:37.0546 0x01d0 [ 251EAE7C56C6AB9490311A3C9757E18D, C79FE215747798A82E1719453DE67CF9DBB09C524667E229AFE9FA16638FDB05 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

13:15:37.0656 0x01d0 SysmonLog - ok

13:15:37.0687 0x01d0 [ 2BC9FB448F0C2394FF53C83A7BB04731, 74E365970FF365F855629092979325E33750FE2DA929E3735F61F0041E7A7978 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

13:15:37.0812 0x01d0 TapiSrv - ok

13:15:37.0859 0x01d0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:15:37.0890 0x01d0 Tcpip - ok

13:15:37.0906 0x01d0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

13:15:38.0015 0x01d0 TDPIPE - ok

13:15:38.0015 0x01d0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

13:15:38.0125 0x01d0 TDTCP - ok

13:15:38.0140 0x01d0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

13:15:38.0234 0x01d0 TermDD - ok

13:15:38.0265 0x01d0 [ E0AEF86A594C9990D6321C5CA239C5B7, 30C45E48F0A3A2D5D3518AEBFB99D3AD4426BD358FC9239E93FD8481BFBB03BF ] TermService C:\WINDOWS\System32\termsrv.dll

13:15:38.0359 0x01d0 TermService - ok

13:15:38.0390 0x01d0 [ 2D5D4156292150FE571872C1B88E9299, 994B87F4E3FCB3227306E6C1C3EAB5E3C6756BAD94B70CBE790EC953E08EA2E1 ] Themes C:\WINDOWS\System32\shsvcs.dll

13:15:38.0406 0x01d0 Themes - ok

13:15:38.0406 0x01d0 TosIde - ok

13:15:38.0421 0x01d0 [ 20655E8CA1C78BC7088B18E93806D21B, 91B6B9058C1933972484210DB9BEAA3EA74F359494B7286EFDA6370BCEA913A4 ] TrkWks C:\WINDOWS\system32\trkwks.dll

13:15:38.0531 0x01d0 TrkWks - ok

13:15:38.0546 0x01d0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

13:15:38.0656 0x01d0 Udfs - ok

13:15:38.0671 0x01d0 ultra - ok

13:15:38.0718 0x01d0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

13:15:38.0828 0x01d0 Update - ok

13:15:38.0859 0x01d0 [ 01653D6C9604F1FB31A76EC94E08954F, C778076DBBFD38FFEFA7D2113D92A394CC1E7AAEA1530E488A8AB055BE5BEAC7 ] upnphost C:\WINDOWS\System32\upnphost.dll

13:15:38.0921 0x01d0 upnphost - ok

13:15:38.0937 0x01d0 [ A89796DD0DE24CF03B3A39407E1F46A3, 3866F5C649591F1630EE414B0FC6661DF9F2B0DF71821CB4C711D1728205CC82 ] UPS C:\WINDOWS\System32\ups.exe

13:15:39.0031 0x01d0 UPS - ok

13:15:39.0062 0x01d0 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:15:39.0125 0x01d0 usbccgp - ok

13:15:39.0140 0x01d0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:15:39.0171 0x01d0 usbehci - ok

13:15:39.0171 0x01d0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:15:39.0281 0x01d0 usbhub - ok

13:15:39.0296 0x01d0 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:15:39.0390 0x01d0 usbohci - ok

13:15:39.0406 0x01d0 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:15:39.0500 0x01d0 usbprint - ok

13:15:39.0515 0x01d0 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:15:39.0562 0x01d0 usbscan - ok

13:15:39.0593 0x01d0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:15:39.0703 0x01d0 usbstor - ok

13:15:39.0718 0x01d0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

13:15:39.0812 0x01d0 VgaSave - ok

13:15:39.0812 0x01d0 ViaIde - ok

13:15:39.0859 0x01d0 [ 8AB662B3C4691E6DDF61C96BB5B7D103, 362142C9684A3FDA7DDBE1B2FACD7BD0FC403BF30BB549D173F6805A42C932E7 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

13:15:39.0953 0x01d0 VolSnap - ok

13:15:39.0968 0x01d0 [ A585EDD6965B301DE8A45C6768C7C215, A506F4C1333CDB4C48CE3571A75F3751081FBC422AEE61C927C3E9796568F249 ] VSS C:\WINDOWS\System32\vssvc.exe

13:15:40.0031 0x01d0 VSS - ok

13:15:40.0062 0x01d0 [ 390D8E65F362327AD510B08971478301, FAB2437E61CB496B0B09AD4D666BC484DC90F556FAF6C0850E550EB10A5583FB ] W32Time C:\WINDOWS\system32\w32time.dll

13:15:40.0171 0x01d0 W32Time - ok

13:15:40.0203 0x01d0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:15:40.0296 0x01d0 Wanarp - ok

13:15:40.0296 0x01d0 WDICA - ok

13:15:40.0328 0x01d0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

13:15:40.0421 0x01d0 wdmaud - ok

13:15:40.0437 0x01d0 [ 33D8E2812054D97A0AEC9B8F04277927, B30A5CB97B14DF9B9F94C6C9FC7A415458EDD85C46B085E0A51F304795CCF698 ] WebClient C:\WINDOWS\System32\webclnt.dll

13:15:40.0546 0x01d0 WebClient - ok

13:15:40.0609 0x01d0 [ F9E105F369C18E4001E0C05AAF600D73, EDA4AE346832CA7D3A0AC18DFE6470B57F33C7235252E0C3D2DF2418236F443B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

13:15:40.0718 0x01d0 winmgmt - ok

13:15:40.0765 0x01d0 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

13:15:40.0875 0x01d0 WmdmPmSN - ok

13:15:40.0906 0x01d0 [ 87F11D161207C7063EDABAC0AADC33C3, 60BD9AC3EE591DDCAEACFD085937779732A7D36513059DFB01941C98DC296504 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:15:41.0015 0x01d0 WmiApSrv - ok

13:15:41.0109 0x01d0 [ 79A01ACD485687EE602411A06B63A9A5, 60B39E95BA8389F29CEEF2A5F118ADF16E2CEE66B63A094E18A4F00C51EB3838 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

13:15:41.0171 0x01d0 WMPNetworkSvc - ok

13:15:41.0187 0x01d0 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:15:41.0296 0x01d0 WS2IFSL - ok

13:15:41.0328 0x01d0 [ 843F7FA8EA38E6A4262976DCC994C81A, E3429581BA18910CC658449EA763CE7A2EE949BD65D43B177B0402A6037C4A46 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

13:15:41.0453 0x01d0 wscsvc - ok

13:15:41.0453 0x01d0 WSearch - ok

13:15:41.0500 0x01d0 [ 1E8FDDDEF3FE260BADAB06DAE10D753A, 21E53A80E8DB24B6EFA782872503B6E95634624F3F7C938E0F46203DE0B87C28 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

13:15:41.0609 0x01d0 wuauserv - ok

13:15:41.0656 0x01d0 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:15:41.0687 0x01d0 WudfPf - ok

13:15:41.0703 0x01d0 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:15:41.0734 0x01d0 WudfRd - ok

13:15:41.0750 0x01d0 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

13:15:41.0765 0x01d0 WudfSvc - ok

13:15:41.0812 0x01d0 [ E99782DBB8FFA2AEE72B31DAC8D8D887, 6FFFFF80A7C90C53596012EF693EA4BDCB09117A53EAF08326A8D1F525FD4875 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

13:15:41.0937 0x01d0 WZCSVC - ok

13:15:41.0968 0x01d0 [ FD3C38635808920F8235BF2FED642F54, 1A9218967EE6E30F6DABE026E22478067B72E59FEE2EA9CD142859F138A42CF8 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

13:15:42.0078 0x01d0 xmlprov - ok

13:15:42.0093 0x01d0 ================ Scan global ===============================

13:15:42.0125 0x01d0 [ 953AD498333B03F7CE547151F96EF241, 15717B634AE15981714A7ACF02417A4EF80C72EEF355FC728E41B3DA36553434 ] C:\WINDOWS\system32\basesrv.dll

13:15:42.0156 0x01d0 [ 6D43938F4980D62E091AE2F755FC259B, 2FCF7E27DF4546C4AFA9D836161EF58856390537A21F3C87B430A2EA6C65D8C8 ] C:\WINDOWS\system32\winsrv.dll

13:15:42.0171 0x01d0 [ 6D43938F4980D62E091AE2F755FC259B, 2FCF7E27DF4546C4AFA9D836161EF58856390537A21F3C87B430A2EA6C65D8C8 ] C:\WINDOWS\system32\winsrv.dll

13:15:42.0203 0x01d0 [ 657B69389B893F440B07590C9E963F23, 3F426BFDD951DB25C1E3D33EBBA5770A39E39748EC3E3FFD09EC270636BB9E4E ] C:\WINDOWS\system32\services.exe

13:15:42.0218 0x01d0 [ Global ] - ok

13:15:42.0218 0x01d0 ================ Scan MBR ==================================

13:15:42.0234 0x01d0 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0

13:15:42.0468 0x01d0 \Device\Harddisk0\DR0 - ok

13:15:42.0468 0x01d0 [ 19CBA4F08D862328D37A4C9920E2566D ] \Device\Harddisk5\DR6

13:15:42.0562 0x01d0 \Device\Harddisk5\DR6 - ok

13:15:42.0578 0x01d0 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk6\DR7

13:15:42.0890 0x01d0 \Device\Harddisk6\DR7 - ok

13:15:42.0890 0x01d0 ================ Scan VBR ==================================

13:15:42.0890 0x01d0 [ 1CA64BA5C692CB0EF31E3C4FBC4B002F ] \Device\Harddisk0\DR0\Partition1

13:15:42.0890 0x01d0 \Device\Harddisk0\DR0\Partition1 - ok

13:15:42.0906 0x01d0 [ AD911C3BBE0FE6307F54D8422BFA0EDE ] \Device\Harddisk6\DR7\Partition1

13:15:42.0906 0x01d0 \Device\Harddisk6\DR7\Partition1 - ok

13:15:42.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:43.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:44.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:45.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:46.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:47.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:48.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:49.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:50.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:51.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:52.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:53.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:54.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:55.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:56.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:57.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:58.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:15:59.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:16:00.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:16:01.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:16:02.0906 0x01d0 Waiting for KSN requests completion. In queue: 76

13:16:03.0921 0x01d0 AV detected via SS1: ESET NOD32 Antivirus 6.0, 6.0, enabled, updated

13:16:03.0921 0x01d0 Win FW state via NFM: enabled

13:16:23.0921 0x01d0 ============================================================

13:16:23.0921 0x01d0 Scan finished

13:16:23.0921 0x01d0 ============================================================

13:16:23.0921 0x075c Detected object count: 2

13:16:23.0921 0x075c Actual detected object count: 2

13:17:25.0625 0x075c FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:17:25.0625 0x075c FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:17:25.0625 0x075c PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

13:17:25.0625 0x075c PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:02.0265 0x0fb8 Deinitialize success

Zoek.exe Version 4.0.0.5 Updated 13-October-2013

Tool run by S.M. v.d.Laan on ma 14-10-2013 at 13:23:13,06.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\DOCUME~1\SMVD~1.LAA\LOCALS~1\Temp\Tijdelijke map 1 voor zoek[1].zip\zoek.exe [script inserted]

==== System Restore Info ======================

14-10-2013 13:26:49 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2647638077-3110874267-2336820504-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECC5777A-6E88-BFCE-13CE-81F134789E7B} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECC5777A-6E88-BFCE-13CE-81F134789E7B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

"C:\Program Files\IncrediMail\bin\ImApp.exe"=-

"C:\Program Files\IncrediMail\bin\IncMail.exe"=-

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"=-

"C:\Program Files\Vuze\Azureus.exe"=-

"C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\WYYE253T\SweetImSetup[1].exe"=-

==== Deleting Files \ Folders ======================

"C:\Program Files\IncrediMail" not found

"C:\Program Files\Vuze" not found

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\SMVD~1.LAA\LOCALS~1\Temp ====

2013-10-09 13:01:16 FAA354835C405FD35AFD7A27093B76E5 4121952 ----a-r- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\Tijdelijke map 2 voor tdsskiller[1].zip\TDSSKiller.exe

2013-10-09 13:01:16 FAA354835C405FD35AFD7A27093B76E5 4121952 ----a-r- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\Tijdelijke map 1 voor tdsskiller[1].zip\TDSSKiller.exe

2013-10-07 17:45:55 AAD7470EF3100D6ADDB951F96FB4A3D5 17154952 ----a-w- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\{F808A168-DAFB-4AFE-97E5-E98191DB1D0D}\InstallFlashPlayer.exe

====== Java Cache =====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

2013-10-11 13:12:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\S.M. v.d.Laan\Application Data ======

====== C:\Documents and Settings\S.M. v.d.Laan ======

====== C: exe-files ==

2013-10-11 11:21:09 2BF1A08F7CB7752AF697EE228514497F 234872 -c----w- C:\WINDOWS\ie8updates\KB2879017-IE8\spuninst\spuninst.exe

2013-10-11 11:20:53 96DF9036F4D46CF81288AD95800D9F7D 174592 -c----w- C:\WINDOWS\ie8updates\KB2879017-IE8\ie4uinit.exe

2013-10-09 13:01:16 FAA354835C405FD35AFD7A27093B76E5 4121952 ----a-r- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\Tijdelijke map 2 voor tdsskiller[1].zip\TDSSKiller.exe

2013-10-09 13:01:16 FAA354835C405FD35AFD7A27093B76E5 4121952 ----a-r- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\Tijdelijke map 1 voor tdsskiller[1].zip\TDSSKiller.exe

2013-10-07 17:45:55 AAD7470EF3100D6ADDB951F96FB4A3D5 17154952 ----a-w- C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temp\{F808A168-DAFB-4AFE-97E5-E98191DB1D0D}\InstallFlashPlayer.exe

=== C: other files ==

2013-10-11 13:12:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-10-10 18:24:19 C569EF030B11F896E123A30AC92678DB 25088 -c----w- C:\WINDOWS\system32\dllcache\hidparse.sys

2013-10-10 18:24:19 C569EF030B11F896E123A30AC92678DB 25088 ------w- C:\WINDOWS\Driver Cache\i386\hidparse.sys

2013-10-10 18:24:17 F8EDE2B6928970DCE3D5614C27D9E7F6 14976 -c----w- C:\WINDOWS\system32\dllcache\usbscan.sys

2013-10-10 18:24:17 F8EDE2B6928970DCE3D5614C27D9E7F6 14976 ------w- C:\WINDOWS\Driver Cache\i386\usbscan.sys

2013-10-10 18:24:02 65898A183FBF1D1F7759D5CCB364DCD4 60160 -c----w- C:\WINDOWS\system32\dllcache\usbaudio.sys

2013-10-10 18:24:02 65898A183FBF1D1F7759D5CCB364DCD4 60160 ------w- C:\WINDOWS\Driver Cache\i386\usbaudio.sys

2013-10-10 18:24:02 4F9694BDEFC1F0629704A1E2B7B96A66 46848 ------w- C:\WINDOWS\Driver Cache\i386\irbus.sys

2013-10-10 18:24:01 813236B1183CFCF289E367BD5DE6E29E 123008 -c----w- C:\WINDOWS\system32\dllcache\usbvideo.sys

2013-10-10 18:24:01 813236B1183CFCF289E367BD5DE6E29E 123008 ------w- C:\WINDOWS\Driver Cache\i386\usbvideo.sys

2013-10-10 18:21:50 1B611611C28D2DF25BC057D79C6F13FC 32384 -c----w- C:\WINDOWS\system32\dllcache\usbccgp.sys

2013-10-10 18:21:50 1B611611C28D2DF25BC057D79C6F13FC 32384 ------w- C:\WINDOWS\Driver Cache\i386\usbccgp.sys

2013-10-10 18:21:50 04FE5EF6ED4818EC4839EA5C611A6310 5376 -c----w- C:\WINDOWS\system32\dllcache\usbd.sys

2013-10-10 18:21:50 04FE5EF6ED4818EC4839EA5C611A6310 5376 ------w- C:\WINDOWS\Driver Cache\i386\usbd.sys

2013-10-10 18:21:48 4BAC8DF07F1D8434FC640E677A62204E 30336 -c----w- C:\WINDOWS\system32\dllcache\usbehci.sys

2013-10-10 18:21:48 4BAC8DF07F1D8434FC640E677A62204E 30336 ------w- C:\WINDOWS\Driver Cache\i386\usbehci.sys

2013-10-10 18:21:47 6DF35CA139C3BC15CC74390ABB114EFE 144128 -c----w- C:\WINDOWS\system32\dllcache\usbport.sys

2013-10-10 18:21:47 6DF35CA139C3BC15CC74390ABB114EFE 144128 ------w- C:\WINDOWS\Driver Cache\i386\usbport.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-2647638077-3110874267-2336820504-1005\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"Alcmtr"="ALCMTR.EXE"

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

"sfagent"="C:\Program Files\Fighters\SPAMfighter\sfagent.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKCU"

"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000000]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P0000000000000000\" /M \"XP-202 203 206 Series\""

"hkey"="HKCU"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIIME.EXE /EPT \"EPLTarget\\P0000000000000000\" /M \"XP-202 203 206 Series\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GrooveMonitor"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="raptrstub"

"hkey"="HKCU"

"command"="C:\\PROGRA~1\\Raptr\\raptrstub.exe --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOMERunner"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^S.M. v.d.Laan^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

"path"="C:\\Documents and Settings\\S.M. v.d.Laan\\Menu Start\\Programma's\\Opstarten\\Mediacontrole Picture Motion Browser.lnk"

"backup"="C:\\WINDOWS\\pss\\Mediacontrole Picture Motion Browser.lnkStartup"

"command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\PMBCore\\SPUVOL~1.EXE /noballoononstart"

"item"="Mediacontrole Picture Motion Browser"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08-07-2013 00:26]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ [undetermined Task]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"e-webprint@epson.com"="C:\Program Files\Epson Software\E-Web Print\Firefox Add-on" [26-06-2013 00:50]

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\SMVD~1.LAA\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ma 14-10-2013 at 13:31:56,81 ======================

Hallo,

Je hebt bovenstaande tools steeds uitgevoerd vanuit een tijdelijke map. Op zich is daar weinig mis mee maar dit kan wel de werking van verschillende tools in het gedrang brengen. In het vervolg plaats je deze dus best even in een eigen map of pak je die volledig uit.

1. Start Zoek.exe nogmaals met het onderstaande script.
   Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
   (hier of hier) kan je lezen hoe je dat doet.
   
   • 
     
   • Dubbelklik op Zoek.exe om de tool te starten.
     
   • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
     
   • Kopieer nu onderstaande code en plak die in het grote invulvenster:
     
   • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     

      
     autoclean;
     filesrcm;
     emptyfolderscheck;
     startupall;
     

     
     

   • Klik nu op de knop "Run script".
     
   • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
     
   • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
     
   • Post het geopende logje in het volgende bericht als bijlage.
     

[*]Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Volledige Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

Hier alvast het Zoek logje:

Zoek.exe Version 4.0.0.5 Updated 13-October-2013

Tool run by S.M. v.d.Laan on ma 14-10-2013 at 19:09:33,68.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-14-113156.log 12151 bytes

C:\zoek-results2013-10-14-170153.log 12027 bytes

==== Empty Folders Check ======================

C:\Program Files\AdobeCS3

C:\Program Files\MSXML 4.0

C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

C:\Documents and Settings\All Users\Application Data\SSScanWizard

C:\Documents and Settings\LocalService\Application Data\Apple Computer

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\SMVD~1.LAA\LOCALS~1\Temp ====

====== Java Cache =====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

2013-10-11 13:12:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\S.M. v.d.Laan\Application Data ======

====== C:\Documents and Settings\S.M. v.d.Laan ======

====== C: exe-files ==

2013-10-11 11:21:09 2BF1A08F7CB7752AF697EE228514497F 234872 -c----w- C:\WINDOWS\ie8updates\KB2879017-IE8\spuninst\spuninst.exe

2013-10-11 11:20:53 96DF9036F4D46CF81288AD95800D9F7D 174592 -c----w- C:\WINDOWS\ie8updates\KB2879017-IE8\ie4uinit.exe

=== C: other files ==

2013-10-11 13:12:45 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2013-10-10 18:24:19 C569EF030B11F896E123A30AC92678DB 25088 -c----w- C:\WINDOWS\system32\dllcache\hidparse.sys

2013-10-10 18:24:19 C569EF030B11F896E123A30AC92678DB 25088 ------w- C:\WINDOWS\Driver Cache\i386\hidparse.sys

2013-10-10 18:24:17 F8EDE2B6928970DCE3D5614C27D9E7F6 14976 -c----w- C:\WINDOWS\system32\dllcache\usbscan.sys

2013-10-10 18:24:17 F8EDE2B6928970DCE3D5614C27D9E7F6 14976 ------w- C:\WINDOWS\Driver Cache\i386\usbscan.sys

2013-10-10 18:24:02 65898A183FBF1D1F7759D5CCB364DCD4 60160 -c----w- C:\WINDOWS\system32\dllcache\usbaudio.sys

2013-10-10 18:24:02 65898A183FBF1D1F7759D5CCB364DCD4 60160 ------w- C:\WINDOWS\Driver Cache\i386\usbaudio.sys

2013-10-10 18:24:02 4F9694BDEFC1F0629704A1E2B7B96A66 46848 ------w- C:\WINDOWS\Driver Cache\i386\irbus.sys

2013-10-10 18:24:01 813236B1183CFCF289E367BD5DE6E29E 123008 -c----w- C:\WINDOWS\system32\dllcache\usbvideo.sys

2013-10-10 18:24:01 813236B1183CFCF289E367BD5DE6E29E 123008 ------w- C:\WINDOWS\Driver Cache\i386\usbvideo.sys

2013-10-10 18:21:50 1B611611C28D2DF25BC057D79C6F13FC 32384 -c----w- C:\WINDOWS\system32\dllcache\usbccgp.sys

2013-10-10 18:21:50 1B611611C28D2DF25BC057D79C6F13FC 32384 ------w- C:\WINDOWS\Driver Cache\i386\usbccgp.sys

2013-10-10 18:21:50 04FE5EF6ED4818EC4839EA5C611A6310 5376 -c----w- C:\WINDOWS\system32\dllcache\usbd.sys

2013-10-10 18:21:50 04FE5EF6ED4818EC4839EA5C611A6310 5376 ------w- C:\WINDOWS\Driver Cache\i386\usbd.sys

2013-10-10 18:21:48 4BAC8DF07F1D8434FC640E677A62204E 30336 -c----w- C:\WINDOWS\system32\dllcache\usbehci.sys

2013-10-10 18:21:48 4BAC8DF07F1D8434FC640E677A62204E 30336 ------w- C:\WINDOWS\Driver Cache\i386\usbehci.sys

2013-10-10 18:21:47 6DF35CA139C3BC15CC74390ABB114EFE 144128 -c----w- C:\WINDOWS\system32\dllcache\usbport.sys

2013-10-10 18:21:47 6DF35CA139C3BC15CC74390ABB114EFE 144128 ------w- C:\WINDOWS\Driver Cache\i386\usbport.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-2647638077-3110874267-2336820504-1005\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"Alcmtr"="ALCMTR.EXE"

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

"sfagent"="C:\Program Files\Fighters\SPAMfighter\sfagent.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKCU"

"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000000]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P0000000000000000\" /M \"XP-202 203 206 Series\""

"hkey"="HKCU"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIIME.EXE /EPT \"EPLTarget\\P0000000000000000\" /M \"XP-202 203 206 Series\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GrooveMonitor"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^S.M. v.d.Laan^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

"path"="C:\\Documents and Settings\\S.M. v.d.Laan\\Menu Start\\Programma's\\Opstarten\\Mediacontrole Picture Motion Browser.lnk"

"backup"="C:\\WINDOWS\\pss\\Mediacontrole Picture Motion Browser.lnkStartup"

"command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\PMBCore\\SPUVOL~1.EXE /noballoononstart"

"item"="Mediacontrole Picture Motion Browser"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08-07-2013 00:26]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ [undetermined Task]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"e-webprint@epson.com"="C:\Program Files\Epson Software\E-Web Print\Firefox Add-on" [26-06-2013 00:50]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{105E99FF-8B9A-4492-B155-06194B9056D2}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{105E99FF-8B9A-4492-B155-06194B9056D2} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{907097F0-C0AA-41CB-9EA6-B28AA906988E} Google Url="{searchTerms} - Google Search"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\SMVD~1.LAA\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\S.M. v.d.Laan\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ma 14-10-2013 at 19:17:09,29 ======================