ice_in_polo_2
-
Items
50 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door ice_in_polo_2
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
# DelFix v10.2 - Logfile created 19/04/2013 at 23:09:08 # Updated 02/04/2013 by Xplode # Username : V&V Projects - VV-PROJECTS-PC ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis Deleted : C:\TDSSKiller.2.8.16.0_29.03.2013_00.41.08_log.txt Deleted : C:\zoek-results.log Deleted : C:\Users\V&V Projects\Desktop\HiJackThis.lnk Deleted : C:\Users\V&V Projects\Desktop\hijackthis.log Deleted : C:\Users\V&V Projects\Desktop\HiJackThis.msi Deleted : C:\Users\V&V Projects\Desktop\HostsXpert.zip Deleted : C:\Users\V&V Projects\Desktop\tdsskiller.zip Deleted : C:\Users\V&V Projects\Desktop\zoek.exe Deleted : C:\Users\V&V Projects\Downloads\zoek.exe Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #126 [Windows Update | 03/21/2013 21:15:03] Deleted : RP #127 [Gepland controlepunt | 03/28/2013 22:49:48] Deleted : RP #128 [Windows Update | 04/08/2013 17:05:43] Deleted : RP #129 [Windows Update | 04/16/2013 06:52:07] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## - - - Updated - - - enig idee hoe ik van die spam mails af geraak die ik heb opgelopen tijdens dit euvel? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
pop ups zijn weg moet ik nog iets met die hosts doen die ik van de C-schijf naar mijn bureaublad heb gezet? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 17-April-2013 Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:51:51, on 18/04/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\V&V Projects\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\OffSpon.EXE Q:\140066.enu\Office14\OffSpon.EXE C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} (CatcTableEditorCtrl Object) - http://www.airtradecentre.com/cms/atcTableEditor.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14960 bytes -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 17-April-2013 Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected After Reboot ==== Reset Hosts File ====================== -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
alleen "reset hosts" aanvinken dan? - - - Updated - - - en welk script runnen? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Moet ik dan eerst de "Hosts" map nog terug op de C schijf zetten? Is het normaal dat dat een zip-map is? Daar zitten de volgende zaken in: HOSTS LICENSE MVPS (batchbestand) PRIVACYPOLICY README - - - Updated - - - Deze map kan ik vinden.
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
"De locatie kan niet gevonden worden" -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
en die locatie is? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Zoek.exe Version 4.0.0.2 Updated 08-April-2013 Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1350505507-3758519869-1234311891-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Users\V&V Projects\AppData\Roaming\Mozilla\Firefox\Profiles\rt86xsn0.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\V&V Projects\AppData\Roaming\Mozilla\Firefox\Profiles\rt86xsn0.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\V&V Projects\AppData\Roaming\Mozilla\Firefox\Profiles\rt86xsn0.default user.js not found ---- Lines babylon removed from prefs.js ---- user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); ---- Lines babylon modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- user_20131703_2237_.backup prefs_20130904_2003_.backup prefs_20131703_2237_.backup ==== Deleting Files \ Folders ====================== "C:\Windows\SysNative\roboot64.exe" not found "C:\Windows\tasks\RegClean Pro_DEFAULT.job" not found "C:\Windows\tasks\RegClean Pro_UPDATES.job" not found "C:\Users\V&V Projects\Desktop\regcleanpro.jpg" not found "C:\Users\Public\Desktop\RegClean Pro.lnk" not found "C:\Users\Public\Desktop\sample_20131703_2237.zip" not found "C:\Program Files (x86)\RegClean Pro" not found "C:\Users\V&V Projects\AppData\Roaming\Systweak" not found "C:\ProgramData\oevvkdkqtlsuanx" not found "C:\Program Files (x86)\Media Finder" not found "C:\Users\V&V Projects\AppData\Roaming\Media Finder" not found "C:\Users\V&V Projects\Desktop\rcpsetup_3335_new.exe" deleted "C:\Windows\SysNative\drivers\etc\hosts" not deleted "C:\Users\V&V Projects\cnmss Canon Inkjet MP140 series (Local).dll" deleted "C:\Users\V&V Projects\SkypeSetup.exe" deleted "C:\Users\V&V Projects\visioviewer.exe" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted "C:\Users\V&V Projects\AppData\Roaming\Babylon" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro" deleted "C:\Users\V&V Projects\AppData\LocalLow\BabylonToolbar" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\V&V Projects\AppData\Roaming\Mozilla\Firefox\Profiles\rt86xsn0.default - Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\V&V Projects\AppData\Roaming\Mozilla\Firefox\Profiles\rt86xsn0.default 33E87713C7FE08C5F861E2819ED33A0E - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit) D892C77AFA8AFABA6F474A7DA401BD7C - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director B16EC84E06F26B8B85800F3B07B8D757 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\V&V Projects\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[] jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[02/10/2010 22:19] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/03/2012 11:53] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\V&V Projects\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[13/10/2012 14:38] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Reset Google Chrome ====================== Nothing found to reset ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\Uninstall.lnk - C:\Program Files (x86)\FileASSASSIN\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 199.193.118.246 www.google-analytics.com. O1 - Hosts: 199.193.118.246 ad-emea.doubleclick.net. O1 - Hosts: 199.193.118.246 www.statcounter.com. O1 - Hosts: 199.193.118.246 connect.facebook.net. O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 93.115.241.27 connect.facebook.net. O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1350505507-3758519869-1234311891-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1350505507-3758519869-1234311891-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1350505507-3758519869-1234311891-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Tom') O4 - HKUS\S-1-5-21-1350505507-3758519869-1234311891-1004\..\RunOnce: [Application Restart #0] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Tom') O4 - HKUS\S-1-5-21-1350505507-3758519869-1234311891-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Marijke') O4 - S-1-5-21-1350505507-3758519869-1234311891-1004 Startup: Dropbox.lnk = Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tom') O4 - S-1-5-21-1350505507-3758519869-1234311891-1004 User Startup: Dropbox.lnk = Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tom') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} (CatcTableEditorCtrl Object) - http://www.airtradecentre.com/cms/atcTableEditor.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\V&V Projects\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Reset Hosts File ====================== Failed to Reset Hosts File ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\SysNative\drivers\etc\hosts" not deleted - - - Updated - - - 1) antivirus geraakt niet uitgeschakeld (is hier anders dan volgens de links die aangegeven werden)2) ik kan op deze website de "enter" toest niet meer gebruiken als ik aan het typen ben (ben nu bezig in kladblok) 3) kreeg weer een pop-up van HiJackthis dat er niets kon gewijzigd worden aan de HOSTS map. Ik moet dat dan manueel doen of iets dergelijks Mijn hostst map staat natuurlijk nog "tijdelijk" op mijn bureaublad. moet die niet eerst teruggezet worden? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
ik ben natuurlijk zo dom geweest om eerst een paar dingen in een mat samen te zetten op mijn bureaublad, dus wellicht zijn er daarom een paar dingen niet gevonden. mag ik dat script nog eens laten lopen? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
2e bestand krijg ik hier niet gepost... te lang? - - - Updated - - - OTL Extras logfile created on: 4-4-2013 0:35:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\V&V Projects\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,79 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 69,28% Memory free 7,59 Gb Paging File | 5,79 Gb Available in Paging File | 76,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 62,62 Gb Free Space | 42,01% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: VV-PROJECTS-PC | User Name: V&V Projects | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1350505507-3758519869-1234311891-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" () Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" () Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03392097-AB08-4255-A00E-CB9EA55645A5}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary | "{080F5E6F-0C01-41B3-B5E8-6F139CC33E91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0A6F24EC-E445-41A5-9454-BAF4E77A39C5}" = rport=139 | protocol=6 | dir=out | app=system | "{0CEB91EE-FE3D-47B8-881D-B1E7B896E077}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{10147F4A-7CFC-4F4D-99EF-AF30E391770A}" = lport=10243 | protocol=6 | dir=in | app=system | "{2204F46F-04CB-4DD6-AEF1-25DFC02BCA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{32BBDCA6-6793-453B-A3FB-1A989F864DD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{35270CAF-9BD4-4E90-BE11-0922EA4C1FAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{470A86EA-C5C9-4F94-8D05-BFBD46D56B0D}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary | "{49957959-E106-49A3-9583-C113A009B4B2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4BB41993-0285-4DF9-AD5F-DDC397F31B1B}" = lport=137 | protocol=17 | dir=in | app=system | "{54D68CDE-9658-4B5F-8182-9E82743E0CEA}" = lport=445 | protocol=6 | dir=in | app=system | "{5BBC8688-5774-45F5-867D-A208123995C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E6449F2-4233-4364-B852-EC208EEF3D61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{61A5AB0F-DF28-4D34-A55A-B5480B099B77}" = rport=138 | protocol=17 | dir=out | app=system | "{793ED9EB-FA09-40AE-A06D-D5AFEA3F963E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7F68BB82-099F-4A68-AC73-199DA4F6574B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9115CFA7-578A-4E2A-8778-BF2E89E17C17}" = rport=10243 | protocol=6 | dir=out | app=system | "{99AA71CF-6DAC-463F-B32C-7901AEEAC712}" = lport=2869 | protocol=6 | dir=in | app=system | "{9E7CB6EF-427E-4A11-B6B5-64B269C1E1F3}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5556B8B-AC59-4095-9962-8ADA46B7B2B2}" = lport=139 | protocol=6 | dir=in | app=system | "{A6AAA36E-5502-46D8-9777-89762D01CD15}" = rport=137 | protocol=17 | dir=out | app=system | "{A6E98FE3-8CBD-4F64-96D7-2730E5AC6DBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BBAE8DCA-5C58-479F-A435-BF7E4E2A120C}" = lport=138 | protocol=17 | dir=in | app=system | "{D810DBC5-FE9A-49A3-855A-9EAA7222A680}" = rport=445 | protocol=6 | dir=out | app=system | "{E6ABEF5C-D46B-4913-AF1B-D31D2ADB9790}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{F0EFF6F2-7587-4D68-AD60-10CAEC3AFD70}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F60643B5-C233-48FE-ADCB-95AD778B4DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006CF0B5-7D27-4D02-955C-7DD66E8C361C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{00C35A72-8DDB-48A0-AEF1-8130EFA728F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{017FDAC9-36EC-48EC-A03D-355E9DCB5AC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{0AA5EB82-D9E0-48AD-81A2-87AB53CCE543}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{0AD3F558-FAB7-4831-AA60-7B15E144BAB7}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{0EFBD9F1-FF0D-4844-86EC-6E20A482A761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{100F794F-DD52-48C5-B25E-EE56C2E92574}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{14D748B8-83AA-4CF6-866F-F0A85B69FFA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1A50FB80-6530-4FE3-802E-C680EDCF83A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{22EB33CC-12E2-411A-977B-5EDF29755894}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{2DDDB576-25AC-4D11-816C-7D47A5E8492A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{31F250A5-E499-4870-9836-EDB96BB9BF4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{34CDF73B-209E-453C-9535-21960DB8F87E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{35220AE6-A11D-4FA5-A264-5D7488CBD8D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{35A4A3CD-DE67-4E32-8642-F0C5ECAC1D13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3777F759-6952-4713-882D-4BCF5BB4FD4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37E0DF5E-F4AF-46BF-98C2-E5DEBE9BF0FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3F7BC772-9A3D-4071-8E74-4537C9BEE9C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{460BEEA6-D31E-4EDE-9A10-184220093337}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A726529-B207-4FB5-BBFD-06CE888EC1DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E23882D-D7F2-4D78-AFDA-14954307CE20}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{5057B76E-7415-401D-8FF7-BB8F9D913B30}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{51CD569C-0871-4E7C-95CC-B876A47AED07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{549E11B6-4B1B-4CA0-AC13-4ADD353692D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5FC4C790-2C9C-462B-9BA3-9919FE55B11A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6EC238BB-9AF5-4785-8C9B-1B221D2315B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{75BEA538-C0E6-4386-A87D-5374C2FB189A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{8A5B9699-ABDE-43B6-B8D6-9F1FF97EADF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{8C484678-B793-43A0-ABD1-1AA83A4007D5}" = protocol=17 | dir=in | app=c:\users\tom\appdata\roaming\dropbox\bin\dropbox.exe | "{90FCE226-3C5B-457B-9DFC-C84E727521B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{93990916-EAE4-4918-B2BE-80044605D623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{984D7BBB-79B4-4337-9EC6-AEB1AF8FABA0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{9D652C7B-96DA-4B81-B128-382D7F484E72}" = protocol=6 | dir=in | app=c:\users\tom\appdata\roaming\dropbox\bin\dropbox.exe | "{A66DADEA-D80F-45B5-B784-9DC91458923F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A80C37F5-3DF1-4288-A86A-551508656425}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{A8245C35-5499-4E04-840E-F6920558AAD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{A8671034-1740-4A09-963A-2EC7F86EE6CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{AA8F09DE-6CBA-4FA9-B1B9-EE93B842AB30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{B01BE8CB-1F2A-46A3-A540-F1D18AB418B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{B040FDEB-9E20-4663-9C6A-6F7785FEC667}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B488C25A-FAD7-499D-827E-A3637628161C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{B753E932-01BA-43D6-8EC7-B052570C8854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{BEECEDFF-CC1E-4044-A855-94B9A88B37CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D6C0E0CC-8757-4915-ACD1-021E708E6D5A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DE703455-3C05-4003-8B02-CABDFAC78902}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E11DBF15-1385-48F7-B25C-DF26E98925BB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{E91295D7-7DEB-45F9-865F-0F3C4E01E4F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{EC27504C-4735-4247-92D6-D342E95994F3}" = protocol=6 | dir=out | app=system | "{ED8C2B77-9EEF-4700-ACDC-A6092C757BE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{FD3BFA03-05D2-46C4-A0B3-ECD9A5518E67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{063A6CC3-9B41-4928-BC4E-32938C2F1FBF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{25A8CDD5-44EC-4FC3-8FCC-6D63B06C5298}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{F3FF2B2E-B48C-4C31-A686-1BE96E19E4FB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | - - - Updated - - - "TCP Query User{FBACB85B-936D-4180-A14B-7A9EB1C5A3C9}C:\users\v&v projects\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\v&v projects\appdata\roaming\spotify\spotify.exe | "UDP Query User{5234AA54-76BB-491D-BE5D-FFC33E5ACBA8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{A4136923-5287-45F3-A4F2-9999C63AFE54}C:\users\v&v projects\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\v&v projects\appdata\roaming\spotify\spotify.exe | "UDP Query User{B13E6914-FA40-41AF-86EB-CF47BB8A80E2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{D24184C4-063E-43F6-95D4-758E51422AA2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{316F89B3-40A7-4986-BE4F-27258B1DEBCB}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "CutePDF Writer Installation" = CutePDF Writer 3.0 "Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32061277-9F45-4C3B-8299-D106D5A502ED}" = Windows Live Movie Maker "{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41DFDD57-21B7-4C48-8C75-FFB35696CA8B}" = Windows Live Toolbar "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery "{77819F21-42FA-4523-A40D-3EAC892B27F0}" = Google SketchUp 8 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{95120000-0052-0413-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Nederlands "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD9F9101-9120-4454-B186-CFD22C64856E}" = Google SketchUp 7 "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE440631-06AA-4203-92F3-AF3C2CF764D1}_is1" = eLink 2.0 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.6 (Evaluation) "FileASSASSIN" = FileASSASSIN "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Kruidvat fotoservice" = Kruidvat fotoservice "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl) "MyTomTom" = MyTomTom 3.1.0.530 "NSS" = Norton Security Scan "NVIDIA.Updatus" = NVIDIA Updatus "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "RealPlayer 12.0" = RealPlayer "RegClean Pro_is1" = RegClean Pro "Registry Mechanic_is1" = Registry Mechanic 10.0 "TmNationsForever_is1" = TmNationsForever "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1350505507-3758519869-1234311891-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1350505507-3758519869-1234311891-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11-2-2013 19:58:43 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11-2-2013 19:58:43 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10187 Error - 11-2-2013 19:58:43 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10187 Error - 13-2-2013 17:29:29 | Computer Name = VV-Projects-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567, tijdstempel: 0x4d672ee4 Naam van module met fout: AdsmendecExt.dll, versie: 1.6.8.423, tijdstempel: 0x4ac1b03b Uitzonderingscode: 0x40000015 Foutoffset: 0x0000000000033c0e Id van proces met fout: 0xabc Starttijd van toepassing met fout: 0x01cdf4dbfb582237 Pad naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\AdsmendecExt.dll Rapport-id: 7256dff9-7624-11e2-aea3-20cf3015c66f Error - 13-2-2013 21:35:45 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13-2-2013 21:35:45 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1030 Error - 13-2-2013 21:35:45 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 13-2-2013 21:35:47 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13-2-2013 21:35:47 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2044 Error - 13-2-2013 21:35:47 | Computer Name = VV-Projects-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2044 [ System Events ] Error - 3-10-2011 13:26:39 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 14:09:55 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 15:04:14 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 15:04:14 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 15:57:20 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 15:57:21 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 3-10-2011 18:11:59 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 4-10-2011 15:53:43 | Computer Name = VV-Projects-PC | Source = EventLog | ID = 6008 Description = De vorige afsluiting van het systeem om 21:51:29 op ?4/?10/?2011 is onverwacht gebeurd. Error - 9-10-2011 17:14:04 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 9-10-2011 17:14:04 | Computer Name = VV-Projects-PC | Source = WMPNetworkSvc | ID = 866333 Description = < End of report > -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
OTL logfile created on: 4-4-2013 0:35:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\V&V Projects\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,79 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 69,28% Memory free 7,59 Gb Paging File | 5,79 Gb Available in Paging File | 76,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 62,62 Gb Free Space | 42,01% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: VV-PROJECTS-PC | User Name: V&V Projects | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-04-04 00:33:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\V&V Projects\Desktop\OTL.com PRC - [2013-02-28 17:27:22 | 007,853,400 | ---- | M] (Systweak Inc) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe PRC - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012-12-14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-12-14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-12-14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-12-09 14:48:50 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2011-11-14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe PRC - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-01-28 13:22:52 | 001,590,232 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\Upgrade.exe PRC - [2011-01-28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010-11-15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010-10-02 22:18:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010-07-07 19:05:14 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010-03-27 17:34:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010-02-08 20:04:04 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010-02-05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010-02-04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-01-05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009-11-02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009-08-12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009-07-31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009-06-24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2013-02-15 10:33:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013-01-14 16:16:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013-01-14 15:33:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013-01-14 15:33:03 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013-01-14 15:32:15 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-14 15:31:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013-01-14 15:31:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-14 15:31:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-14 15:31:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-14 15:31:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-14 15:30:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011-11-14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2011-11-14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll MOD - [2011-11-14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll MOD - [2011-11-14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll MOD - [2011-11-14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll MOD - [2011-11-14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll MOD - [2011-11-14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010-11-13 02:34:15 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-11-05 03:54:50 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_nl_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010-10-02 22:19:02 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2010-02-03 01:51:50 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2010-02-03 01:51:32 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010-02-03 01:51:24 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010-02-03 01:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010-02-03 01:51:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009-11-02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009-11-02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2010-09-06 12:09:44 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2010-02-23 13:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2010-02-23 13:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009-12-08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009-08-06 23:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-03-12 22:58:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-12-14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-01-28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010-10-22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010-03-27 17:34:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-10-01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009-10-01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-02-12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012-12-14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012-07-09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-03-18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011-03-18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-08-25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010-07-30 19:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2010-07-30 19:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2010-07-30 19:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2010-07-07 19:05:05 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010-04-28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010-03-03 13:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-03-02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010-02-26 10:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010-02-25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010-02-23 13:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010-02-03 00:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-01-18 14:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009-10-30 04:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009-09-17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009-08-20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009-08-18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009-08-06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009-06-18 21:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\***laby.sys -- (***laby) DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-05-13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = {searchTerms} - Google Search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Babylon Search Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "Google=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: true FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "Google" FF - prefs.js..extensions.enabledAddons: disabledapp2258@disabled.com:0.81.57 FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560 FF - prefs.js..keyword.URL: "Google=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-10-02 22:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-03 21:39:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-14 13:13:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-03 21:39:57 | 000,000,000 | ---D | M] [2012-06-05 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\V&V Projects\AppData\Roaming\mozilla\Extensions [2013-03-17 23:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\V&V Projects\AppData\Roaming\mozilla\Firefox\Profiles\rt86xsn0.default\extensions [2012-10-13 14:38:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\V&V Projects\AppData\Roaming\mozilla\Firefox\Profiles\rt86xsn0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013-02-06 01:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-05-29 19:15:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\USERS\V&V PROJECTS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RT86XSN0.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM [2012-02-16 17:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-02-16 12:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-02-16 12:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml [2012-02-16 12:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml [2012-02-16 12:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml O1 HOSTS File: ([2013-01-08 03:01:56 | 000,001,477 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 199.193.118.246 www.google-analytics.com. O1 - Hosts: 199.193.118.246 ad-emea.doubleclick.net. O1 - Hosts: 199.193.118.246 www.statcounter.com. O1 - Hosts: 199.193.118.246 connect.facebook.net. O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 93.115.241.27 connect.facebook.net. O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1350505507-3758519869-1234311891-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-1350505507-3758519869-1234311891-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1350505507-3758519869-1234311891-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002..\Run: [spotify] C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1350505507-3758519869-1234311891-1002..\Run: [spotify Web Helper] C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1350505507-3758519869-1234311891-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://www.navigram.com/engine/v911/Navigram.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} http://www.airtradecentre.com/cms/atcTableEditor.cab (CatcTableEditorCtrl Object) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://www.navigram.com/engine/v1120/Navigram.cab (Navigram Control) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.1 195.130.130.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95319453-E0AB-410C-BB87-858576A2082F}: DhcpNameServer = 195.130.131.1 195.130.130.129 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9a9ae90f-2982-11e1-b415-20cf3015c66f}\Shell - "" = AutoRun O33 - MountPoints2\{9a9ae90f-2982-11e1-b415-20cf3015c66f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-04-04 00:33:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\V&V Projects\Desktop\OTL.com [2013-03-29 01:46:20 | 000,000,000 | ---D | C] -- C:\Users\V&V Projects\Desktop\EmsisoftEmergencyKit [2013-03-29 01:40:52 | 000,000,000 | ---D | C] -- C:\Users\V&V Projects\Desktop\tdsskiller [2013-03-25 01:15:06 | 000,000,000 | ---D | C] -- C:\Users\V&V Projects\Desktop\HostsXpert [2013-03-25 01:08:28 | 000,000,000 | ---D | C] -- C:\Users\V&V Projects\AppData\Roaming\Systweak [2013-03-25 01:08:27 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013-03-25 01:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2013-03-25 01:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro [2013-03-25 01:07:41 | 003,785,016 | ---- | C] (Systweak Inc ) -- C:\Users\V&V Projects\Desktop\rcpsetup_3335_new.exe [2013-03-22 00:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN [2013-03-22 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN [2013-03-18 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013-03-17 23:44:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-03-17 23:42:28 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013-03-13 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-12-28 00:27:43 | 000,059,392 | ---- | C] (CANON INC.) -- C:\Users\V&V Projects\cnmss Canon Inkjet MP140 series (Local).dll [2011-12-28 19:02:15 | 000,980,104 | ---- | C] (Skype Technologies S.A.) -- C:\Users\V&V Projects\SkypeSetup.exe [2010-11-05 19:35:41 | 008,078,592 | ---- | C] (Microsoft Corporation) -- C:\Users\V&V Projects\visioviewer.exe [2008-08-12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\V&V Projects\Desktop\*.tmp files -> C:\Users\V&V Projects\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-04-04 00:39:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-04-04 00:33:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\V&V Projects\Desktop\OTL.com [2013-04-04 00:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-04-03 23:43:40 | 000,000,512 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for V&V Projects.job [2013-04-03 23:04:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-03 23:04:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-03 20:22:23 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2013-04-03 20:19:53 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-04-03 20:13:28 | 001,551,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-04-03 20:13:28 | 000,702,250 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013-04-03 20:13:28 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-04-03 20:13:28 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013-04-03 20:13:28 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-04-03 20:11:15 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013-04-03 20:11:13 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_V&V Projects.job [2013-04-03 20:11:13 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_V&V Projects.job [2013-04-03 20:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-03 00:25:40 | 000,229,135 | ---- | M] () -- C:\Users\V&V Projects\Desktop\inbouwhaard.jpg [2013-04-03 00:08:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013-04-02 22:40:50 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_V&V Projects.job [2013-04-02 22:07:57 | 3054,936,064 | -HS- | M] () -- C:\hiberfil.sys [2013-03-29 01:45:05 | 245,354,024 | ---- | M] () -- C:\Users\V&V Projects\Desktop\EmsisoftEmergencyKit.zip [2013-03-29 01:40:35 | 002,218,636 | ---- | M] () -- C:\Users\V&V Projects\Desktop\tdsskiller.zip [2013-03-25 01:17:12 | 000,147,631 | ---- | M] () -- C:\Users\V&V Projects\Desktop\xhoster.jpg [2013-03-25 01:12:52 | 000,357,766 | ---- | M] () -- C:\Users\V&V Projects\Desktop\HostsXpert.zip [2013-03-25 01:12:08 | 000,261,986 | ---- | M] () -- C:\Users\V&V Projects\Desktop\regcleanpro.jpg [2013-03-25 01:08:25 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2013-03-25 01:07:42 | 003,785,016 | ---- | M] (Systweak Inc ) -- C:\Users\V&V Projects\Desktop\rcpsetup_3335_new.exe [2013-03-22 00:07:25 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2013-03-22 00:06:57 | 000,167,034 | ---- | M] () -- C:\Users\V&V Projects\Desktop\fileassassin-setup-1.06.exe [2013-03-20 23:51:30 | 000,161,467 | ---- | M] () -- C:\Users\V&V Projects\Desktop\Malwarebytes.jpg [2013-03-17 23:37:56 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.zoek [2013-03-17 23:37:18 | 000,120,975 | ---- | M] () -- C:\Users\Public\Desktop\sample_20131703_2237.zip [2013-03-17 23:34:05 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013-03-17 17:32:10 | 000,002,182 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013-03-10 22:09:33 | 000,000,329 | ---- | M] () -- C:\Users\V&V Projects\Desktop\HP hulpprogramma's voor printdiagnose.url [1 C:\Users\V&V Projects\Desktop\*.tmp files -> C:\Users\V&V Projects\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-04-03 00:27:06 | 000,229,135 | ---- | C] () -- C:\Users\V&V Projects\Desktop\inbouwhaard.jpg [2013-03-29 03:23:01 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_V&V Projects.job [2013-03-29 03:23:01 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_V&V Projects.job [2013-03-29 03:23:00 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_V&V Projects.job [2013-03-29 01:43:41 | 245,354,024 | ---- | C] () -- C:\Users\V&V Projects\Desktop\EmsisoftEmergencyKit.zip [2013-03-29 01:40:33 | 002,218,636 | ---- | C] () -- C:\Users\V&V Projects\Desktop\tdsskiller.zip [2013-03-25 01:17:11 | 000,147,631 | ---- | C] () -- C:\Users\V&V Projects\Desktop\xhoster.jpg [2013-03-25 01:12:51 | 000,357,766 | ---- | C] () -- C:\Users\V&V Projects\Desktop\HostsXpert.zip [2013-03-25 01:12:08 | 000,261,986 | ---- | C] () -- C:\Users\V&V Projects\Desktop\regcleanpro.jpg [2013-03-25 01:08:34 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013-03-25 01:08:34 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013-03-25 01:08:25 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2013-03-22 00:07:25 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2013-03-22 00:06:57 | 000,167,034 | ---- | C] () -- C:\Users\V&V Projects\Desktop\fileassassin-setup-1.06.exe [2013-03-20 23:51:30 | 000,161,467 | ---- | C] () -- C:\Users\V&V Projects\Desktop\Malwarebytes.jpg [2013-03-17 23:42:28 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013-03-17 23:37:19 | 000,120,975 | ---- | C] () -- C:\Users\Public\Desktop\sample_20131703_2237.zip [2013-03-10 22:09:33 | 000,000,329 | ---- | C] () -- C:\Users\V&V Projects\Desktop\HP hulpprogramma's voor printdiagnose.url [2013-01-14 15:28:26 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012-11-03 21:34:29 | 000,226,114 | ---- | C] () -- C:\Windows\hpwins28.dat [2012-11-03 21:34:29 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2012-09-04 23:32:22 | 000,000,051 | ---- | C] () -- C:\ProgramData\oevvkdkqtlsuanx [2010-07-07 18:40:54 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009-04-08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008-05-22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2007-03-12 19:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011-06-24 00:31:41 | 000,000,000 | ---D | M] -- C:\Users\Marijke\AppData\Roaming\Asus WebStorage [2012-01-28 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\Marijke\AppData\Roaming\SoftGrid Client [2010-08-20 01:06:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Asus WebStorage [2013-03-17 23:44:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Dropbox [2012-07-20 00:56:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SoftGrid Client [2010-08-18 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Asus WebStorage [2012-06-05 20:34:08 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Babylon [2010-10-02 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-10-13 14:52:31 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\DVDVideoSoft [2012-10-13 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\DVDVideoSoftIEHelpers [2012-06-10 01:45:35 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Media Finder [2012-10-13 13:30:13 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Registry Mechanic [2013-04-01 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\SoftGrid Client [2013-04-02 22:40:36 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Spotify [2013-03-25 01:08:28 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Systweak [2012-05-10 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\TeamViewer [2010-08-20 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\TP [2012-07-08 23:03:51 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\Windows Live Writer [2012-07-22 23:03:26 | 000,000,000 | ---D | M] -- C:\Users\V&V Projects\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D1B5B4F1 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 < End of report > -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
niet gevonden via de zoekfunctie -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
als ik dan doorklik dan sluit het kader: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:48:33, on 2/04/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 199.193.118.246 www.google-analytics.com. O1 - Hosts: 199.193.118.246 ad-emea.doubleclick.net. O1 - Hosts: 199.193.118.246 www.statcounter.com. O1 - Hosts: 199.193.118.246 connect.facebook.net. O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 93.115.241.27 connect.facebook.net. O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} (CatcTableEditorCtrl Object) - http://www.airtradecentre.com/cms/atcTableEditor.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15169 bytes -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
"uitvoeren als administrator" levert alleen een snelle "flits" verschijning van een kader en dan is het weer weg. Gewoon uitvoeren geeft dit:
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
en hoe doe je dat in veilige modus met W7? -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:11:32, on 29/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\OffSpon.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Registry Mechanic\upgrade.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 199.193.118.246 www.google-analytics.com. O1 - Hosts: 199.193.118.246 ad-emea.doubleclick.net. O1 - Hosts: 199.193.118.246 www.statcounter.com. O1 - Hosts: 199.193.118.246 connect.facebook.net. O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 93.115.241.27 connect.facebook.net. O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} (CatcTableEditorCtrl Object) - http://www.airtradecentre.com/cms/atcTableEditor.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15743 bytes - - - Updated - - - en nog steeds pop-up's... -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 29-3-2013 0:50:18 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, Q:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 29-3-2013 0:52:57 Gescand 492807 Gevonden 0 Scan geëindigd: 29-3-2013 2:16:15 Scantijd: 1:23:18 -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
TDSS killer: 00:41:08.0441 10340 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:41:08.0628 10340 ============================================================ 00:41:08.0628 10340 Current date / time: 2013/03/29 00:41:08.0628 00:41:08.0628 10340 SystemInfo: 00:41:08.0628 10340 00:41:08.0628 10340 OS Version: 6.1.7601 ServicePack: 1.0 00:41:08.0628 10340 Product type: Workstation 00:41:08.0628 10340 ComputerName: VV-PROJECTS-PC 00:41:08.0644 10340 UserName: V&V Projects 00:41:08.0644 10340 Windows directory: C:\Windows 00:41:08.0644 10340 System windows directory: C:\Windows 00:41:08.0644 10340 Running under WOW64 00:41:08.0644 10340 Processor architecture: Intel x64 00:41:08.0644 10340 Number of processors: 4 00:41:08.0644 10340 Page size: 0x1000 00:41:08.0644 10340 Boot type: Normal boot 00:41:08.0644 10340 ============================================================ 00:41:09.0518 10340 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:41:09.0518 10340 ============================================================ 00:41:09.0518 10340 \Device\Harddisk0\DR0: 00:41:09.0518 10340 MBR partitions: 00:41:09.0518 10340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08 00:41:09.0549 10340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800 00:41:09.0549 10340 ============================================================ 00:41:09.0564 10340 C: <-> \Device\Harddisk0\DR0\Partition1 00:41:09.0596 10340 D: <-> \Device\Harddisk0\DR0\Partition2 00:41:09.0596 10340 ============================================================ 00:41:09.0596 10340 Initialize success 00:41:09.0596 10340 ============================================================ 00:41:12.0731 2208 ============================================================ 00:41:12.0731 2208 Scan started 00:41:12.0731 2208 Mode: Manual; 00:41:12.0731 2208 ============================================================ 00:41:13.0698 2208 ================ Scan system memory ======================== 00:41:13.0698 2208 System memory - ok 00:41:13.0714 2208 ================ Scan services ============================= 00:41:13.0901 2208 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:41:13.0917 2208 1394ohci - ok 00:41:13.0948 2208 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:41:13.0948 2208 ACPI - ok 00:41:13.0979 2208 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:41:13.0979 2208 AcpiPmi - ok 00:41:14.0057 2208 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:41:14.0057 2208 AdobeARMservice - ok 00:41:14.0198 2208 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:41:14.0198 2208 AdobeFlashPlayerUpdateSvc - ok 00:41:14.0244 2208 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:41:14.0276 2208 adp94xx - ok 00:41:14.0307 2208 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:41:14.0307 2208 adpahci - ok 00:41:14.0338 2208 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:41:14.0354 2208 adpu320 - ok 00:41:14.0400 2208 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe 00:41:14.0400 2208 ADSMService - ok 00:41:14.0432 2208 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:41:14.0432 2208 AeLookupSvc - ok 00:41:14.0494 2208 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe 00:41:14.0556 2208 AFBAgent - ok 00:41:14.0603 2208 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 00:41:14.0634 2208 AFD - ok 00:41:14.0681 2208 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:41:14.0681 2208 agp440 - ok 00:41:14.0712 2208 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:41:14.0712 2208 ALG - ok 00:41:14.0728 2208 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:41:14.0744 2208 aliide - ok 00:41:14.0775 2208 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:41:14.0775 2208 amdide - ok 00:41:14.0790 2208 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:41:14.0806 2208 AmdK8 - ok 00:41:14.0806 2208 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:41:14.0822 2208 AmdPPM - ok 00:41:14.0853 2208 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:41:14.0868 2208 amdsata - ok 00:41:14.0900 2208 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:41:14.0900 2208 amdsbs - ok 00:41:14.0931 2208 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:41:14.0931 2208 amdxata - ok 00:41:14.0978 2208 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:41:14.0978 2208 AppID - ok 00:41:15.0009 2208 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:41:15.0009 2208 AppIDSvc - ok 00:41:15.0040 2208 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 00:41:15.0040 2208 Appinfo - ok 00:41:15.0134 2208 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:41:15.0134 2208 Apple Mobile Device - ok 00:41:15.0180 2208 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:41:15.0180 2208 arc - ok 00:41:15.0196 2208 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:41:15.0196 2208 arcsas - ok 00:41:15.0227 2208 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys 00:41:15.0243 2208 AsDsm - ok 00:41:15.0290 2208 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 00:41:15.0305 2208 ASLDRService - ok 00:41:15.0321 2208 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 00:41:15.0321 2208 ASMMAP64 - ok 00:41:15.0352 2208 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:41:15.0352 2208 AsyncMac - ok 00:41:15.0383 2208 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:41:15.0383 2208 atapi - ok 00:41:15.0461 2208 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys 00:41:15.0524 2208 athr - ok 00:41:15.0555 2208 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 00:41:15.0555 2208 ATKGFNEXSrv - ok 00:41:15.0602 2208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:41:15.0633 2208 AudioEndpointBuilder - ok 00:41:15.0664 2208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:41:15.0664 2208 AudioSrv - ok 00:41:15.0742 2208 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:41:15.0758 2208 AxInstSV - ok 00:41:15.0804 2208 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:41:15.0820 2208 b06bdrv - ok 00:41:15.0867 2208 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:41:15.0882 2208 b57nd60a - ok 00:41:15.0929 2208 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:41:15.0929 2208 BDESVC - ok 00:41:15.0960 2208 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:41:15.0960 2208 Beep - ok 00:41:16.0007 2208 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:41:16.0038 2208 BFE - ok 00:41:16.0085 2208 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 00:41:16.0194 2208 BITS - ok 00:41:16.0226 2208 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:41:16.0226 2208 blbdrive - ok 00:41:16.0319 2208 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 00:41:16.0350 2208 Bonjour Service - ok 00:41:16.0397 2208 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:41:16.0397 2208 bowser - ok 00:41:16.0444 2208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:41:16.0444 2208 BrFiltLo - ok 00:41:16.0460 2208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:41:16.0460 2208 BrFiltUp - ok 00:41:16.0506 2208 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:41:16.0506 2208 Browser - ok 00:41:16.0538 2208 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:41:16.0538 2208 Brserid - ok 00:41:16.0553 2208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:41:16.0553 2208 BrSerWdm - ok 00:41:16.0569 2208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:41:16.0569 2208 BrUsbMdm - ok 00:41:16.0584 2208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:41:16.0584 2208 BrUsbSer - ok 00:41:16.0631 2208 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:41:16.0631 2208 BTHMODEM - ok 00:41:16.0662 2208 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:41:16.0678 2208 bthserv - ok 00:41:16.0709 2208 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:41:16.0709 2208 cdfs - ok 00:41:16.0756 2208 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 00:41:16.0756 2208 cdrom - ok 00:41:16.0803 2208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:41:16.0803 2208 CertPropSvc - ok 00:41:16.0850 2208 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:41:16.0850 2208 circlass - ok 00:41:16.0896 2208 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:41:16.0896 2208 CLFS - ok 00:41:17.0006 2208 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:41:17.0006 2208 clr_optimization_v2.0.50727_32 - ok 00:41:17.0068 2208 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:41:17.0068 2208 clr_optimization_v2.0.50727_64 - ok 00:41:17.0146 2208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:41:17.0162 2208 clr_optimization_v4.0.30319_32 - ok 00:41:17.0193 2208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:41:17.0193 2208 clr_optimization_v4.0.30319_64 - ok 00:41:17.0240 2208 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:41:17.0240 2208 CmBatt - ok 00:41:17.0271 2208 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:41:17.0271 2208 cmdide - ok 00:41:17.0318 2208 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 00:41:17.0318 2208 CNG - ok 00:41:17.0380 2208 [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 00:41:17.0411 2208 CnxtHdAudService - ok 00:41:17.0458 2208 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:41:17.0458 2208 Compbatt - ok 00:41:17.0474 2208 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:41:17.0474 2208 CompositeBus - ok 00:41:17.0489 2208 COMSysApp - ok 00:41:17.0520 2208 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:41:17.0520 2208 crcdisk - ok 00:41:17.0567 2208 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:41:17.0583 2208 CryptSvc - ok 00:41:17.0676 2208 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 00:41:17.0692 2208 cvhsvc - ok 00:41:17.0739 2208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:41:17.0786 2208 DcomLaunch - ok 00:41:17.0817 2208 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:41:17.0817 2208 defragsvc - ok 00:41:17.0848 2208 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:41:17.0864 2208 DfsC - ok 00:41:17.0895 2208 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:41:17.0910 2208 Dhcp - ok 00:41:17.0942 2208 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:41:17.0942 2208 discache - ok 00:41:17.0988 2208 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:41:17.0988 2208 Disk - ok 00:41:18.0035 2208 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:41:18.0035 2208 Dnscache - ok 00:41:18.0082 2208 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:41:18.0082 2208 dot3svc - ok 00:41:18.0129 2208 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 00:41:18.0144 2208 Dot4 - ok 00:41:18.0176 2208 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 00:41:18.0176 2208 Dot4Print - ok 00:41:18.0207 2208 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 00:41:18.0207 2208 dot4usb - ok 00:41:18.0238 2208 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:41:18.0254 2208 DPS - ok 00:41:18.0285 2208 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:41:18.0285 2208 drmkaud - ok 00:41:18.0347 2208 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:41:18.0378 2208 DXGKrnl - ok 00:41:18.0410 2208 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:41:18.0410 2208 EapHost - ok 00:41:18.0534 2208 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:41:18.0628 2208 ebdrv - ok 00:41:18.0659 2208 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 00:41:18.0659 2208 EFS - ok 00:41:18.0940 2208 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:41:19.0002 2208 ehRecvr - ok 00:41:19.0096 2208 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:41:19.0096 2208 ehSched - ok 00:41:19.0174 2208 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:41:19.0190 2208 elxstor - ok 00:41:19.0221 2208 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:41:19.0221 2208 ErrDev - ok 00:41:19.0268 2208 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 00:41:19.0283 2208 ETD - ok 00:41:19.0314 2208 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:41:19.0330 2208 EventSystem - ok 00:41:19.0377 2208 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:41:19.0377 2208 exfat - ok 00:41:19.0424 2208 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:41:19.0424 2208 fastfat - ok 00:41:19.0470 2208 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:41:19.0502 2208 Fax - ok 00:41:19.0517 2208 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:41:19.0517 2208 fdc - ok 00:41:19.0548 2208 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:41:19.0564 2208 fdPHost - ok 00:41:19.0580 2208 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:41:19.0580 2208 FDResPub - ok 00:41:19.0611 2208 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:41:19.0611 2208 FileInfo - ok 00:41:19.0626 2208 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:41:19.0626 2208 Filetrace - ok 00:41:19.0658 2208 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:41:19.0658 2208 flpydisk - ok 00:41:19.0689 2208 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:41:19.0704 2208 FltMgr - ok 00:41:19.0751 2208 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 00:41:19.0798 2208 FontCache - ok 00:41:19.0845 2208 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:41:19.0845 2208 FontCache3.0.0.0 - ok 00:41:19.0876 2208 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:41:19.0876 2208 FsDepends - ok 00:41:19.0923 2208 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 00:41:19.0923 2208 fssfltr - ok 00:41:20.0001 2208 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 00:41:20.0032 2208 fsssvc - ok 00:41:20.0063 2208 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:41:20.0063 2208 Fs_Rec - ok 00:41:20.0110 2208 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 00:41:20.0110 2208 FTDIBUS - ok 00:41:20.0126 2208 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 00:41:20.0126 2208 FTSER2K - ok 00:41:20.0188 2208 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:41:20.0188 2208 fvevol - ok 00:41:20.0219 2208 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:41:20.0219 2208 gagp30kx - ok 00:41:20.0282 2208 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 00:41:20.0282 2208 GEARAspiWDM - ok 00:41:20.0328 2208 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:41:20.0360 2208 gpsvc - ok 00:41:20.0422 2208 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:41:20.0438 2208 gupdate - ok 00:41:20.0469 2208 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:41:20.0469 2208 gupdatem - ok 00:41:20.0516 2208 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 00:41:20.0516 2208 gusvc - ok 00:41:20.0562 2208 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:41:20.0562 2208 hcw85cir - ok 00:41:20.0609 2208 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:41:20.0609 2208 HdAudAddService - ok 00:41:20.0640 2208 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:41:20.0640 2208 HDAudBus - ok 00:41:20.0672 2208 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 00:41:20.0672 2208 HECIx64 - ok 00:41:20.0703 2208 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:41:20.0703 2208 HidBatt - ok 00:41:20.0703 2208 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:41:20.0718 2208 HidBth - ok 00:41:20.0734 2208 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:41:20.0750 2208 HidIr - ok 00:41:20.0781 2208 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 00:41:20.0781 2208 hidserv - ok 00:41:20.0843 2208 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 00:41:20.0843 2208 HidUsb - ok 00:41:20.0874 2208 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:41:20.0890 2208 hkmsvc - ok 00:41:20.0921 2208 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:41:20.0937 2208 HomeGroupListener - ok 00:41:20.0952 2208 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:41:20.0968 2208 HomeGroupProvider - ok 00:41:21.0155 2208 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 00:41:21.0155 2208 hpqcxs08 - ok 00:41:21.0202 2208 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 00:41:21.0202 2208 hpqddsvc - ok 00:41:21.0233 2208 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:41:21.0233 2208 HpSAMD - ok 00:41:21.0311 2208 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 00:41:21.0342 2208 HPSLPSVC - ok 00:41:21.0405 2208 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:41:21.0436 2208 HTTP - ok 00:41:21.0467 2208 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:41:21.0467 2208 hwpolicy - ok 00:41:21.0514 2208 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:41:21.0514 2208 i8042prt - ok 00:41:21.0576 2208 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:41:21.0576 2208 iaStor - ok 00:41:21.0623 2208 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:41:21.0639 2208 iaStorV - ok 00:41:21.0686 2208 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:41:21.0717 2208 idsvc - ok 00:41:22.0029 2208 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 00:41:22.0325 2208 igfx - ok 00:41:22.0372 2208 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:41:22.0372 2208 iirsp - ok 00:41:22.0419 2208 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 00:41:22.0450 2208 IKEEXT - ok 00:41:22.0481 2208 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 00:41:22.0497 2208 Impcd - ok 00:41:22.0528 2208 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 00:41:22.0544 2208 IntcDAud - ok 00:41:22.0575 2208 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:41:22.0575 2208 intelide - ok 00:41:22.0606 2208 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:41:22.0606 2208 intelppm - ok 00:41:22.0637 2208 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:41:22.0637 2208 IPBusEnum - ok 00:41:22.0668 2208 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:41:22.0668 2208 IpFilterDriver - ok 00:41:22.0700 2208 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:41:22.0731 2208 iphlpsvc - ok 00:41:22.0762 2208 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:41:22.0762 2208 IPMIDRV - ok 00:41:22.0793 2208 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:41:22.0793 2208 IPNAT - ok 00:41:22.0840 2208 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 00:41:22.0887 2208 iPod Service - ok 00:41:22.0902 2208 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:41:22.0918 2208 IRENUM - ok 00:41:22.0934 2208 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:41:22.0934 2208 isapnp - ok 00:41:22.0965 2208 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:41:22.0965 2208 iScsiPrt - ok 00:41:23.0012 2208 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 00:41:23.0012 2208 JMCR - ok 00:41:23.0058 2208 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys 00:41:23.0058 2208 JME - ok 00:41:23.0090 2208 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 00:41:23.0090 2208 kbdclass - ok 00:41:23.0121 2208 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 00:41:23.0121 2208 kbdhid - ok 00:41:23.0152 2208 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 00:41:23.0152 2208 kbfiltr - ok 00:41:23.0168 2208 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 00:41:23.0168 2208 KeyIso - ok 00:41:23.0199 2208 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:41:23.0199 2208 KSecDD - ok 00:41:23.0230 2208 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:41:23.0230 2208 KSecPkg - ok 00:41:23.0261 2208 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:41:23.0261 2208 ksthunk - ok 00:41:23.0308 2208 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:41:23.0324 2208 KtmRm - ok 00:41:23.0370 2208 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 00:41:23.0417 2208 LanmanServer - ok 00:41:23.0448 2208 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:41:23.0464 2208 LanmanWorkstation - ok 00:41:23.0511 2208 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:41:23.0511 2208 lltdio - ok 00:41:23.0542 2208 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:41:23.0558 2208 lltdsvc - ok 00:41:23.0558 2208 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:41:23.0573 2208 lmhosts - ok 00:41:23.0636 2208 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 00:41:23.0651 2208 LMS - ok 00:41:23.0698 2208 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:41:23.0698 2208 LSI_FC - ok 00:41:23.0729 2208 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:41:23.0729 2208 LSI_SAS - ok 00:41:23.0729 2208 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:41:23.0745 2208 LSI_SAS2 - ok 00:41:23.0776 2208 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:41:23.0776 2208 LSI_SCSI - ok 00:41:23.0807 2208 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:41:23.0807 2208 luafv - ok 00:41:23.0838 2208 [ 085435AE1A124361304044029B5CC644 ] ***laby C:\Windows\system32\DRIVERS\***laby.sys 00:41:23.0838 2208 ***laby - ok 00:41:23.0885 2208 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 00:41:23.0885 2208 MBAMProtector - ok 00:41:23.0979 2208 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 00:41:23.0979 2208 MBAMScheduler - ok 00:41:24.0026 2208 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 00:41:24.0041 2208 MBAMService - ok 00:41:24.0119 2208 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 00:41:24.0119 2208 McComponentHostService - ok 00:41:24.0150 2208 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:41:24.0166 2208 Mcx2Svc - ok 00:41:24.0197 2208 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:41:24.0197 2208 megasas - ok 00:41:24.0213 2208 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:41:24.0213 2208 MegaSR - ok 00:41:24.0260 2208 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:41:24.0275 2208 MMCSS - ok 00:41:24.0275 2208 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:41:24.0275 2208 Modem - ok 00:41:24.0306 2208 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:41:24.0306 2208 monitor - ok 00:41:24.0338 2208 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 00:41:24.0338 2208 mouclass - ok 00:41:24.0369 2208 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:41:24.0369 2208 mouhid - ok 00:41:24.0400 2208 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:41:24.0400 2208 mountmgr - ok 00:41:24.0447 2208 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:41:24.0447 2208 mpio - ok 00:41:24.0478 2208 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:41:24.0478 2208 mpsdrv - ok 00:41:24.0525 2208 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:41:24.0556 2208 MpsSvc - ok 00:41:24.0587 2208 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:41:24.0587 2208 MRxDAV - ok 00:41:24.0634 2208 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:41:24.0634 2208 mrxsmb - ok 00:41:24.0681 2208 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:41:24.0681 2208 mrxsmb10 - ok 00:41:24.0696 2208 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:41:24.0696 2208 mrxsmb20 - ok 00:41:24.0743 2208 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:41:24.0743 2208 msahci - ok 00:41:24.0759 2208 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:41:24.0774 2208 msdsm - ok 00:41:24.0806 2208 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:41:24.0806 2208 MSDTC - ok 00:41:24.0852 2208 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:41:24.0852 2208 Msfs - ok 00:41:24.0884 2208 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:41:24.0899 2208 mshidkmdf - ok 00:41:24.0930 2208 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:41:24.0930 2208 msisadrv - ok 00:41:24.0962 2208 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:41:24.0962 2208 MSiSCSI - ok 00:41:24.0977 2208 msiserver - ok 00:41:25.0024 2208 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:41:25.0024 2208 MSKSSRV - ok 00:41:25.0040 2208 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:41:25.0040 2208 MSPCLOCK - ok 00:41:25.0055 2208 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:41:25.0055 2208 MSPQM - ok 00:41:25.0086 2208 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:41:25.0086 2208 MsRPC - ok 00:41:25.0118 2208 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:41:25.0118 2208 mssmbios - ok 00:41:25.0149 2208 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:41:25.0149 2208 MSTEE - ok 00:41:25.0164 2208 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:41:25.0164 2208 MTConfig - ok 00:41:25.0196 2208 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys 00:41:25.0211 2208 MTsensor - ok 00:41:25.0227 2208 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:41:25.0227 2208 Mup - ok 00:41:25.0258 2208 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:41:25.0289 2208 napagent - ok 00:41:25.0336 2208 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:41:25.0336 2208 NativeWifiP - ok 00:41:25.0399 2208 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:41:25.0431 2208 NDIS - ok 00:41:25.0477 2208 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:41:25.0477 2208 NdisCap - ok 00:41:25.0509 2208 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:41:25.0509 2208 NdisTapi - ok 00:41:25.0540 2208 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:41:25.0540 2208 Ndisuio - ok 00:41:25.0571 2208 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:41:25.0587 2208 NdisWan - ok 00:41:25.0602 2208 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:41:25.0618 2208 NDProxy - ok 00:41:25.0649 2208 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 00:41:25.0649 2208 Net Driver HPZ12 - ok 00:41:25.0696 2208 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:41:25.0696 2208 NetBIOS - ok 00:41:25.0727 2208 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:41:25.0743 2208 NetBT - ok 00:41:25.0774 2208 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 00:41:25.0774 2208 Netlogon - ok 00:41:25.0805 2208 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:41:25.0836 2208 Netman - ok 00:41:25.0867 2208 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:41:25.0883 2208 netprofm - ok 00:41:25.0914 2208 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:41:25.0914 2208 NetTcpPortSharing - ok 00:41:25.0961 2208 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:41:25.0961 2208 nfrd960 - ok 00:41:26.0008 2208 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:41:26.0023 2208 NlaSvc - ok 00:41:26.0039 2208 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:41:26.0055 2208 Npfs - ok 00:41:26.0070 2208 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:41:26.0070 2208 nsi - ok 00:41:26.0101 2208 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:41:26.0101 2208 nsiproxy - ok 00:41:26.0164 2208 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:41:26.0226 2208 Ntfs - ok 00:41:26.0257 2208 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:41:26.0257 2208 Null - ok 00:41:26.0570 2208 [ CE62DFD25E51C471517642405ADDC8BB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 00:41:26.0882 2208 nvlddmkm - ok 00:41:26.0914 2208 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:41:26.0914 2208 nvraid - ok 00:41:26.0945 2208 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:41:26.0960 2208 nvstor - ok 00:41:26.0992 2208 [ 8B73D0A86BF104A884B3F1DCBFE94126 ] nvsvc C:\Windows\system32\nvvsvc.exe 00:41:27.0007 2208 nvsvc - ok 00:41:27.0101 2208 [ FE29D829BC0044FE699EDC997BB1FE72 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 00:41:27.0163 2208 nvUpdatusService - ok 00:41:27.0194 2208 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:41:27.0194 2208 nv_agp - ok 00:41:27.0226 2208 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:41:27.0226 2208 ohci1394 - ok 00:41:27.0272 2208 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:41:27.0272 2208 ose - ok 00:41:27.0444 2208 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 00:41:27.0569 2208 osppsvc - ok 00:41:27.0616 2208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:41:27.0631 2208 p2pimsvc - ok 00:41:27.0662 2208 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:41:27.0678 2208 p2psvc - ok 00:41:27.0725 2208 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:41:27.0725 2208 Parport - ok 00:41:27.0756 2208 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:41:27.0756 2208 partmgr - ok 00:41:27.0787 2208 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:41:27.0803 2208 PcaSvc - ok 00:41:27.0834 2208 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:41:27.0834 2208 pci - ok 00:41:27.0850 2208 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:41:27.0850 2208 pciide - ok 00:41:27.0881 2208 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:41:27.0896 2208 pcmcia - ok 00:41:27.0974 2208 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe 00:41:27.0990 2208 PCToolsSSDMonitorSvc - ok 00:41:28.0021 2208 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:41:28.0021 2208 pcw - ok 00:41:28.0052 2208 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:41:28.0084 2208 PEAUTH - ok 00:41:28.0162 2208 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:41:28.0177 2208 PerfHost - ok 00:41:28.0271 2208 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:41:28.0333 2208 pla - ok 00:41:28.0380 2208 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:41:28.0396 2208 PlugPlay - ok 00:41:28.0442 2208 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 00:41:28.0442 2208 Pml Driver HPZ12 - ok 00:41:28.0474 2208 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:41:28.0474 2208 PNRPAutoReg - ok 00:41:28.0505 2208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:41:28.0520 2208 PNRPsvc - ok 00:41:28.0567 2208 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:41:28.0583 2208 PolicyAgent - ok 00:41:28.0614 2208 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:41:28.0630 2208 Power - ok 00:41:28.0661 2208 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:41:28.0676 2208 PptpMiniport - ok 00:41:28.0708 2208 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:41:28.0708 2208 Processor - ok 00:41:28.0739 2208 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:41:28.0754 2208 ProfSvc - ok 00:41:28.0770 2208 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:41:28.0770 2208 ProtectedStorage - ok 00:41:28.0801 2208 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:41:28.0801 2208 Psched - ok 00:41:28.0879 2208 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:41:28.0926 2208 ql2300 - ok 00:41:28.0942 2208 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:41:28.0942 2208 ql40xx - ok 00:41:28.0973 2208 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:41:28.0988 2208 QWAVE - ok 00:41:29.0020 2208 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:41:29.0020 2208 QWAVEdrv - ok 00:41:29.0020 2208 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:41:29.0035 2208 RasAcd - ok 00:41:29.0066 2208 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:41:29.0066 2208 RasAgileVpn - ok 00:41:29.0098 2208 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:41:29.0113 2208 RasAuto - ok 00:41:29.0129 2208 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:41:29.0129 2208 Rasl2tp - ok 00:41:29.0160 2208 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:41:29.0191 2208 RasMan - ok 00:41:29.0222 2208 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:41:29.0222 2208 RasPppoe - ok 00:41:29.0254 2208 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:41:29.0254 2208 RasSstp - ok 00:41:29.0285 2208 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:41:29.0285 2208 rdbss - ok 00:41:29.0316 2208 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:41:29.0316 2208 rdpbus - ok 00:41:29.0332 2208 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:41:29.0332 2208 RDPCDD - ok 00:41:29.0378 2208 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:41:29.0378 2208 RDPENCDD - ok 00:41:29.0394 2208 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:41:29.0394 2208 RDPREFMP - ok 00:41:29.0425 2208 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:41:29.0442 2208 RDPWD - ok 00:41:29.0489 2208 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:41:29.0489 2208 rdyboost - ok 00:41:29.0504 2208 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:41:29.0520 2208 RemoteAccess - ok 00:41:29.0551 2208 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:41:29.0567 2208 RemoteRegistry - ok 00:41:29.0582 2208 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:41:29.0582 2208 RpcEptMapper - ok 00:41:29.0613 2208 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:41:29.0613 2208 RpcLocator - ok 00:41:29.0660 2208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:41:29.0676 2208 RpcSs - ok 00:41:29.0707 2208 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:41:29.0707 2208 rspndr - ok 00:41:29.0723 2208 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 00:41:29.0723 2208 SamSs - ok 00:41:29.0754 2208 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:41:29.0754 2208 sbp2port - ok 00:41:29.0785 2208 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:41:29.0801 2208 SCardSvr - ok 00:41:29.0832 2208 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:41:29.0832 2208 scfilter - ok 00:41:29.0879 2208 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:41:29.0941 2208 Schedule - ok 00:41:29.0972 2208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:41:29.0972 2208 SCPolicySvc - ok 00:41:30.0003 2208 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 00:41:30.0019 2208 sdbus - ok 00:41:30.0035 2208 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:41:30.0050 2208 SDRSVC - ok 00:41:30.0081 2208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:41:30.0081 2208 secdrv - ok 00:41:30.0097 2208 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:41:30.0113 2208 seclogon - ok 00:41:30.0144 2208 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 00:41:30.0144 2208 SENS - ok 00:41:30.0159 2208 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:41:30.0175 2208 SensrSvc - ok 00:41:30.0206 2208 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:41:30.0206 2208 Serenum - ok 00:41:30.0237 2208 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:41:30.0237 2208 Serial - ok 00:41:30.0284 2208 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:41:30.0284 2208 sermouse - ok 00:41:30.0331 2208 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:41:30.0347 2208 SessionEnv - ok 00:41:30.0425 2208 [ 07B31D8074E7FFF90ED8D5608028A54F ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe 00:41:30.0457 2208 SfCtlCom - ok 00:41:30.0488 2208 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:41:30.0488 2208 sffdisk - ok 00:41:30.0519 2208 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:41:30.0519 2208 sffp_mmc - ok 00:41:30.0535 2208 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:41:30.0550 2208 sffp_sd - ok 00:41:30.0582 2208 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:41:30.0582 2208 sfloppy - ok 00:41:30.0628 2208 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 00:41:30.0660 2208 Sftfs - ok 00:41:30.0722 2208 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 00:41:30.0738 2208 sftlist - ok 00:41:30.0769 2208 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 00:41:30.0784 2208 Sftplay - ok 00:41:30.0800 2208 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 00:41:30.0800 2208 Sftredir - ok 00:41:30.0816 2208 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 00:41:30.0816 2208 Sftvol - ok 00:41:30.0831 2208 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 00:41:30.0847 2208 sftvsa - ok 00:41:30.0878 2208 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:41:30.0909 2208 SharedAccess - ok 00:41:30.0940 2208 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:41:30.0972 2208 ShellHWDetection - ok 00:41:31.0003 2208 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 00:41:31.0003 2208 SiSGbeLH - ok 00:41:31.0018 2208 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:41:31.0018 2208 SiSRaid2 - ok 00:41:31.0050 2208 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:41:31.0050 2208 SiSRaid4 - ok 00:41:31.0096 2208 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:41:31.0112 2208 SkypeUpdate - ok 00:41:31.0143 2208 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:41:31.0143 2208 Smb - ok 00:41:31.0190 2208 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:41:31.0206 2208 SNMPTRAP - ok 00:41:31.0284 2208 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 00:41:31.0330 2208 SNP2UVC - ok 00:41:31.0362 2208 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:41:31.0362 2208 spldr - ok 00:41:31.0408 2208 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:41:31.0440 2208 Spooler - ok 00:41:31.0550 2208 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:41:31.0659 2208 sppsvc - ok 00:41:31.0675 2208 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:41:31.0675 2208 sppuinotify - ok 00:41:31.0721 2208 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:41:31.0737 2208 srv - ok 00:41:31.0753 2208 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:41:31.0768 2208 srv2 - ok 00:41:31.0799 2208 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:41:31.0799 2208 srvnet - ok 00:41:31.0831 2208 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:41:31.0862 2208 SSDPSRV - ok 00:41:31.0877 2208 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:41:31.0893 2208 SstpSvc - ok 00:41:31.0909 2208 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:41:31.0924 2208 stexstor - ok 00:41:31.0940 2208 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 00:41:31.0940 2208 StillCam - ok 00:41:31.0987 2208 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:41:32.0018 2208 stisvc - ok 00:41:32.0049 2208 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:41:32.0049 2208 swenum - ok 00:41:32.0096 2208 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:41:32.0127 2208 swprv - ok 00:41:32.0205 2208 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:41:32.0267 2208 SysMain - ok 00:41:32.0299 2208 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:41:32.0314 2208 TabletInputService - ok 00:41:32.0345 2208 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:41:32.0361 2208 TapiSrv - ok 00:41:32.0392 2208 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:41:32.0392 2208 TBS - ok 00:41:32.0470 2208 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:41:32.0534 2208 Tcpip - ok 00:41:32.0612 2208 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:41:32.0627 2208 TCPIP6 - ok 00:41:32.0658 2208 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:41:32.0658 2208 tcpipreg - ok 00:41:32.0705 2208 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:41:32.0705 2208 TDPIPE - ok 00:41:32.0736 2208 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:41:32.0736 2208 TDTCP - ok 00:41:32.0783 2208 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:41:32.0783 2208 tdx - ok 00:41:32.0814 2208 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:41:32.0814 2208 TermDD - ok 00:41:32.0846 2208 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:41:32.0877 2208 TermService - ok 00:41:32.0908 2208 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:41:32.0908 2208 Themes - ok 00:41:32.0939 2208 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:41:32.0955 2208 THREADORDER - ok 00:41:32.0986 2208 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe 00:41:33.0017 2208 TMBMServer - ok 00:41:33.0048 2208 [ 803EE35DF92815EA5D41CEE7410C8CC1 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys 00:41:33.0048 2208 tmpreflt - ok 00:41:33.0095 2208 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe 00:41:33.0126 2208 TmProxy - ok 00:41:33.0158 2208 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys 00:41:33.0173 2208 tmtdi - ok 00:41:33.0204 2208 [ 9BD32132A3470CEFB3CBEA5FA492BD6F ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys 00:41:33.0220 2208 tmxpflt - ok 00:41:33.0251 2208 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:41:33.0267 2208 TrkWks - ok 00:41:33.0314 2208 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:41:33.0345 2208 TrustedInstaller - ok 00:41:33.0376 2208 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:41:33.0376 2208 tssecsrv - ok 00:41:33.0407 2208 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:41:33.0423 2208 TsUsbFlt - ok 00:41:33.0454 2208 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:41:33.0470 2208 tunnel - ok 00:41:33.0502 2208 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 00:41:33.0502 2208 TurboB - ok 00:41:33.0533 2208 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 00:41:33.0533 2208 TurboBoost - ok 00:41:33.0580 2208 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:41:33.0580 2208 uagp35 - ok 00:41:33.0611 2208 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:41:33.0627 2208 udfs - ok 00:41:33.0658 2208 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:41:33.0658 2208 UI0Detect - ok 00:41:33.0705 2208 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:41:33.0705 2208 uliagpkx - ok 00:41:33.0736 2208 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 00:41:33.0736 2208 umbus - ok 00:41:33.0767 2208 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:41:33.0767 2208 UmPass - ok 00:41:33.0876 2208 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 00:41:33.0954 2208 UNS - ok 00:41:34.0001 2208 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:41:34.0017 2208 upnphost - ok 00:41:34.0048 2208 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 00:41:34.0063 2208 USBAAPL64 - ok 00:41:34.0095 2208 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:41:34.0095 2208 usbccgp - ok 00:41:34.0126 2208 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:41:34.0126 2208 usbcir - ok 00:41:34.0141 2208 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:41:34.0157 2208 usbehci - ok 00:41:34.0188 2208 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:41:34.0188 2208 usbhub - ok 00:41:34.0219 2208 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:41:34.0219 2208 usbohci - ok 00:41:34.0251 2208 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:41:34.0266 2208 usbprint - ok 00:41:34.0297 2208 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 00:41:34.0297 2208 usbscan - ok 00:41:34.0329 2208 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:41:34.0329 2208 USBSTOR - ok 00:41:34.0344 2208 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:41:34.0360 2208 usbuhci - ok 00:41:34.0375 2208 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 00:41:34.0391 2208 usbvideo - ok 00:41:34.0422 2208 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 00:41:34.0438 2208 usb_rndisx - ok 00:41:34.0453 2208 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:41:34.0469 2208 UxSms - ok 00:41:34.0485 2208 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 00:41:34.0500 2208 VaultSvc - ok 00:41:34.0532 2208 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:41:34.0532 2208 vdrvroot - ok 00:41:34.0564 2208 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:41:34.0595 2208 vds - ok 00:41:34.0642 2208 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:41:34.0642 2208 vga - ok 00:41:34.0657 2208 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:41:34.0657 2208 VgaSave - ok 00:41:34.0688 2208 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:41:34.0688 2208 vhdmp - ok 00:41:34.0720 2208 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:41:34.0720 2208 viaide - ok 00:41:34.0735 2208 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:41:34.0735 2208 volmgr - ok 00:41:34.0782 2208 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:41:34.0782 2208 volmgrx - ok 00:41:34.0798 2208 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:41:34.0813 2208 volsnap - ok 00:41:34.0876 2208 [ B01CE1F5A44126892240D179A6DBD43F ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys 00:41:34.0954 2208 vsapint - ok 00:41:35.0000 2208 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:41:35.0000 2208 vsmraid - ok 00:41:35.0063 2208 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:41:35.0141 2208 VSS - ok 00:41:35.0156 2208 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 00:41:35.0172 2208 vwifibus - ok 00:41:35.0172 2208 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 00:41:35.0188 2208 vwififlt - ok 00:41:35.0203 2208 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 00:41:35.0203 2208 vwifimp - ok 00:41:35.0250 2208 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:41:35.0281 2208 W32Time - ok 00:41:35.0312 2208 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:41:35.0312 2208 WacomPen - ok 00:41:35.0359 2208 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:41:35.0359 2208 WANARP - ok 00:41:35.0375 2208 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:41:35.0375 2208 Wanarpv6 - ok 00:41:35.0468 2208 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 00:41:35.0515 2208 WatAdminSvc - ok 00:41:35.0578 2208 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:41:35.0640 2208 wbengine - ok 00:41:35.0671 2208 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:41:35.0687 2208 WbioSrvc - ok 00:41:35.0718 2208 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:41:35.0749 2208 wcncsvc - ok 00:41:35.0765 2208 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:41:35.0780 2208 WcsPlugInService - ok 00:41:35.0812 2208 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:41:35.0812 2208 Wd - ok 00:41:35.0858 2208 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:41:35.0890 2208 Wdf01000 - ok 00:41:35.0905 2208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:41:35.0921 2208 WdiServiceHost - ok 00:41:35.0936 2208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:41:35.0936 2208 WdiSystemHost - ok 00:41:35.0983 2208 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 00:41:36.0014 2208 WebClient - ok 00:41:36.0046 2208 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:41:36.0077 2208 Wecsvc - ok 00:41:36.0092 2208 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:41:36.0108 2208 wercplsupport - ok 00:41:36.0139 2208 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:41:36.0139 2208 WerSvc - ok 00:41:36.0186 2208 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:41:36.0186 2208 WfpLwf - ok 00:41:36.0233 2208 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 00:41:36.0233 2208 WimFltr - ok 00:41:36.0264 2208 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:41:36.0264 2208 WIMMount - ok 00:41:36.0280 2208 WinDefend - ok 00:41:36.0295 2208 WinHttpAutoProxySvc - ok 00:41:36.0358 2208 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:41:36.0373 2208 Winmgmt - ok 00:41:36.0467 2208 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:41:36.0545 2208 WinRM - ok 00:41:36.0592 2208 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:41:36.0607 2208 WinUsb - ok 00:41:36.0638 2208 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:41:36.0685 2208 Wlansvc - ok 00:41:36.0716 2208 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:41:36.0716 2208 WmiAcpi - ok 00:41:36.0748 2208 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:41:36.0748 2208 wmiApSrv - ok 00:41:36.0794 2208 WMPNetworkSvc - ok 00:41:36.0826 2208 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:41:36.0841 2208 WPCSvc - ok 00:41:36.0872 2208 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:41:36.0872 2208 WPDBusEnum - ok 00:41:36.0888 2208 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:41:36.0888 2208 ws2ifsl - ok 00:41:36.0919 2208 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 00:41:36.0935 2208 wscsvc - ok 00:41:36.0935 2208 WSearch - ok 00:41:37.0028 2208 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:41:37.0106 2208 wuauserv - ok 00:41:37.0138 2208 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:41:37.0138 2208 WudfPf - ok 00:41:37.0169 2208 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:41:37.0184 2208 WUDFRd - ok 00:41:37.0216 2208 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:41:37.0231 2208 wudfsvc - ok 00:41:37.0262 2208 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 00:41:37.0278 2208 WwanSvc - ok 00:41:37.0325 2208 ================ Scan global =============================== 00:41:37.0356 2208 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:41:37.0387 2208 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 00:41:37.0418 2208 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 00:41:37.0450 2208 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:41:37.0481 2208 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:41:37.0496 2208 [Global] - ok 00:41:37.0496 2208 ================ Scan MBR ================================== 00:41:37.0512 2208 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 00:41:37.0824 2208 \Device\Harddisk0\DR0 - ok 00:41:37.0824 2208 ================ Scan VBR ================================== 00:41:37.0840 2208 [ FA48911E0777948720A8922330266CD5 ] \Device\Harddisk0\DR0\Partition1 00:41:37.0840 2208 \Device\Harddisk0\DR0\Partition1 - ok 00:41:37.0886 2208 [ CAE4C3BE9B02E7EA9F830C12DAAC9A30 ] \Device\Harddisk0\DR0\Partition2 00:41:37.0886 2208 \Device\Harddisk0\DR0\Partition2 - ok 00:41:37.0886 2208 ============================================================ 00:41:37.0886 2208 Scan finished 00:41:37.0886 2208 ============================================================ 00:41:37.0902 8112 Detected object count: 0 00:41:37.0902 8112 Actual detected object count: 0 -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Eerst een MVPS hosts laten lopen zonder fout en dan ook Hosts expert. HiJack logje van daarna: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:25:06, on 27/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\EXCELC.EXE Q:\140066.enu\Office14\OffSpon.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Registry Mechanic\upgrade.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 199.193.118.246 www.google-analytics.com. O1 - Hosts: 199.193.118.246 ad-emea.doubleclick.net. O1 - Hosts: 199.193.118.246 www.statcounter.com. O1 - Hosts: 199.193.118.246 connect.facebook.net. O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 93.115.241.27 connect.facebook.net. O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\V&V Projects\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4C2F1F44-159E-4F34-A40F-7C25F0E7160D} (CatcTableEditorCtrl Object) - http://www.airtradecentre.com/cms/atcTableEditor.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1120/Navigram.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15678 bytes De spam in de mailbox is wel al geminderd van +- 15 mails naar +-5 mails per dag. De pop'ups blijven wel. -
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Had eerst blijkbaar iets berkeerd gedownload en dat geeft hetvolgende: Dan het juiste: en toen zat ik weer vast
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
- - - Updated - - - ps: ik blijf of mijn mailadressen die op mijn laptop draaien op Windows Live Mail gigantisch veeeeel spam krijgen. heeft dat er ook mee te maken?
-
Hijack this log - U-cash + pop-ups
ice_in_polo_2 reageerde op ice_in_polo_2's topic in Archief Bestrijding malware & virussen
Forbidden 403 You don't have permission te acces ..... - - - Updated - - - ik vind wel vanalles op google , maar is dat veilig?
