Geen geluid meer en fout melding in WMP

Ton

30-12-2013 20:37

Hallo,
Heb helemaal geen geluid meer en een foutmelding in WMP. Heb alles al geprobeert echter niks help. Heb tevens alle stappen uit het actieplan uitgevoerd, zie logjes:
info.txt logfile of random's system information tool 1.09 2013-12-30 19:17:25
======Uninstall list======
–>“C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe”
–>“C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Blasterball 3\Uninstall.exe”
–>“C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe”
–>“C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Crystal Maze\Uninstall.exe”
–>“C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe”
–>“C:\Program Files\HP Games\Diner Dash\Uninstall.exe”
–>“C:\Program Files\HP Games\Escape the Museum\Uninstall.exe”
–>“C:\Program Files\HP Games\FATE\Uninstall.exe”
–>“C:\Program Files\HP Games\Gem Shop\Uninstall.exe”
–>“C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe”
–>“C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Magic Academy\Uninstall.exe”
–>“C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe”
–>“C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe”
–>“C:\Program Files\HP Games\Peggle\Uninstall.exe”
–>“C:\Program Files\HP Games\Penguins!\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Bowler\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Golfer\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Pool\Uninstall.exe”
–>“C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe”
–>“C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe”
–>“C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe”
–>“C:\Program Files\HP Games\Tradewinds\Uninstall.exe”
–>“C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe”
–>“C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe”
–>“C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe”
ActiveCheck component for HP Active Support Library–>MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português–>msiexec /I {AC76BA86-1040-7D70-7761-000000000004}
Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português–>msiexec /I {AC76BA86-1040-7D70-7761-000000000004}
Adobe Acrobat 9.4.7 - CPSID_83708–>msiexec /I {AC76BA86-1040-7D70-7761-000000000004}
Adobe Flash Player 11 ActiveX–>C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin–>C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -maintain plugin
Adobe Reader X (10.1.3) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001}
Adobe Shockwave Player–>MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
Apple Application Support–>MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}
Apple Mobile Device Support–>MsiExec.exe /I{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}
Apple Software Update–>MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
Bing Bar–>MsiExec.exe /X{D322A9E3-758B-4D60-A7C4-65C88FD378D0}
Bonjour–>MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Broadcom 802.11 Wireless LAN Adapter–>“C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe” verbose /rootkey=“Software\Broadcom\802.11\UninstallInfo” /rootdir=“C:\Program Files\Broadcom\Broadcom 802.11\Driver”
Canon MP Navigator EX 3.0–>“C:\Program Files\Canon\MP Navigator EX 3.0\Maint.exe” /UninstallRemove C:\Program Files\Canon\MP Navigator EX 3.0\uninst.ini
Canon MP250 series MP Drivers–>“C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series\DelDrv.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series
Canon Utilities Solution Menu–>C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
Compatibiliteitspakket voor het 2007 Microsoft Office system–>MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
CyberLink DVD Suite–>“C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
CyberLink DVD Suite–>“C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
ESET Online Scanner v3–>C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESU for Microsoft Vista–>MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Free YouTube to MP3 Converter version 3.11.36.1130–>C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe
Gebruikersregistratie voor Canon MP250 series–>C:\Program Files\Canon\IJEREG\MP250 series\UNINST.EXE
GOM Player–>“C:\Program Files\GRETECH\GomPlayer\Uninstall.exe”
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=“”
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=“”
HP Active Support Library–>“C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe” -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe” -l0x9 -removeonly
HP Doc Viewer–>MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support–>MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204–>MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MediaSmart DVD–>“C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe” /z-uninstall
HP MediaSmart DVD–>“C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe” /z-uninstall
HP MediaSmart Music/Photo/Video–>“C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe” /z-uninstall
HP MediaSmart Music/Photo/Video–>“C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe” /z-uninstall /zMS
HP MediaSmart SmartMenu–>MsiExec.exe /I{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}
HP MediaSmart Webcam–>“C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe” /z-uninstall
HP MediaSmart Webcam–>“C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe” /z-uninstall
HP Quick Launch Buttons 6.40 H2–>C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0013 uninst
HP Update–>MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HP User Guides 0129–>MsiExec.exe /X{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}
HP Wireless Assistant–>MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPAsset component for HP Active Support Library–>MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant–>MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe” -l0x9 -removeonly
IDT Audio–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe” -l0x13 -remove -removeonly
iTunes–>MsiExec.exe /I{C197BC08-3D82-4651-8886-E68C21578A38}
Java(TM) 6 Update 24–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller–>“C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe” delpkg
Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LabelPrint–>“C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
LabelPrint–>“C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
LightScribe System Software 1.14.17.1–>MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes Anti-Malware versie 1.75.0.1300–>“C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe”
Microsoft .NET Framework 3.5 Language Pack SP1 - nld–>MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF}
Microsoft .NET Framework 3.5 SP1–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile NLD Language Pack–>MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}
Microsoft .NET Framework 4.5.1–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5.1–>MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D}
Microsoft Antimalware Service NL-NL Language Pack–>MsiExec.exe /X{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}
Microsoft Office File Validation Add-In–>MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5–>MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office PowerPoint Viewer 2007 (Dutch)–>MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}
Microsoft Office Professional Editie 2003–>MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client NL-NL Language Pack–>MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}
Microsoft Security Client–>MsiExec.exe /X{0CD47142-BA4F-46B0-AA92-2675864928B8}
Microsoft Security Essentials–>“C:\Program Files\Microsoft Security Client\Setup.exe” /x
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition –>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729–>MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319–>MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Works–>MsiExec.exe /I{5158F1F5-FA1B-4D49-B546-55A5004B89BD}
Mozilla Firefox 25.0.1 (x86 nl)–>“C:\Program Files\Mozilla Firefox\uninstall\helper.exe”
Mozilla Maintenance Service–>“C:\Program Files\Mozilla Maintenance Service\uninstall.exe”
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal–>MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
My HP Games–>“C:\Program Files\HP Games\Uninstall.exe”
NVIDIA Drivers–>C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA HD Audio-stuurprogramma 1.3.18.0–>“C:\Windows\system32\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{63086E66-FEAB-4705-8977-7BFD975F2003}\NVI2.DLL”,UninstallPackage HDAudio.Driver
OGA Notifier 2.0.0048.0–>MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Power2Go–>“C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
Power2Go–>“C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
PowerDirector–>“C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall
PowerDirector–>“C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall
ProtectSmart Hard Drive Protection–>MsiExec.exe /X{0960BA8A-8A03-4FB0-9D28-9028F1414827}
PVSonyDll–>MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime–>MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Realtek 8169 8168 8101E 8102E Ethernet Driver–>C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0013 -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=“”
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=“”
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=“”
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=“”
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)–>c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)–>c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Segoe UI–>MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Skype Click to Call–>MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.10–>MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Spelling Dictionaries Support For Adobe Reader 9–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE Creature Creator Trial Edition–>“C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe”
Synaptics Pointing Device Driver–>rundll32.exe “%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=“”
Update Installer for WildTangent Games App–>“C:\Program Files\WildTangent Games\App\Uninstall.exe”
Vista Codec Package–>MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WildTangent Games App (HP Games)–>“C:\Program Files\WildTangent Games\Touchpoints\hp\Uninstall.exe”
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)–>C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_8f2fc366\enecir.inf
Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials–>C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live MIME IFilter–>MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker–>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker–>MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery–>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery–>MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live PIMT Platform–>MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: PC_van_cinor8
Event Code: 7036
Message: De Distributed Link Tracking Client-service heeft nu de status wordt uitgevoerd.
Record Number: 281359
Source Name: Service Control Manager
Time Written: 20130406170255.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 7036
Message: De Skype Updater-service heeft nu de status wordt uitgevoerd.
Record Number: 281358
Source Name: Service Control Manager
Time Written: 20130406170255.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 7036
Message: De Terminal Services-service heeft nu de status wordt uitgevoerd.
Record Number: 281357
Source Name: Service Control Manager
Time Written: 20130406170255.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 7036
Message: De Superfetch-service heeft nu de status wordt uitgevoerd.
Record Number: 281356
Source Name: Service Control Manager
Time Written: 20130406170255.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 7036
Message: De Skype C2C Service-service heeft nu de status wordt uitgevoerd.
Record Number: 281355
Source Name: Service Control Manager
Time Written: 20130406170255.000000-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: PC_van_cinor8
Event Code: 6000
Message: De kennisgevingssubscriber van winlogon was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken.
Record Number: 30416
Source Name: Microsoft-Windows-Winlogon
Time Written: 20111122153345.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 9009
Message: Beheer van bureaubladvensters is afgesloten met code 0x40010004
Record Number: 30415
Source Name: Desktop Window Manager
Time Written: 20111122153345.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 8224
Message: De VSS-service is vanwege een time-out voor niet actief afgesloten.
Record Number: 30414
Source Name: VSS
Time Written: 20111122152819.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 8194
Message: Herstelpunt is gemaakt (proces = C:\Windows\system32\svchost.exe -k netsvcs; beschrijving = Windows Update).
Record Number: 30413
Source Name: System Restore
Time Written: 20111122152508.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_cinor8
Event Code: 8194
Message: Herstelpunt is gemaakt (proces = C:\Windows\system32\svchost.exe -k netsvcs; beschrijving = Windows Update).
Record Number: 30412
Source Name: System Restore
Time Written: 20111122152456.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: PC_van_cinor8
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_CINOR8$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Account waarvan de referenties zijn gebruikt:
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Doelserver:
Naam van doelserver: localhost
Aanvullende gegevens: localhost
Procesgegevens:
Proces-id: 0x268
Procesnaam: C:\Windows\System32\services.exe
Netwerkgegevens:
Netwerkadres: -
Poort: -
Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 53553
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120229171619.764529-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_cinor8
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-19
Accountnaam: LOCAL SERVICE
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e5
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 53552
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120229171619.702129-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_cinor8
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_CINOR8$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-19
Accountnaam: LOCAL SERVICE
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e5
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x268
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 53551
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120229171619.702129-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_cinor8
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 53550
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120229171619.608528-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_cinor8
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_CINOR8$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x268
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 53549
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120229171619.608528-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;%NpmLib%;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem\
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 23 Stepping 10, GenuineIntel
“PROCESSOR_REVISION”=170a
“NUMBER_OF_PROCESSORS”=2
“TRACE_FORMAT_SEARCH_PATH”=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
“DFSTRACINGON”=FALSE
“OnlineServices”=Online Services
“Platform”=MCD
“PCBRAND”=Pavilion
“NpmLib”=C:\Program Files\Norman\Npm\Bin
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“asl.log”=Destination=file
“CLASSPATH”=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
—————–EOF—————–
Zie voor het vervolg het volgende bericht:
Ton

30-12-2013 20:39

Logfile of random's system information tool 1.09 (written by random/random)
Run by Verkleij at 2013-12-30 19:17:02
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 195 GB (66%) free of 294 GB
Total RAM: 3069 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:22, on 30-12-2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Verkleij\Desktop\RSIT.exe
C:\Program Files\trend micro\Verkleij.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
–
End of file - 9005 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\HPCeeScheduleForcinor 8 oud.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Verkleij\AppData\Roaming\Mozilla\Firefox\Profiles\fpz3hy76.default-1384266771836
“{20a82645-c095-46ed-80e3-08825760534b}”=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
“Description”=Adobe® Flash® Player 11.9.900.170 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\system32\Adobe\Director\np32dsw.dll
“Description”=
“Path”=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
“Description”=Canon Easy-PhotoPrint EX
“Path”=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Live Update v1.5
“Path”=C:\Program Files\Microsoft\Office Live\npOLW.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=Windows Presentation Foundation plug-in for Mozilla browsers
“Path”=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
“Description”=RealPlayer™ LiveConnect-Enabled Plug-In
“Path”=C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
“Description”=6.0.12.448
“Path”=C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
“Description”=WildTangent Games App V2 Presence Detector Plugin
“Path”=C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
======Registry dump======
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
“”=
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“HP Health Check Scheduler”=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“SmartMenu”=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
“APSDaemon”=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe
“SysTrayApp”=C:\Program Files\IDT\WDM\sttray.exe
“Malwarebytes Anti-Malware”=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
“LightScribe Control Panel”=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
“Skype”=C:\Program Files\Skype\Phone\Skype.exe
“ehTray.exe”=C:\Windows\ehome\ehTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\ehome\ehTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\NvCpl.dll
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
“AppInit_DLLs”=“acaptuser32.dll”
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
“BindDirectlyToPropertySetStorage”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“MSVideo8”=VfWWDM32.dll
“msacm.l3codecp”=l3codecp.acm
“VIDC.FFDS”=ffdshow.ax
“vidc.XVID”=xvidvfw.dll
“msacm.avis”=ff_acm.acm
“msacm.divxa32”=msaud32_divx.acm
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-12-30 19:17:02 —-D—- C:\rsit
2013-12-30 19:17:02 —-D—- C:\Program Files\trend micro
2013-12-30 14:49:42 —-D—- C:\Program Files\ESET
2013-12-30 14:33:04 —-D—- C:\Users\Verkleij\AppData\Roaming\Malwarebytes
2013-12-30 14:32:41 —-D—- C:\ProgramData\Malwarebytes
2013-12-30 14:32:37 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-30 14:32:37 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-12-30 14:24:15 —-D—- C:\AdwCleaner
2013-12-29 00:03:31 —-A—- C:\Windows\system32\vbscript.dll
2013-12-29 00:03:31 —-A—- C:\Windows\system32\mshtmled.dll
2013-12-29 00:03:28 —-A—- C:\Windows\system32\jsproxy.dll
2013-12-29 00:03:28 —-A—- C:\Windows\system32\ieui.dll
2013-12-29 00:03:27 —-A—- C:\Windows\system32\wininet.dll
2013-12-29 00:03:27 —-A—- C:\Windows\system32\msfeeds.dll
2013-12-29 00:03:27 —-A—- C:\Windows\system32\ieUnatt.exe
2013-12-29 00:03:26 —-A—- C:\Windows\system32\url.dll
2013-12-29 00:03:26 —-A—- C:\Windows\system32\jscript9.dll
2013-12-29 00:03:26 —-A—- C:\Windows\system32\jscript.dll
2013-12-29 00:03:25 —-A—- C:\Windows\system32\iertutil.dll
2013-12-29 00:03:24 —-A—- C:\Windows\system32\urlmon.dll
2013-12-29 00:03:23 —-A—- C:\Windows\system32\mshtml.dll
2013-12-29 00:03:21 —-A—- C:\Windows\system32\ieframe.dll
2013-12-28 18:54:58 —-D—- C:\Windows\Migration
2013-12-28 18:53:39 —-A—- C:\Windows\system32\win32k.sys
2013-12-28 18:53:37 —-A—- C:\Windows\system32\SysFxUI.dll
2013-12-28 18:53:37 —-A—- C:\Windows\system32\drivers\portcls.sys
2013-12-28 18:53:37 —-A—- C:\Windows\system32\drivers\drmk.sys
2013-12-28 18:52:53 —-A—- C:\Windows\system32\wscript.exe
2013-12-28 18:52:52 —-A—- C:\Windows\system32\wshcon.dll
2013-12-28 18:52:52 —-A—- C:\Windows\system32\scrrun.dll
2013-12-28 18:52:52 —-A—- C:\Windows\system32\cscript.exe
2013-12-28 18:52:15 —-A—- C:\Windows\system32\imagehlp.dll
2013-12-28 16:43:23 —-D—- C:\ProgramData\LightScribe
2013-12-10 16:54:54 —-D—- C:\Program Files\Mozilla Firefox(114)
======List of files/folders modified in the last 1 month======
2013-12-30 19:17:02 —-RD—- C:\Program Files
2013-12-30 19:16:52 —-D—- C:\Windows\Temp
2013-12-30 19:12:57 —-D—- C:\Users\Verkleij\AppData\Roaming\Skype
2013-12-30 18:55:17 —-SHD—- C:\Windows\Installer
2013-12-30 15:31:25 —-D—- C:\Windows\System32
2013-12-30 15:31:25 —-D—- C:\Windows\inf
2013-12-30 15:31:25 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-12-30 14:49:43 —-SD—- C:\Windows\Downloaded Program Files
2013-12-30 14:48:01 —-D—- C:\Windows\system32\drivers
2013-12-30 14:32:41 —-HD—- C:\ProgramData
2013-12-30 14:29:10 —-D—- C:\Windows\system32\catroot2
2013-12-30 14:27:26 —-D—- C:\Windows
2013-12-30 14:26:00 —-D—- C:\Windows\system32\Tasks
2013-12-30 14:25:56 —-D—- C:\Program Files\Common Files\DVDVideoSoft
2013-12-30 14:14:53 —-D—- C:\Windows\Debug
2013-12-30 13:30:34 —-D—- C:\Program Files\Google
2013-12-30 13:30:29 —-D—- C:\Windows\Tasks
2013-12-29 00:20:53 —-SHD—- C:\System Volume Information
2013-12-29 00:12:03 —-D—- C:\Windows\system32\migration
2013-12-29 00:12:00 —-D—- C:\Program Files\Internet Explorer
2013-12-29 00:08:53 —-D—- C:\Windows\winsxs
2013-12-29 00:08:41 —-A—- C:\Windows\win.ini
2013-12-29 00:07:18 —-D—- C:\Windows\system32\MRT
2013-12-29 00:04:33 —-A—- C:\Windows\system32\mrt.exe
2013-12-29 00:03:52 —-D—- C:\Windows\system32\catroot
2013-12-28 20:38:22 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2013-12-28 19:18:13 —-D—- C:\Windows\Microsoft.NET
2013-12-28 19:03:41 —-RSD—- C:\Windows\assembly
2013-12-28 18:55:36 —-D—- C:\Windows\system32\en-US
2013-12-28 18:37:56 —-D—- C:\Windows\system32\Msdtc
2013-12-28 18:37:49 —-D—- C:\Windows\system32\wbem
2013-12-28 18:37:01 —-D—- C:\Windows\system32\config
2013-12-28 18:36:02 —-RSD—- C:\Windows\Media
2013-12-28 18:35:59 —-D—- C:\Windows\system32\spool
2013-12-28 18:35:59 —-D—- C:\Windows\system32\drivers\UMDF
2013-12-28 18:35:59 —-D—- C:\Windows\system32\CodeIntegrity
2013-12-28 18:35:48 —-RD—- C:\Program Files\Skype
2013-12-28 18:35:48 —-D—- C:\ProgramData\WildTangent
2013-12-28 18:35:48 —-D—- C:\Program Files\Mozilla Maintenance Service
2013-12-28 18:35:48 —-D—- C:\Program Files\Mozilla Firefox
2013-12-28 18:35:12 —-D—- C:\Program Files\iTunes
2013-12-28 18:35:06 —-D—- C:\Program Files\Common Files\Skype
2013-12-28 18:34:45 —-D—- C:\Windows\registration
2013-12-28 17:34:57 —-D—- C:\Windows\Prefetch
2013-12-27 14:42:16 —-D—- C:\Users\Verkleij\AppData\Roaming\CyberLink
2013-12-27 14:09:01 —-SD—- C:\Users\Verkleij\AppData\Roaming\Microsoft
2013-12-24 14:19:28 —-D—- C:\ProgramData\Skype
2013-12-01 21:17:53 —-D—- C:\Program Files\WildTangent Games
2013-12-01 16:00:12 —-SD—- C:\ProgramData\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys
R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys
R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys
R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
R3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
S3 RkHit;RkHit; \??\C:\Windows\system32\drivers\RKHit.sys
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
S3 GamesAppService;GamesAppService; C:\Program Files\WildTangent Games\App\GamesAppService.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
S4 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.12.30.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Verkleij :: PC_VAN_CINOR8
30-12-2013 14:34:21
mbam-log-2013-12-30 (14-34-21).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 260958
Verstreken tijd: 10 minuut/minuten, 37 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
# AdwCleaner v3.016 - Report created 30/12/2013 at 14:25:56
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Verkleij - PC_VAN_CINOR8
# Running from : C:\Users\Verkleij\Desktop\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Verkleij\AppData\Local\Conduit
Folder Deleted : C:\Users\Verkleij\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Verkleij\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Verkleij\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Verkleij\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Verkleij\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\System32\Tasks\EPUpdater
***** *****
***** *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89193022-1617-4CA2-A5A9-1D82258C9359}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89193022-1617-4CA2-A5A9-1D82258C9359}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{666C14DD-F9B3-4EE8-9276-E9AE0B39C15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EA3F73B-3F51-4A8C-BF6F-9D234FEF59B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** *****
-\\ Internet Explorer v9.0.8112.16526
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main
-\\ Mozilla Firefox v25.0.1 (nl)
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Kan iemand hier naar kijken?
Gr. Ton
fazantje

30-12-2013 22:36

Hoi Ton,
Je hebt/had een rootkit op jou computer!
Houd even jou bankzaken goed in de gaten, en doe geen andere zaken dan alleen dat wat wij jou aangeven om uit te voeren
Doe het volgende:
Download Combofix hier en plaats het op jou bureaublad.
Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.
Succes,
Huib;)
Ton

31-12-2013 11:23

Hallo Huib,
Combo fix geeft een melding dat er een anti-virus en anti-spyware programma van Norman actief is. Ik kan dat hele programma niet vinden. Wat te doen?
Gr. Ton
fazantje

31-12-2013 11:48

Hoi Ton,
Dat icoontje zal als het goed is rechts onderin de taakbalk staan.
die aanklikken en in 1 van de opties zal staan van uitschakelen.
Een andere oplossing is:
Klik met jou rechtermuisknop op het Norman icoontje (snelkoppeling) en dan zal daar de optie staan.
Succes,
Huib;)
Ton

31-12-2013 12:08

Hallo Huib,
Er staat geen icoontje.\
Gr. Ton
fazantje

31-12-2013 12:18

Hoi Ton,
Norman is een restant van de scanner, deze heb je waarschijnlijk in het verleden gebruikt.
Deze melding kun je dan negeren en als combo vraagt om uit te schakelen, dan oke geven.
Het kan zijn dat Ben je zo verder helpt, want ik ben er vanmiddag deels niet.
Succes,
Huib;)
Ton

31-12-2013 12:54

Hallo Huib of Ben,
Hierbij de log van Combofix:
ComboFix 13-12-31.01 - Verkleij 31-12-2013 12:33:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1989
Gestart vanuit: c:\users\Verkleij\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\windows\$NtUninstallKB3255$
c:\windows\$NtUninstallKB3255$\2526461488
c:\windows\$NtUninstallKB3255$\485945278\@
c:\windows\$NtUninstallKB3255$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB3255$\485945278\loader.tlb
c:\windows\$NtUninstallKB3255$\485945278\U\@00000001
c:\windows\$NtUninstallKB3255$\485945278\U\@000000c0
c:\windows\$NtUninstallKB3255$\485945278\U\@000000cb
c:\windows\$NtUninstallKB3255$\485945278\U\@000000cf
c:\windows\$NtUninstallKB3255$\485945278\U\@80000000
c:\windows\$NtUninstallKB3255$\485945278\U\@800000c0
c:\windows\$NtUninstallKB3255$\485945278\U\@800000cb
c:\windows\$NtUninstallKB3255$\485945278\U\@800000cf
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_RkHit
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-11-28 to 2013-12-31 ))))))))))))))))))))))))))))))
.
.
2013-12-31 11:43 . 2013-12-31 11:45 ——– d—–w- c:\users\Verkleij\AppData\Local\temp
2013-12-30 19:22 . 2013-12-30 19:22 ——– d—–w- c:\program files\Mozilla Maintenance Service
2013-12-30 18:17 . 2013-12-30 18:17 ——– d—–w- C:\rsit
2013-12-30 18:17 . 2013-12-30 18:17 ——– d—–w- c:\program files\trend micro
2013-12-30 13:49 . 2013-12-30 13:49 ——– d—–w- c:\program files\ESET
2013-12-30 13:33 . 2013-12-30 13:33 ——– d—–w- c:\users\Verkleij\AppData\Roaming\Malwarebytes
2013-12-30 13:32 . 2013-12-30 13:32 ——– d—–w- c:\programdata\Malwarebytes
2013-12-30 13:32 . 2013-12-30 13:32 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-12-30 13:32 . 2013-04-04 13:50 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-12-30 13:24 . 2013-12-30 13:26 ——– d—–w- C:\AdwCleaner
2013-12-30 12:32 . 2013-12-04 02:57 7760024 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B08972B-C9F1-46EC-BD87-35D7A7D6393B}\mpengine.dll
2013-12-28 22:58 . 2013-12-04 02:57 7760024 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-28 17:54 . 2013-12-28 17:54 ——– d—–w- c:\windows\Migration
2013-12-28 17:53 . 2013-10-30 00:35 2050560 —-a-w- c:\windows\system32\win32k.sys
2013-12-28 17:53 . 2013-10-30 02:12 335360 —-a-w- c:\windows\system32\SysFxUI.dll
2013-12-28 17:53 . 2013-10-30 01:43 130048 —-a-w- c:\windows\system32\drivers\drmk.sys
2013-12-28 17:53 . 2013-10-30 00:43 167936 —-a-w- c:\windows\system32\drivers\portcls.sys
2013-12-28 17:52 . 2013-10-11 02:08 131072 —-a-w- c:\windows\system32\wshom.ocx
2013-12-28 17:52 . 2013-10-11 00:35 155648 —-a-w- c:\windows\system32\wscript.exe
2013-12-28 17:52 . 2013-10-11 02:08 36864 —-a-w- c:\windows\system32\wshcon.dll
2013-12-28 17:52 . 2013-10-11 02:08 172032 —-a-w- c:\windows\system32\scrrun.dll
2013-12-28 17:52 . 2013-10-11 00:35 135168 —-a-w- c:\windows\system32\cscript.exe
2013-12-28 17:52 . 2013-10-22 07:19 158208 —-a-w- c:\windows\system32\imagehlp.dll
2013-12-28 15:43 . 2013-12-28 15:43 ——– d—–w- c:\programdata\LightScribe
2013-12-10 15:54 . 2013-12-10 15:55 ——– d—–w- c:\program files\Mozilla Firefox(114)
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-28 19:38 . 2012-04-15 12:45 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-28 19:38 . 2012-04-15 12:45 692616 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21 . 2009-10-03 15:02 230048 ——w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:23 1304064 —-a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08 . 2013-11-14 11:00 444928 —-a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 11:00 596480 —-a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45 . 2013-11-14 11:00 297984 —-a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-14 11:00 993792 —-a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“Skype”=“c:\program files\Skype\Phone\Skype.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SmartMenu”=“c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\acaptuser32.dll
.
@=“Service”
.
@=“”
.
@=“Service”
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
2010-09-22 17:11 640440 —-a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
2011-09-07 13:53 40376 —-a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
2013-04-04 21:06 958576 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2009-03-23 17:00 1983816 —-a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
2009-03-17 16:40 767312 —-a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
2008-09-25 17:42 189736 ——w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
2008-09-26 01:36 1148200 ——w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
2008-01-21 02:25 125952 —-a-w- c:\windows\ehome\ehtray.exe
.
2008-10-09 05:58 75008 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
2008-12-08 13:50 54576 —-a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
2008-04-15 13:51 488752 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
2008-06-09 09:16 2363392 —-a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
2009-10-03 10:40 13826664 —-a-w- c:\windows\System32\nvcpl.dll
.
2008-08-01 15:14 202032 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
2008-09-23 10:03 912688 —-a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
2010-10-29 13:49 249064 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
2011-10-14 03:36 2299176 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
2009-07-21 21:33 458844 —-a-w- c:\program files\IDT\WDM\sttray.exe
.
2008-09-25 17:41 1152296 ——w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
2008-01-21 02:23 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe
.
2008-01-21 02:25 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
2008-06-09 09:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-06-06 c:\windows\Tasks\HPCeeScheduleForcinor 8 oud.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Verkleij\AppData\Roaming\Mozilla\Firefox\Profiles\fpz3hy76.default-1384266771836\
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
“ImagePath”=“\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(2896)
c:\windows\system32\btncopy.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2013-12-31 12:51:01 - machine werd herstart
ComboFix-quarantined-files.txt 2013-12-31 11:50
.
Pre-Run: 203.730.968.576 bytes beschikbaar
Post-Run: 203.328.974.848 bytes beschikbaar
.
- - End Of File - - 8D7A52E81D4EB5A2842935C137AA2F55
5C86ADEC17B739C437E145E3B3FC2E6D
Ben

31-12-2013 13:31

Hallo,
Je heb/had een rootkit we gaan even verder kijken, lees onderstaande eerst goed door;
Download TDSSKiller en plaats het op je bureaublad.
Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
Klik hier voor de handleiding van Kaspersky TDSSKiller
TDSSKiller uitvoeren
Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
Start nu TDSSkiller opnieuw.
Klik in het licentiescherm op "Accept" om door te gaan.
Vervolgens krijgt u het scherm te zien van het “Kaspersky Security Network Statement” klik hier eveneens op "Accep".
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
Klik op de knop "Start Scan" en volg de instructies.
Gebruik nooit de "Delete“ of ”Quarantaine“ optie bij een ”Fail signature" melding.
Als je niet weet wat te doen, plaats dan eerst het logbestand klik hiervoor op de "Report" knop..
Als het logje te groot is plaats het dan in delen.
Ton

31-12-2013 14:23

Hallo Ben,
Hierbij het logje:
14:14:18.0362 0x0bf0 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:14:29.0355 0x0bf0 ============================================================
14:14:29.0355 0x0bf0 Current date / time: 2013/12/31 14:14:29.0355
14:14:29.0355 0x0bf0 SystemInfo:
14:14:29.0355 0x0bf0
14:14:29.0355 0x0bf0 OS Version: 6.0.6002 ServicePack: 2.0
14:14:29.0355 0x0bf0 Product type: Workstation
14:14:29.0355 0x0bf0 ComputerName: PC_VAN_CINOR8
14:14:29.0355 0x0bf0 UserName: Verkleij
14:14:29.0355 0x0bf0 Windows directory: C:\Windows
14:14:29.0355 0x0bf0 System windows directory: C:\Windows
14:14:29.0356 0x0bf0 Processor architecture: Intel x86
14:14:29.0356 0x0bf0 Number of processors: 2
14:14:29.0356 0x0bf0 Page size: 0x1000
14:14:29.0356 0x0bf0 Boot type: Normal boot
14:14:29.0356 0x0bf0 ============================================================
14:14:31.0954 0x0bf0 KLMD registered as C:\Windows\system32\drivers\12200079.sys
14:14:32.0295 0x0bf0 System UUID: {9B71277C-D9F7-EE5F-84E3-601663CB9040}
14:14:33.0109 0x0bf0 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050
14:14:33.0111 0x0bf0 ============================================================
14:14:33.0111 0x0bf0 \Device\Harddisk0\DR0:
14:14:33.0112 0x0bf0 MBR partitions:
14:14:33.0112 0x0bf0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23DE07C1
14:14:33.0112 0x0bf0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23DE0800, BlocksNum 0x164C800
14:14:33.0112 0x0bf0 ============================================================
14:14:33.0125 0x0bf0 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:33.0220 0x0bf0 D: <-> \Device\Harddisk0\DR0\Partition2
14:14:33.0220 0x0bf0 ============================================================
14:14:33.0220 0x0bf0 Initialize success
14:14:33.0220 0x0bf0 ============================================================
14:15:26.0828 0x0d38 ============================================================
14:15:26.0828 0x0d38 Scan started
14:15:26.0828 0x0d38 Mode: Manual; SigCheck; TDLFS;
14:15:26.0828 0x0d38 ============================================================
14:15:26.0828 0x0d38 KSN ping started
14:15:27.0026 0x0d38 KSN ping finished: true
14:15:28.0132 0x0d38 ================ Scan system memory ========================
14:15:28.0132 0x0d38 System memory - ok
14:15:28.0132 0x0d38 ================ Scan services =============================
14:15:28.0381 0x0d38 Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:15:28.0490 0x0d38 Accelerometer - ok
14:15:28.0596 0x0d38 ACPI C:\Windows\system32\drivers\acpi.sys
14:15:28.0620 0x0d38 ACPI - ok
14:15:28.0747 0x0d38 AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:28.0758 0x0d38 AdobeARMservice - ok
14:15:28.0856 0x0d38 AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:15:28.0875 0x0d38 AdobeFlashPlayerUpdateSvc - ok
14:15:28.0942 0x0d38 adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:15:28.0989 0x0d38 adp94xx - ok
14:15:29.0031 0x0d38 adpahci C:\Windows\system32\drivers\adpahci.sys
14:15:29.0057 0x0d38 adpahci - ok
14:15:29.0088 0x0d38 adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:15:29.0108 0x0d38 adpu160m - ok
14:15:29.0129 0x0d38 adpu320 C:\Windows\system32\drivers\adpu320.sys
14:15:29.0150 0x0d38 adpu320 - ok
14:15:29.0202 0x0d38 AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:15:29.0257 0x0d38 AeLookupSvc - ok
14:15:29.0313 0x0d38 AFD C:\Windows\system32\drivers\afd.sys
14:15:29.0384 0x0d38 AFD - ok
14:15:29.0438 0x0d38 agp440 C:\Windows\system32\drivers\agp440.sys
14:15:29.0457 0x0d38 agp440 - ok
14:15:29.0466 0x0d38 aic78xx C:\Windows\system32\drivers\djsvs.sys
14:15:29.0485 0x0d38 aic78xx - ok
14:15:29.0508 0x0d38 ALG C:\Windows\System32\alg.exe
14:15:29.0566 0x0d38 ALG - ok
14:15:29.0592 0x0d38 aliide C:\Windows\system32\drivers\aliide.sys
14:15:29.0608 0x0d38 aliide - ok
14:15:29.0625 0x0d38 amdagp C:\Windows\system32\drivers\amdagp.sys
14:15:29.0643 0x0d38 amdagp - ok
14:15:29.0649 0x0d38 amdide C:\Windows\system32\drivers\amdide.sys
14:15:29.0663 0x0d38 amdide - ok
14:15:29.0679 0x0d38 AmdK7 C:\Windows\system32\DRIVERS\amdk7.sys
14:15:29.0749 0x0d38 AmdK7 - ok
14:15:29.0771 0x0d38 AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:15:29.0856 0x0d38 AmdK8 - ok
14:15:29.0941 0x0d38 Appinfo C:\Windows\System32\appinfo.dll
14:15:29.0957 0x0d38 Appinfo - ok
14:15:30.0048 0x0d38 Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:30.0064 0x0d38 Apple Mobile Device - ok
14:15:30.0151 0x0d38 arc C:\Windows\system32\drivers\arc.sys
14:15:30.0171 0x0d38 arc - ok
14:15:30.0215 0x0d38 arcsas C:\Windows\system32\drivers\arcsas.sys
14:15:30.0235 0x0d38 arcsas - ok
14:15:30.0370 0x0d38 aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:15:30.0394 0x0d38 aspnet_state - ok
14:15:30.0447 0x0d38 AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:30.0491 0x0d38 AsyncMac - ok
14:15:30.0524 0x0d38 atapi C:\Windows\system32\drivers\atapi.sys
14:15:30.0547 0x0d38 atapi - ok
14:15:30.0623 0x0d38 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:15:30.0690 0x0d38 AudioEndpointBuilder - ok
14:15:30.0704 0x0d38 Audiosrv C:\Windows\System32\Audiosrv.dll
14:15:30.0735 0x0d38 Audiosrv - ok
14:15:30.0875 0x0d38 BBSvc C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
14:15:30.0895 0x0d38 BBSvc - ok
14:15:30.0936 0x0d38 BBUpdate C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
14:15:30.0956 0x0d38 BBUpdate - ok
14:15:31.0061 0x0d38 BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:15:31.0155 0x0d38 BCM43XX - ok
14:15:31.0201 0x0d38 Beep C:\Windows\system32\drivers\Beep.sys
14:15:31.0227 0x0d38 Beep - ok
14:15:31.0310 0x0d38 BFE C:\Windows\System32\bfe.dll
14:15:31.0389 0x0d38 BFE - ok
14:15:31.0480 0x0d38 BITS C:\Windows\system32\qmgr.dll
14:15:31.0535 0x0d38 BITS - ok
14:15:31.0553 0x0d38 blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:15:31.0621 0x0d38 blbdrive - ok
14:15:31.0708 0x0d38 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:15:31.0755 0x0d38 Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
14:15:31.0994 0x0d38 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
14:15:32.0151 0x0d38 bowser C:\Windows\system32\DRIVERS\bowser.sys
14:15:32.0177 0x0d38 bowser - ok
14:15:32.0237 0x0d38 BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:15:32.0274 0x0d38 BrFiltLo - ok
14:15:32.0294 0x0d38 BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:15:32.0315 0x0d38 BrFiltUp - ok
14:15:32.0345 0x0d38 Browser C:\Windows\System32\browser.dll
14:15:32.0374 0x0d38 Browser - ok
14:15:32.0425 0x0d38 Brserid C:\Windows\system32\drivers\brserid.sys
14:15:32.0523 0x0d38 Brserid - ok
14:15:32.0555 0x0d38 BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:15:32.0641 0x0d38 BrSerWdm - ok
14:15:32.0658 0x0d38 BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:15:32.0736 0x0d38 BrUsbMdm - ok
14:15:32.0760 0x0d38 BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:15:32.0832 0x0d38 BrUsbSer - ok
14:15:32.0873 0x0d38 BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:15:32.0901 0x0d38 BthEnum - ok
14:15:32.0943 0x0d38 BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:15:33.0001 0x0d38 BTHMODEM - ok
14:15:33.0038 0x0d38 BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:15:33.0068 0x0d38 BthPan - ok
14:15:33.0140 0x0d38 BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:15:33.0209 0x0d38 BTHPORT - ok
14:15:33.0239 0x0d38 BthServ C:\Windows\System32\bthserv.dll
14:15:33.0255 0x0d38 BthServ - ok
14:15:33.0282 0x0d38 BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:15:33.0324 0x0d38 BTHUSB - ok
14:15:33.0382 0x0d38 btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:15:33.0395 0x0d38 btwaudio - ok
14:15:33.0404 0x0d38 btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:15:33.0417 0x0d38 btwavdt - ok
14:15:33.0454 0x0d38 btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:15:33.0464 0x0d38 btwrchid - ok
14:15:33.0478 0x0d38 catchme - ok
14:15:33.0533 0x0d38 cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:15:33.0582 0x0d38 cdfs - ok
14:15:33.0634 0x0d38 cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:15:33.0702 0x0d38 cdrom - ok
14:15:33.0755 0x0d38 CertPropSvc C:\Windows\System32\certprop.dll
14:15:33.0799 0x0d38 CertPropSvc - ok
14:15:33.0832 0x0d38 circlass C:\Windows\system32\DRIVERS\circlass.sys
14:15:33.0859 0x0d38 circlass - ok
14:15:33.0908 0x0d38 CLFS C:\Windows\system32\CLFS.sys
14:15:33.0931 0x0d38 CLFS - ok
14:15:33.0982 0x0d38 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:33.0998 0x0d38 clr_optimization_v2.0.50727_32 - ok
14:15:34.0099 0x0d38 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:34.0123 0x0d38 clr_optimization_v4.0.30319_32 - ok
14:15:34.0167 0x0d38 CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:34.0225 0x0d38 CmBatt - ok
14:15:34.0231 0x0d38 cmdide C:\Windows\system32\drivers\cmdide.sys
14:15:34.0248 0x0d38 cmdide - ok
14:15:34.0339 0x0d38 Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:15:34.0359 0x0d38 Com4QLBEx - ok
14:15:34.0365 0x0d38 Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:15:34.0383 0x0d38 Compbatt - ok
14:15:34.0389 0x0d38 COMSysApp - ok
14:15:34.0406 0x0d38 crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:15:34.0423 0x0d38 crcdisk - ok
14:15:34.0445 0x0d38 Crusoe C:\Windows\system32\drivers\crusoe.sys
14:15:34.0518 0x0d38 Crusoe - ok
14:15:34.0578 0x0d38 CryptSvc C:\Windows\system32\cryptsvc.dll
14:15:34.0601 0x0d38 CryptSvc - ok
14:15:34.0664 0x0d38 DcomLaunch C:\Windows\system32\rpcss.dll
14:15:34.0718 0x0d38 DcomLaunch - ok
14:15:34.0757 0x0d38 DfsC C:\Windows\system32\Drivers\dfsc.sys
14:15:34.0865 0x0d38 DfsC - ok
14:15:34.0989 0x0d38 DFSR C:\Windows\system32\DFSR.exe
14:15:35.0130 0x0d38 DFSR - ok
14:15:35.0210 0x0d38 Dhcp C:\Windows\System32\dhcpcsvc.dll
14:15:35.0260 0x0d38 Dhcp - ok
14:15:35.0283 0x0d38 disk C:\Windows\system32\drivers\disk.sys
14:15:35.0298 0x0d38 disk - ok
14:15:35.0343 0x0d38 Dnscache C:\Windows\System32\dnsrslvr.dll
14:15:35.0378 0x0d38 Dnscache - ok
14:15:35.0418 0x0d38 dot3svc C:\Windows\System32\dot3svc.dll
14:15:35.0476 0x0d38 dot3svc - ok
14:15:35.0523 0x0d38 DPS C:\Windows\system32\dps.dll
14:15:35.0595 0x0d38 DPS - ok
14:15:35.0632 0x0d38 drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:15:35.0713 0x0d38 drmkaud - ok
14:15:35.0775 0x0d38 DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:15:35.0816 0x0d38 DXGKrnl - ok
14:15:35.0883 0x0d38 E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:15:35.0945 0x0d38 E1G60 - ok
14:15:35.0998 0x0d38 EapHost C:\Windows\System32\eapsvc.dll
14:15:36.0047 0x0d38 EapHost - ok
14:15:36.0112 0x0d38 Ecache C:\Windows\system32\drivers\ecache.sys
14:15:36.0134 0x0d38 Ecache - ok
14:15:36.0187 0x0d38 ehRecvr C:\Windows\ehome\ehRecvr.exe
14:15:36.0223 0x0d38 ehRecvr - ok
14:15:36.0245 0x0d38 ehSched C:\Windows\ehome\ehsched.exe
14:15:36.0290 0x0d38 ehSched - ok
14:15:36.0314 0x0d38 ehstart C:\Windows\ehome\ehstart.dll
14:15:36.0331 0x0d38 ehstart - ok
14:15:36.0365 0x0d38 elxstor C:\Windows\system32\drivers\elxstor.sys
14:15:36.0394 0x0d38 elxstor - ok
14:15:36.0443 0x0d38 EMDMgmt C:\Windows\system32\emdmgmt.dll
14:15:36.0532 0x0d38 EMDMgmt - ok
14:15:36.0589 0x0d38 enecir C:\Windows\system32\DRIVERS\enecir.sys
14:15:36.0680 0x0d38 enecir - ok
14:15:36.0728 0x0d38 ErrDev C:\Windows\system32\drivers\errdev.sys
14:15:36.0775 0x0d38 ErrDev - ok
14:15:36.0824 0x0d38 EventSystem C:\Windows\system32\es.dll
14:15:36.0854 0x0d38 EventSystem - ok
14:15:36.0913 0x0d38 exfat C:\Windows\system32\drivers\exfat.sys
14:15:36.0961 0x0d38 exfat - ok
14:15:37.0014 0x0d38 ezSharedSvc C:\Windows\System32\ezsvc7.dll
14:15:37.0050 0x0d38 ezSharedSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:15:37.0172 0x0d38 Detect skipped due to KSN trusted
14:15:37.0172 0x0d38 ezSharedSvc - ok
14:15:37.0213 0x0d38 fastfat C:\Windows\system32\drivers\fastfat.sys
14:15:37.0291 0x0d38 fastfat - ok
14:15:37.0333 0x0d38 fdc C:\Windows\system32\DRIVERS\fdc.sys
14:15:37.0368 0x0d38 fdc - ok
14:15:37.0402 0x0d38 fdPHost C:\Windows\system32\fdPHost.dll
14:15:37.0437 0x0d38 fdPHost - ok
14:15:37.0455 0x0d38 FDResPub C:\Windows\system32\fdrespub.dll
14:15:37.0539 0x0d38 FDResPub - ok
14:15:37.0575 0x0d38 FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:15:37.0590 0x0d38 FileInfo - ok
14:15:37.0607 0x0d38 Filetrace C:\Windows\system32\drivers\filetrace.sys
14:15:37.0636 0x0d38 Filetrace - ok
14:15:37.0713 0x0d38 FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:15:37.0782 0x0d38 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
14:15:37.0905 0x0d38 Detect skipped due to KSN trusted
14:15:37.0905 0x0d38 FLEXnet Licensing Service - ok
14:15:37.0931 0x0d38 flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:37.0963 0x0d38 flpydisk - ok
14:15:38.0002 0x0d38 FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:15:38.0025 0x0d38 FltMgr - ok
14:15:38.0131 0x0d38 FontCache C:\Windows\system32\FntCache.dll
14:15:38.0205 0x0d38 FontCache - ok
14:15:38.0265 0x0d38 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:15:38.0281 0x0d38 FontCache3.0.0.0 - ok
14:15:38.0312 0x0d38 Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:15:38.0382 0x0d38 Fs_Rec - ok
14:15:38.0416 0x0d38 gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:15:38.0434 0x0d38 gagp30kx - ok
14:15:38.0583 0x0d38 GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
14:15:38.0605 0x0d38 GamesAppIntegrationService - ok
14:15:38.0687 0x0d38 GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
14:15:38.0711 0x0d38 GamesAppService - ok
14:15:38.0736 0x0d38 GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:38.0752 0x0d38 GEARAspiWDM - ok
14:15:38.0809 0x0d38 gpsvc C:\Windows\System32\gpsvc.dll
14:15:38.0903 0x0d38 gpsvc - ok
14:15:38.0957 0x0d38 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:15:39.0000 0x0d38 HdAudAddService - ok
14:15:39.0061 0x0d38 HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:15:39.0110 0x0d38 HDAudBus - ok
14:15:39.0140 0x0d38 HidBth C:\Windows\system32\drivers\hidbth.sys
14:15:39.0203 0x0d38 HidBth - ok
14:15:39.0244 0x0d38 HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:15:39.0309 0x0d38 HidIr - ok
14:15:39.0370 0x0d38 hidserv C:\Windows\System32\hidserv.dll
14:15:39.0387 0x0d38 hidserv - ok
14:15:39.0411 0x0d38 HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:15:39.0450 0x0d38 HidUsb - ok
14:15:39.0480 0x0d38 hkmsvc C:\Windows\system32\kmsvc.dll
14:15:39.0514 0x0d38 hkmsvc - ok
14:15:39.0578 0x0d38 HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:15:39.0588 0x0d38 HP Health Check Service - detected UnsignedFile.Multi.Generic ( 1 )
14:15:39.0792 0x0d38 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:15:40.0048 0x0d38 HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:15:40.0070 0x0d38 HpCISSs - ok
14:15:40.0140 0x0d38 hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:15:40.0157 0x0d38 hpdskflt - ok
14:15:40.0182 0x0d38 HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:15:40.0210 0x0d38 HpqKbFiltr - ok
14:15:40.0296 0x0d38 hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:15:40.0318 0x0d38 hpqwmiex - ok
14:15:40.0354 0x0d38 hpsrv C:\Windows\system32\Hpservice.exe
14:15:40.0372 0x0d38 hpsrv - ok
14:15:40.0422 0x0d38 HTTP C:\Windows\system32\drivers\HTTP.sys
14:15:40.0489 0x0d38 HTTP - ok
14:15:40.0507 0x0d38 i2omp C:\Windows\system32\drivers\i2omp.sys
14:15:40.0529 0x0d38 i2omp - ok
14:15:40.0614 0x0d38 i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:15:40.0691 0x0d38 i8042prt - ok
14:15:40.0727 0x0d38 iaStorV C:\Windows\system32\drivers\iastorv.sys
14:15:40.0750 0x0d38 iaStorV - ok
14:15:40.0791 0x0d38 IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:15:40.0819 0x0d38 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:15:40.0949 0x0d38 Detect skipped due to KSN trusted
14:15:40.0949 0x0d38 IDriverT - ok
14:15:41.0088 0x0d38 idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:15:41.0156 0x0d38 idsvc - ok
14:15:41.0172 0x0d38 iirsp C:\Windows\system32\drivers\iirsp.sys
14:15:41.0188 0x0d38 iirsp - ok
14:15:41.0267 0x0d38 IKEEXT C:\Windows\System32\ikeext.dll
14:15:41.0309 0x0d38 IKEEXT - ok
14:15:41.0361 0x0d38 intelide C:\Windows\system32\drivers\intelide.sys
14:15:41.0374 0x0d38 intelide - ok
14:15:41.0418 0x0d38 intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:15:41.0461 0x0d38 intelppm - ok
14:15:41.0490 0x0d38 IPBusEnum C:\Windows\system32\ipbusenum.dll
14:15:41.0539 0x0d38 IPBusEnum - ok
14:15:41.0561 0x0d38 IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:41.0611 0x0d38 IpFilterDriver - ok
14:15:41.0670 0x0d38 iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:15:41.0735 0x0d38 iphlpsvc - ok
14:15:41.0740 0x0d38 IpInIp - ok
14:15:41.0761 0x0d38 IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:15:41.0837 0x0d38 IPMIDRV - ok
14:15:41.0868 0x0d38 IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:15:41.0917 0x0d38 IPNAT - ok
14:15:42.0008 0x0d38 iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:15:42.0036 0x0d38 iPod Service - ok
14:15:42.0066 0x0d38 IRENUM C:\Windows\system32\drivers\irenum.sys
14:15:42.0117 0x0d38 IRENUM - ok
14:15:42.0140 0x0d38 isapnp C:\Windows\system32\drivers\isapnp.sys
14:15:42.0157 0x0d38 isapnp - ok
14:15:42.0229 0x0d38 iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:15:42.0253 0x0d38 iScsiPrt - ok
14:15:42.0260 0x0d38 iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:15:42.0277 0x0d38 iteatapi - ok
14:15:42.0295 0x0d38 iteraid C:\Windows\system32\drivers\iteraid.sys
14:15:42.0310 0x0d38 iteraid - ok
14:15:42.0367 0x0d38 JMCR C:\Windows\system32\DRIVERS\jmcr.sys
14:15:42.0430 0x0d38 JMCR - ok
14:15:42.0451 0x0d38 kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:42.0465 0x0d38 kbdclass - ok
14:15:42.0496 0x0d38 kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:42.0547 0x0d38 kbdhid - ok
14:15:42.0588 0x0d38 KeyIso C:\Windows\system32\lsass.exe
14:15:42.0604 0x0d38 KeyIso - ok
14:15:42.0648 0x0d38 KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:15:42.0675 0x0d38 KSecDD - ok
14:15:42.0752 0x0d38 KtmRm C:\Windows\system32\msdtckrm.dll
14:15:42.0813 0x0d38 KtmRm - ok
14:15:42.0847 0x0d38 LanmanServer C:\Windows\System32\srvsvc.dll
14:15:42.0891 0x0d38 LanmanServer - ok
14:15:42.0945 0x0d38 LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:15:42.0984 0x0d38 LanmanWorkstation - ok
14:15:43.0061 0x0d38 LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:15:43.0088 0x0d38 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
14:15:43.0213 0x0d38 Detect skipped due to KSN trusted
14:15:43.0213 0x0d38 LightScribeService - ok
14:15:43.0295 0x0d38 lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:15:43.0329 0x0d38 lltdio - ok
14:15:43.0363 0x0d38 lltdsvc C:\Windows\System32\lltdsvc.dll
14:15:43.0427 0x0d38 lltdsvc - ok
14:15:43.0458 0x0d38 lmhosts C:\Windows\System32\lmhsvc.dll
14:15:43.0534 0x0d38 lmhosts - ok
14:15:43.0566 0x0d38 LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:15:43.0584 0x0d38 LSI_FC - ok
14:15:43.0598 0x0d38 LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:15:43.0617 0x0d38 LSI_SAS - ok
14:15:43.0626 0x0d38 LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:15:43.0646 0x0d38 LSI_SCSI - ok
14:15:43.0654 0x0d38 luafv C:\Windows\system32\drivers\luafv.sys
14:15:43.0709 0x0d38 luafv - ok
14:15:43.0725 0x0d38 Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:15:43.0757 0x0d38 Mcx2Svc - ok
14:15:43.0871 0x0d38 MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:15:43.0912 0x0d38 MDM - detected UnsignedFile.Multi.Generic ( 1 )
14:15:44.0038 0x0d38 MDM ( UnsignedFile.Multi.Generic ) - warning
14:15:44.0241 0x0d38 megasas C:\Windows\system32\drivers\megasas.sys
14:15:44.0258 0x0d38 megasas - ok
14:15:44.0322 0x0d38 MegaSR C:\Windows\system32\drivers\megasr.sys
14:15:44.0352 0x0d38 MegaSR - ok
14:15:44.0372 0x0d38 MMCSS C:\Windows\system32\mmcss.dll
14:15:44.0408 0x0d38 MMCSS - ok
14:15:44.0423 0x0d38 Modem C:\Windows\system32\drivers\modem.sys
14:15:44.0469 0x0d38 Modem - ok
14:15:44.0509 0x0d38 monitor C:\Windows\system32\DRIVERS\monitor.sys
14:15:44.0559 0x0d38 monitor - ok
14:15:44.0600 0x0d38 mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:15:44.0615 0x0d38 mouclass - ok
14:15:44.0630 0x0d38 mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:15:44.0658 0x0d38 mouhid - ok
14:15:44.0667 0x0d38 MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:15:44.0682 0x0d38 MountMgr - ok
14:15:44.0733 0x0d38 MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:15:44.0749 0x0d38 MozillaMaintenance - ok
14:15:44.0794 0x0d38 MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:15:44.0817 0x0d38 MpFilter - ok
14:15:44.0864 0x0d38 mpio C:\Windows\system32\drivers\mpio.sys
14:15:44.0880 0x0d38 mpio - ok
14:15:45.0005 0x0d38 MpKsl6f70057b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B08972B-C9F1-46EC-BD87-35D7A7D6393B}\MpKsl6f70057b.sys
14:15:45.0026 0x0d38 MpKsl6f70057b - ok
14:15:45.0042 0x0d38 mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:15:45.0070 0x0d38 mpsdrv - ok
14:15:45.0185 0x0d38 MpsSvc C:\Windows\system32\mpssvc.dll
14:15:45.0275 0x0d38 MpsSvc - ok
14:15:45.0307 0x0d38 Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:15:45.0324 0x0d38 Mraid35x - ok
14:15:45.0357 0x0d38 MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:15:45.0404 0x0d38 MRxDAV - ok
14:15:45.0453 0x0d38 mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:45.0488 0x0d38 mrxsmb - ok
14:15:45.0538 0x0d38 mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:45.0565 0x0d38 mrxsmb10 - ok
14:15:45.0582 0x0d38 mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:45.0602 0x0d38 mrxsmb20 - ok
14:15:45.0635 0x0d38 msahci C:\Windows\system32\drivers\msahci.sys
14:15:45.0654 0x0d38 msahci - ok
14:15:45.0671 0x0d38 msdsm C:\Windows\system32\drivers\msdsm.sys
14:15:45.0691 0x0d38 msdsm - ok
14:15:45.0714 0x0d38 MSDTC C:\Windows\System32\msdtc.exe
14:15:45.0768 0x0d38 MSDTC - ok
14:15:45.0815 0x0d38 Msfs C:\Windows\system32\drivers\Msfs.sys
14:15:45.0843 0x0d38 Msfs - ok
14:15:45.0902 0x0d38 msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:15:45.0917 0x0d38 msisadrv - ok
14:15:45.0948 0x0d38 MSiSCSI C:\Windows\system32\iscsiexe.dll
14:15:45.0980 0x0d38 MSiSCSI - ok
14:15:45.0985 0x0d38 msiserver - ok
14:15:46.0027 0x0d38 MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:15:46.0076 0x0d38 MSKSSRV - ok
14:15:46.0134 0x0d38 MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:15:46.0151 0x0d38 MsMpSvc - ok
14:15:46.0204 0x0d38 MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:46.0259 0x0d38 MSPCLOCK - ok
14:15:46.0289 0x0d38 MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:15:46.0340 0x0d38 MSPQM - ok
14:15:46.0385 0x0d38 MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:15:46.0407 0x0d38 MsRPC - ok
14:15:46.0423 0x0d38 mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:15:46.0441 0x0d38 mssmbios - ok
14:15:46.0462 0x0d38 MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:15:46.0522 0x0d38 MSTEE - ok
14:15:46.0549 0x0d38 Mup C:\Windows\system32\Drivers\mup.sys
14:15:46.0568 0x0d38 Mup - ok
14:15:46.0615 0x0d38 napagent C:\Windows\system32\qagentRT.dll
14:15:46.0687 0x0d38 napagent - ok
14:15:46.0740 0x0d38 NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:15:46.0785 0x0d38 NativeWifiP - ok
14:15:46.0839 0x0d38 NDIS C:\Windows\system32\drivers\ndis.sys
14:15:46.0871 0x0d38 NDIS - ok
14:15:46.0894 0x0d38 NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:46.0944 0x0d38 NdisTapi - ok
14:15:46.0969 0x0d38 Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:47.0013 0x0d38 Ndisuio - ok
14:15:47.0060 0x0d38 NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:47.0096 0x0d38 NdisWan - ok
14:15:47.0104 0x0d38 NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:15:47.0168 0x0d38 NDProxy - ok
14:15:47.0188 0x0d38 NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:15:47.0239 0x0d38 NetBIOS - ok
14:15:47.0288 0x0d38 netbt C:\Windows\system32\DRIVERS\netbt.sys
14:15:47.0340 0x0d38 netbt - ok
14:15:47.0357 0x0d38 Netlogon C:\Windows\system32\lsass.exe
14:15:47.0373 0x0d38 Netlogon - ok
14:15:47.0406 0x0d38 Netman C:\Windows\System32\netman.dll
14:15:47.0442 0x0d38 Netman - ok
14:15:47.0474 0x0d38 NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:47.0494 0x0d38 NetMsmqActivator - ok
14:15:47.0509 0x0d38 NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:47.0528 0x0d38 NetPipeActivator - ok
14:15:47.0562 0x0d38 netprofm C:\Windows\System32\netprofm.dll
14:15:47.0599 0x0d38 netprofm - ok
14:15:47.0608 0x0d38 NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:47.0627 0x0d38 NetTcpActivator - ok
14:15:47.0636 0x0d38 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:47.0656 0x0d38 NetTcpPortSharing - ok
14:15:47.0811 0x0d38 NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
14:15:47.0982 0x0d38 NETw3v32 - ok
14:15:48.0010 0x0d38 nfrd960 C:\Windows\system32\drivers\nfrd960.sys
Vervolg in het 2e berichtje

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Geen geluid meer en fout melding in WMP

Ton

Ton

fazantje

Ton

fazantje

Ton

fazantje

Ton

Ben

Ton