antivirus.startpagina.nl

volgens Ziggo zou deze pc geïnfecteerd zijn met Citadel/Dorifel

  • Anonymous avatar

    lg

    Na aan uw schoonmaak plan te heben voldaan hierbij de scans

    Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

    Databaseversie: v2012.08.30.03

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Freek en Donna :: FREEKENDONNA-PC

    1-9-2012 13:58:22

    mbam-log-2012-09-01 (13-58-22).txt

    Scantype: Snelle scan

    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scanopties: P2P

    Objecten gescand: 211907

    Verstreken tijd: 4 minuut/minuten, 31 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 14:10:44, on 1-9-2012

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16448)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    C:\Windows\vsnpstd.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Users\Freek en Donna\Desktop\HijackThis.exe

    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

    O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

    O4 - HKLM\..\Run: C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-21-3656271810-2278368227-2037858192-1001\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3656271810-2278368227-2037858192-1001\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    End of file - 6505 bytes

    LG

  • Anonymous avatar

    Ben

    Hallo,

    We gaan even verder kijken;

    Download TDSSKStarter naar het bureaublad.

    "TDSSKStarter.exe" gebruiken:

    Sluit nu eerst alle nog openstaande programmavensters!

    Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe

    (hier of hier) kan je lezen hoe je dat doet.

    Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".

    Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.

    Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.

    Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.

    Gr.Ben

    Antivirusprikbord.nl

  • Anonymous avatar

    lg

    Zoals gevraagd

    12:32:16.0099 2732 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

    12:32:16.0099 2732 ============================================================

    12:32:16.0099 2732 Current date / time: 2012/09/02 12:32:16.0099

    12:32:16.0099 2732 SystemInfo:

    12:32:16.0099 2732

    12:32:16.0099 2732 OS Version: 6.1.7601 ServicePack: 1.0

    12:32:16.0099 2732 Product type: Workstation

    12:32:16.0099 2732 ComputerName: FREEKENDONNA-PC

    12:32:16.0099 2732 UserName: Freek en Donna

    12:32:16.0099 2732 Windows directory: C:\Windows

    12:32:16.0099 2732 System windows directory: C:\Windows

    12:32:16.0099 2732 Processor architecture: Intel x86

    12:32:16.0099 2732 Number of processors: 2

    12:32:16.0099 2732 Page size: 0x1000

    12:32:16.0099 2732 Boot type: Normal boot

    12:32:16.0099 2732 ============================================================

    12:32:19.0521 2732 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050

    12:32:19.0724 2732 ============================================================

    12:32:19.0724 2732 \Device\Harddisk0\DR0:

    12:32:19.0724 2732 MBR partitions:

    12:32:19.0724 2732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x24B44351

    12:32:19.0724 2732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x26346800, BlocksNum 0x24511000

    12:32:19.0724 2732 ============================================================

    12:32:19.0787 2732 C: <-> \Device\Harddisk0\DR0\Partition1

    12:32:19.0958 2732 D: <-> \Device\Harddisk0\DR0\Partition2

    12:32:19.0958 2732 ============================================================

    12:32:19.0958 2732 Initialize success

    12:32:19.0958 2732 ============================================================

    12:32:20.0052 0860 ============================================================

    12:32:20.0052 0860 Scan started

    12:32:20.0052 0860 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;

    12:32:20.0052 0860 ============================================================

    12:32:21.0787 0860 ================ Scan system memory ========================

    12:32:21.0787 0860 ================ Scan services =============================

    12:32:21.0896 0860 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    12:32:22.0396 0860 ACPI C:\Windows\system32\drivers\ACPI.sys

    12:32:22.0474 0860 AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    12:32:22.0583 0860 AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    12:32:22.0630 0860 AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    12:32:22.0708 0860 adp94xx C:\Windows\system32\drivers\adp94xx.sys

    12:32:22.0740 0860 adpahci C:\Windows\system32\drivers\adpahci.sys

    12:32:22.0771 0860 adpu320 C:\Windows\system32\drivers\adpu320.sys

    12:32:22.0802 0860 AeLookupSvc C:\Windows\System32\aelupsvc.dll

    12:32:22.0927 0860 AFD C:\Windows\system32\drivers\afd.sys

    12:32:22.0974 0860 agp440 C:\Windows\system32\drivers\agp440.sys

    12:32:23.0005 0860 aic78xx C:\Windows\system32\drivers\djsvs.sys

    12:32:23.0037 0860 ALG C:\Windows\System32\alg.exe

    12:32:23.0083 0860 aliide C:\Windows\system32\drivers\aliide.sys

    12:32:23.0099 0860 amdagp C:\Windows\system32\drivers\amdagp.sys

    12:32:23.0115 0860 amdide C:\Windows\system32\drivers\amdide.sys

    12:32:23.0130 0860 AmdK8 C:\Windows\system32\drivers\amdk8.sys

    12:32:23.0146 0860 AmdPPM C:\Windows\system32\drivers\amdppm.sys

    12:32:23.0193 0860 amdsata C:\Windows\system32\drivers\amdsata.sys

    12:32:23.0208 0860 amdsbs C:\Windows\system32\drivers\amdsbs.sys

    12:32:23.0224 0860 amdxata C:\Windows\system32\drivers\amdxata.sys

    12:32:23.0255 0860 AppID C:\Windows\system32\drivers\appid.sys

    12:32:23.0302 0860 AppIDSvc C:\Windows\System32\appidsvc.dll

    12:32:23.0333 0860 Appinfo C:\Windows\System32\appinfo.dll

    12:32:23.0396 0860 AppMgmt C:\Windows\System32\appmgmts.dll

    12:32:23.0443 0860 arc C:\Windows\system32\drivers\arc.sys

    12:32:23.0474 0860 arcsas C:\Windows\system32\drivers\arcsas.sys

    12:32:23.0490 0860 AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    12:32:23.0568 0860 atapi C:\Windows\system32\drivers\atapi.sys

    12:32:23.0599 0860 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    12:32:23.0646 0860 Audiosrv C:\Windows\System32\Audiosrv.dll

    12:32:23.0693 0860 AxInstSV C:\Windows\System32\AxInstSV.dll

    12:32:23.0740 0860 b06bdrv C:\Windows\system32\drivers\bxvbdx.sys

    12:32:23.0787 0860 b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

    12:32:23.0818 0860 BDESVC C:\Windows\System32\bdesvc.dll

    12:32:23.0865 0860 Beep C:\Windows\system32\drivers\Beep.sys

    12:32:23.0927 0860 BFE C:\Windows\System32\bfe.dll

    12:32:24.0005 0860 BITS C:\Windows\System32\qmgr.dll

    12:32:24.0068 0860 blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    12:32:24.0115 0860 bowser C:\Windows\system32\DRIVERS\bowser.sys

    12:32:24.0146 0860 BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

    12:32:24.0162 0860 BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

    12:32:24.0193 0860 Browser C:\Windows\System32\browser.dll

    12:32:24.0240 0860 Brserid C:\Windows\System32\Drivers\Brserid.sys

    12:32:24.0271 0860 BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    12:32:24.0287 0860 BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    12:32:24.0302 0860 BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    12:32:24.0349 0860 BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

    12:32:24.0396 0860 bthserv C:\Windows\system32\bthserv.dll

    12:32:24.0474 0860 cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    12:32:24.0552 0860 cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    12:32:24.0583 0860 CertPropSvc C:\Windows\System32\certprop.dll

    12:32:24.0630 0860 circlass C:\Windows\system32\drivers\circlass.sys

    12:32:24.0662 0860 CLFS C:\Windows\system32\CLFS.sys

    12:32:24.0724 0860 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    12:32:24.0787 0860 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    12:32:24.0802 0860 CmBatt C:\Windows\system32\drivers\CmBatt.sys

    12:32:24.0818 0860 cmdide C:\Windows\system32\drivers\cmdide.sys

    12:32:24.0849 0860 CNG C:\Windows\system32\Drivers\cng.sys

    12:32:24.0880 0860 Compbatt C:\Windows\system32\drivers\compbatt.sys

    12:32:24.0912 0860 CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

    12:32:24.0943 0860 crcdisk C:\Windows\system32\drivers\crcdisk.sys

    12:32:24.0974 0860 CryptSvc C:\Windows\system32\cryptsvc.dll

    12:32:25.0021 0860 CSC C:\Windows\system32\drivers\csc.sys

    12:32:25.0083 0860 CscService C:\Windows\System32\cscsvc.dll

    12:32:25.0130 0860 DcomLaunch C:\Windows\system32\rpcss.dll

    12:32:25.0193 0860 defragsvc C:\Windows\System32\defragsvc.dll

    12:32:25.0240 0860 DfsC C:\Windows\system32\Drivers\dfsc.sys

    12:32:25.0287 0860 Dhcp C:\Windows\system32\dhcpcore.dll

    12:32:25.0349 0860 discache C:\Windows\system32\drivers\discache.sys

    12:32:25.0396 0860 Disk C:\Windows\system32\drivers\disk.sys

    12:32:25.0427 0860 dmvsc C:\Windows\system32\drivers\dmvsc.sys

    12:32:25.0505 0860 Dnscache C:\Windows\System32\dnsrslvr.dll

    12:32:25.0552 0860 dot3svc C:\Windows\System32\dot3svc.dll

    12:32:25.0599 0860 DPS C:\Windows\system32\dps.dll

    12:32:25.0708 0860 drmkaud C:\Windows\system32\drivers\drmkaud.sys

    12:32:25.0880 0860 DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    12:32:25.0958 0860 EapHost C:\Windows\System32\eapsvc.dll

    12:32:26.0115 0860 ebdrv C:\Windows\system32\drivers\evbdx.sys

    12:32:26.0240 0860 EFS C:\Windows\System32\lsass.exe

    12:32:26.0302 0860 ehRecvr C:\Windows\ehome\ehRecvr.exe

    12:32:26.0380 0860 ehSched C:\Windows\ehome\ehsched.exe

    12:32:26.0427 0860 elxstor C:\Windows\system32\drivers\elxstor.sys

    12:32:26.0458 0860 ErrDev C:\Windows\system32\drivers\errdev.sys

    12:32:26.0505 0860 EventSystem C:\Windows\system32\es.dll

    12:32:26.0552 0860 exfat C:\Windows\system32\drivers\exfat.sys

    12:32:26.0599 0860 fastfat C:\Windows\system32\drivers\fastfat.sys

    12:32:26.0662 0860 Fax C:\Windows\system32\fxssvc.exe

    12:32:26.0693 0860 fdc C:\Windows\system32\drivers\fdc.sys

    12:32:26.0724 0860 fdPHost C:\Windows\system32\fdPHost.dll

    12:32:26.0771 0860 FDResPub C:\Windows\system32\fdrespub.dll

    12:32:26.0802 0860 FileInfo C:\Windows\system32\drivers\fileinfo.sys

    12:32:26.0849 0860 Filetrace C:\Windows\system32\drivers\filetrace.sys

    12:32:26.0896 0860 flpydisk C:\Windows\system32\drivers\flpydisk.sys

    12:32:26.0927 0860 FltMgr C:\Windows\system32\drivers\fltmgr.sys

    12:32:26.0974 0860 FontCache C:\Windows\system32\FntCache.dll

    12:32:27.0068 0860 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    12:32:27.0099 0860 FsDepends C:\Windows\system32\drivers\FsDepends.sys

    12:32:27.0146 0860 Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    12:32:27.0177 0860 fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    12:32:27.0224 0860 gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

    12:32:27.0271 0860 gpsvc C:\Windows\System32\gpsvc.dll

    12:32:27.0412 0860 gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

    12:32:27.0443 0860 gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

    12:32:27.0490 0860 gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    12:32:27.0505 0860 hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    12:32:27.0568 0860 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    12:32:27.0599 0860 HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

    12:32:27.0630 0860 HidBatt C:\Windows\system32\drivers\HidBatt.sys

    12:32:27.0646 0860 HidBth C:\Windows\system32\drivers\hidbth.sys

    12:32:27.0693 0860 HidIr C:\Windows\system32\drivers\hidir.sys

    12:32:27.0724 0860 hidserv C:\Windows\system32\hidserv.dll

    12:32:27.0787 0860 HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    12:32:27.0818 0860 hkmsvc C:\Windows\system32\kmsvc.dll

    12:32:27.0865 0860 HomeGroupListener C:\Windows\system32\ListSvc.dll

    12:32:27.0912 0860 HomeGroupProvider C:\Windows\system32\provsvc.dll

    12:32:27.0958 0860 HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    12:32:27.0990 0860 HTTP C:\Windows\system32\drivers\HTTP.sys

    12:32:28.0037 0860 hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    12:32:28.0083 0860 i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

    12:32:28.0115 0860 iaStorV C:\Windows\system32\drivers\iaStorV.sys

    12:32:28.0177 0860 idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

    12:32:28.0224 0860 iirsp C:\Windows\system32\drivers\iirsp.sys

    12:32:28.0255 0860 IKEEXT C:\Windows\System32\ikeext.dll

    12:32:28.0396 0860 IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

    12:32:28.0474 0860 intelide C:\Windows\system32\drivers\intelide.sys

    12:32:28.0505 0860 intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    12:32:28.0552 0860 IPBusEnum C:\Windows\system32\ipbusenum.dll

    12:32:28.0615 0860 IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    12:32:28.0677 0860 iphlpsvc C:\Windows\System32\iphlpsvc.dll

    12:32:28.0724 0860 IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    12:32:28.0740 0860 IPNAT C:\Windows\system32\drivers\ipnat.sys

    12:32:28.0787 0860 IRENUM C:\Windows\system32\drivers\irenum.sys

    12:32:28.0802 0860 isapnp C:\Windows\system32\drivers\isapnp.sys

    12:32:28.0849 0860 iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    12:32:28.0896 0860 kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

    12:32:28.0927 0860 kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

    12:32:28.0943 0860 KeyIso C:\Windows\system32\lsass.exe

    12:32:28.0974 0860 KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    12:32:29.0021 0860 KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    12:32:29.0099 0860 KtmRm C:\Windows\system32\msdtckrm.dll

    12:32:29.0177 0860 LanmanServer C:\Windows\system32\srvsvc.dll

    12:32:29.0224 0860 LanmanWorkstation C:\Windows\System32\wkssvc.dll

    12:32:29.0287 0860 lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    12:32:29.0333 0860 lltdsvc C:\Windows\System32\lltdsvc.dll

    12:32:29.0380 0860 lmhosts C:\Windows\System32\lmhsvc.dll

    12:32:29.0427 0860 LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

    12:32:29.0443 0860 LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

    12:32:29.0474 0860 LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

    12:32:29.0490 0860 LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

    12:32:29.0521 0860 luafv C:\Windows\system32\drivers\luafv.sys

    12:32:29.0568 0860 Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    12:32:29.0615 0860 megasas C:\Windows\system32\drivers\megasas.sys

    12:32:29.0646 0860 MegaSR C:\Windows\system32\drivers\MegaSR.sys

    12:32:29.0677 0860 MMCSS C:\Windows\system32\mmcss.dll

    12:32:29.0708 0860 Modem C:\Windows\system32\drivers\modem.sys

    12:32:29.0771 0860 monitor C:\Windows\system32\DRIVERS\monitor.sys

    12:32:29.0802 0860 mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    12:32:29.0833 0860 mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    12:32:29.0865 0860 mountmgr C:\Windows\system32\drivers\mountmgr.sys

    12:32:29.0896 0860 MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

    12:32:29.0927 0860 mpio C:\Windows\system32\drivers\mpio.sys

    12:32:29.0958 0860 mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    12:32:30.0021 0860 MpsSvc C:\Windows\system32\mpssvc.dll

    12:32:30.0099 0860 MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    12:32:30.0146 0860 mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    12:32:30.0177 0860 mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    12:32:30.0208 0860 mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    12:32:30.0240 0860 msahci C:\Windows\system32\drivers\msahci.sys

    12:32:30.0255 0860 msdsm C:\Windows\system32\drivers\msdsm.sys

    12:32:30.0287 0860 MSDTC C:\Windows\System32\msdtc.exe

    12:32:30.0318 0860 Msfs C:\Windows\system32\drivers\Msfs.sys

    12:32:30.0380 0860 mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    12:32:30.0443 0860 msisadrv C:\Windows\system32\drivers\msisadrv.sys

    12:32:30.0490 0860 MSiSCSI C:\Windows\system32\iscsiexe.dll

    12:32:30.0537 0860 MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    12:32:30.0599 0860 MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

    12:32:30.0615 0860 MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    12:32:30.0693 0860 MSPQM C:\Windows\system32\drivers\MSPQM.sys

    12:32:30.0755 0860 MsRPC C:\Windows\system32\drivers\MsRPC.sys

    12:32:30.0802 0860 mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

    12:32:30.0818 0860 MSTEE C:\Windows\system32\drivers\MSTEE.sys

    12:32:30.0865 0860 MTConfig C:\Windows\system32\drivers\MTConfig.sys

    12:32:30.0896 0860 Mup C:\Windows\system32\Drivers\mup.sys

    12:32:30.0927 0860 napagent C:\Windows\system32\qagentRT.dll

    12:32:30.0990 0860 NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    12:32:31.0021 0860 NDIS C:\Windows\system32\drivers\ndis.sys

    12:32:31.0162 0860 NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    12:32:31.0302 0860 NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    12:32:31.0318 0860 Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    12:32:31.0349 0860 NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    12:32:31.0396 0860 NDProxy C:\Windows\system32\drivers\NDProxy.sys

    12:32:31.0505 0860 Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    12:32:31.0568 0860 NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    12:32:31.0615 0860 NetBT C:\Windows\system32\DRIVERS\netbt.sys

    12:32:31.0646 0860 Netlogon C:\Windows\system32\lsass.exe

    12:32:31.0708 0860 Netman C:\Windows\System32\netman.dll

    12:32:31.0755 0860 netprofm C:\Windows\System32\netprofm.dll

    12:32:31.0802 0860 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

    12:32:31.0865 0860 nfrd960 C:\Windows\system32\drivers\nfrd960.sys

    12:32:31.0912 0860 NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    12:32:31.0927 0860 NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

    12:32:31.0958 0860 NlaSvc C:\Windows\System32\nlasvc.dll

    12:32:32.0052 0860 NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    12:32:32.0115 0860 Npfs C:\Windows\system32\drivers\Npfs.sys

    12:32:32.0162 0860 nsi C:\Windows\system32\nsisvc.dll

    12:32:32.0208 0860 nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    12:32:32.0287 0860 Ntfs C:\Windows\system32\drivers\Ntfs.sys

    12:32:32.0365 0860 Null C:\Windows\system32\drivers\Null.sys

    12:32:32.0630 0860 nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

    12:32:32.0833 0860 nvraid C:\Windows\system32\drivers\nvraid.sys

    12:32:32.0896 0860 nvstor C:\Windows\system32\drivers\nvstor.sys

    12:32:32.0974 0860 nvsvc C:\Windows\system32\nvvsvc.exe

    12:32:33.0068 0860 nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    12:32:33.0193 0860 nv_agp C:\Windows\system32\drivers\nv_agp.sys

    12:32:33.0255 0860 odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    12:32:33.0302 0860 ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    12:32:33.0365 0860 ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    12:32:33.0396 0860 p2pimsvc C:\Windows\system32\pnrpsvc.dll

    12:32:33.0458 0860 p2psvc C:\Windows\system32\p2psvc.dll

    12:32:33.0490 0860 Parport C:\Windows\system32\DRIVERS\parport.sys

    12:32:33.0537 0860 partmgr C:\Windows\system32\drivers\partmgr.sys

    12:32:33.0583 0860 Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

    12:32:33.0599 0860 PcaSvc C:\Windows\System32\pcasvc.dll

    12:32:33.0615 0860 pci C:\Windows\system32\drivers\pci.sys

    12:32:33.0646 0860 pciide C:\Windows\system32\drivers\pciide.sys

    12:32:33.0662 0860 pcmcia C:\Windows\system32\drivers\pcmcia.sys

    12:32:33.0693 0860 pcw C:\Windows\system32\drivers\pcw.sys

    12:32:33.0724 0860 PEAUTH C:\Windows\system32\drivers\peauth.sys

    12:32:33.0802 0860 PeerDistSvc C:\Windows\system32\peerdistsvc.dll

    12:32:33.0896 0860 pla C:\Windows\system32\pla.dll

    12:32:33.0990 0860 PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe

    12:32:34.0005 0860 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

    12:32:34.0005 0860 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

    12:32:34.0037 0860 PlugPlay C:\Windows\system32\umpnpmgr.dll

    12:32:34.0068 0860 PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    12:32:34.0099 0860 PNRPsvc C:\Windows\system32\pnrpsvc.dll

    12:32:34.0146 0860 PolicyAgent C:\Windows\System32\ipsecsvc.dll

    12:32:34.0193 0860 Power C:\Windows\system32\umpo.dll

    12:32:34.0271 0860 PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    12:32:34.0302 0860 Processor C:\Windows\system32\drivers\processr.sys

    12:32:34.0349 0860 ProfSvc C:\Windows\system32\profsvc.dll

    12:32:34.0396 0860 ProtectedStorage C:\Windows\system32\lsass.exe

    12:32:34.0443 0860 Psched C:\Windows\system32\DRIVERS\pacer.sys

    12:32:34.0505 0860 ql2300 C:\Windows\system32\drivers\ql2300.sys

    12:32:34.0583 0860 ql40xx C:\Windows\system32\drivers\ql40xx.sys

    12:32:34.0615 0860 QWAVE C:\Windows\system32\qwave.dll

    12:32:34.0646 0860 QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    12:32:34.0677 0860 RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    12:32:34.0740 0860 RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    12:32:34.0771 0860 RasAuto C:\Windows\System32\rasauto.dll

    12:32:34.0818 0860 Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    12:32:34.0865 0860 RasMan C:\Windows\System32\rasmans.dll

    12:32:34.0927 0860 RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    12:32:35.0005 0860 RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    12:32:35.0037 0860 rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    12:32:35.0083 0860 rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    12:32:35.0099 0860 RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    12:32:35.0162 0860 RDPDR C:\Windows\system32\drivers\rdpdr.sys

    12:32:35.0193 0860 RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    12:32:35.0240 0860 RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    12:32:35.0287 0860 RDPWD C:\Windows\system32\drivers\RDPWD.sys

    12:32:35.0333 0860 rdyboost C:\Windows\system32\drivers\rdyboost.sys

    12:32:35.0365 0860 RemoteAccess C:\Windows\System32\mprdim.dll

    12:32:35.0427 0860 RemoteRegistry C:\Windows\system32\regsvc.dll

    12:32:35.0490 0860 RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    12:32:35.0537 0860 RpcLocator C:\Windows\system32\locator.exe

    12:32:35.0568 0860 RpcSs C:\Windows\system32\rpcss.dll

    12:32:35.0615 0860 rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    12:32:35.0677 0860 RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

    12:32:35.0708 0860 s3cap C:\Windows\system32\drivers\vms3cap.sys

    12:32:35.0771 0860 SamSs C:\Windows\system32\lsass.exe

    12:32:35.0833 0860 sbp2port C:\Windows\system32\drivers\sbp2port.sys

    12:32:35.0849 0860 SCardSvr C:\Windows\System32\SCardSvr.dll

    12:32:35.0927 0860 scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    12:32:35.0990 0860 Schedule C:\Windows\system32\schedsvc.dll

    12:32:36.0052 0860 SCPolicySvc C:\Windows\System32\certprop.dll

    12:32:36.0115 0860 SDRSVC C:\Windows\System32\SDRSVC.dll

    12:32:36.0162 0860 secdrv C:\Windows\system32\drivers\secdrv.sys

    12:32:36.0208 0860 seclogon C:\Windows\system32\seclogon.dll

    12:32:36.0255 0860 SENS C:\Windows\System32\sens.dll

    12:32:36.0380 0860 SensrSvc C:\Windows\system32\sensrsvc.dll

    12:32:36.0568 0860 Serenum C:\Windows\system32\DRIVERS\serenum.sys

    12:32:36.0662 0860 Serial C:\Windows\system32\DRIVERS\serial.sys

    12:32:36.0693 0860 sermouse C:\Windows\system32\drivers\sermouse.sys

    12:32:36.0724 0860 SessionEnv C:\Windows\system32\sessenv.dll

    12:32:36.0755 0860 sffdisk C:\Windows\system32\drivers\sffdisk.sys

    12:32:36.0787 0860 sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    12:32:36.0802 0860 sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    12:32:36.0833 0860 sfloppy C:\Windows\system32\drivers\sfloppy.sys

    12:32:36.0865 0860 SharedAccess C:\Windows\System32\ipnathlp.dll

    12:32:36.0974 0860 ShellHWDetection C:\Windows\System32\shsvcs.dll

    12:32:37.0021 0860 sisagp C:\Windows\system32\drivers\sisagp.sys

    12:32:37.0037 0860 SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

    12:32:37.0068 0860 SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

    12:32:37.0115 0860 Smb C:\Windows\system32\DRIVERS\smb.sys

    12:32:37.0177 0860 SNMPTRAP C:\Windows\System32\snmptrap.exe

    12:32:37.0240 0860 snpstd C:\Windows\system32\DRIVERS\snpstd.sys

    12:32:37.0318 0860 spldr C:\Windows\system32\drivers\spldr.sys

    12:32:37.0412 0860 Spooler C:\Windows\System32\spoolsv.exe

    12:32:37.0802 0860 sppsvc C:\Windows\system32\sppsvc.exe

    12:32:37.0974 0860 sppuinotify C:\Windows\system32\sppuinotify.dll

    12:32:38.0177 0860 srv C:\Windows\system32\DRIVERS\srv.sys

    12:32:38.0365 0860 srv2 C:\Windows\system32\DRIVERS\srv2.sys

    12:32:38.0427 0860 srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    12:32:38.0505 0860 SSDPSRV C:\Windows\System32\ssdpsrv.dll

    12:32:38.0615 0860 SstpSvc C:\Windows\system32\sstpsvc.dll

    12:32:38.0771 0860 Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    12:32:38.0818 0860 stexstor C:\Windows\system32\drivers\stexstor.sys

    12:32:38.0833 0860 StiSvc C:\Windows\System32\wiaservc.dll

    12:32:38.0896 0860 storflt C:\Windows\system32\drivers\vmstorfl.sys

    12:32:38.0927 0860 StorSvc C:\Windows\system32\storsvc.dll

    12:32:38.0974 0860 storvsc C:\Windows\system32\drivers\storvsc.sys

    12:32:38.0990 0860 swenum C:\Windows\system32\DRIVERS\swenum.sys

    12:32:39.0021 0860 swprv C:\Windows\System32\swprv.dll

    12:32:39.0083 0860 SysMain C:\Windows\system32\sysmain.dll

    12:32:39.0146 0860 TabletInputService C:\Windows\System32\TabSvc.dll

    12:32:39.0208 0860 TapiSrv C:\Windows\System32\tapisrv.dll

    12:32:39.0255 0860 TBS C:\Windows\System32\tbssvc.dll

    12:32:39.0318 0860 Tcpip C:\Windows\system32\drivers\tcpip.sys

    12:32:39.0380 0860 TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    12:32:39.0443 0860 tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    12:32:39.0490 0860 TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    12:32:39.0552 0860 TDTCP C:\Windows\system32\drivers\tdtcp.sys

    12:32:39.0568 0860 tdx C:\Windows\system32\DRIVERS\tdx.sys

    12:32:39.0599 0860 TermDD C:\Windows\system32\DRIVERS\termdd.sys

    12:32:39.0630 0860 TermService C:\Windows\System32\termsrv.dll

    12:32:39.0724 0860 Themes C:\Windows\system32\themeservice.dll

    12:32:39.0787 0860 THREADORDER C:\Windows\system32\mmcss.dll

    12:32:39.0833 0860 TrkWks C:\Windows\System32\trkwks.dll

    12:32:39.0943 0860 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    12:32:40.0005 0860 tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    12:32:40.0052 0860 TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    12:32:40.0115 0860 TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

    12:32:40.0162 0860 tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    12:32:40.0193 0860 uagp35 C:\Windows\system32\drivers\uagp35.sys

    12:32:40.0208 0860 udfs C:\Windows\system32\DRIVERS\udfs.sys

    12:32:40.0271 0860 UI0Detect C:\Windows\system32\UI0Detect.exe

    12:32:40.0333 0860 uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    12:32:40.0380 0860 umbus C:\Windows\system32\DRIVERS\umbus.sys

    12:32:40.0396 0860 UmPass C:\Windows\system32\drivers\umpass.sys

    12:32:40.0443 0860 UmRdpService C:\Windows\System32\umrdp.dll

    12:32:40.0474 0860 upnphost C:\Windows\System32\upnphost.dll

    12:32:40.0537 0860 usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    12:32:40.0568 0860 usbcir C:\Windows\system32\drivers\usbcir.sys

    12:32:40.0599 0860 usbehci C:\Windows\system32\drivers\usbehci.sys

    12:32:40.0630 0860 usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    12:32:40.0662 0860 usbohci C:\Windows\system32\drivers\usbohci.sys

    12:32:40.0693 0860 usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    12:32:40.0724 0860 usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    12:32:40.0755 0860 USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

    12:32:40.0787 0860 usbuhci C:\Windows\system32\drivers\usbuhci.sys

    12:32:40.0849 0860 UxSms C:\Windows\System32\uxsms.dll

    12:32:40.0912 0860 VaultSvc C:\Windows\system32\lsass.exe

    12:32:40.0943 0860 vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    12:32:40.0990 0860 vds C:\Windows\System32\vds.exe

    12:32:41.0099 0860 vga C:\Windows\system32\DRIVERS\vgapnp.sys

    12:32:41.0130 0860 VgaSave C:\Windows\System32\drivers\vga.sys

    12:32:41.0162 0860 vhdmp C:\Windows\system32\drivers\vhdmp.sys

    12:32:41.0193 0860 viaagp C:\Windows\system32\drivers\viaagp.sys

    12:32:41.0208 0860 ViaC7 C:\Windows\system32\drivers\viac7.sys

    12:32:41.0240 0860 viaide C:\Windows\system32\drivers\viaide.sys

    12:32:41.0271 0860 vmbus C:\Windows\system32\drivers\vmbus.sys

    12:32:41.0287 0860 VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

    12:32:41.0318 0860 volmgr C:\Windows\system32\drivers\volmgr.sys

    12:32:41.0349 0860 volmgrx C:\Windows\system32\drivers\volmgrx.sys

    12:32:41.0365 0860 volsnap C:\Windows\system32\drivers\volsnap.sys

    12:32:41.0412 0860 vsmraid C:\Windows\system32\drivers\vsmraid.sys

    12:32:41.0443 0860 VSS C:\Windows\system32\vssvc.exe

    12:32:41.0521 0860 vwifibus C:\Windows\System32\drivers\vwifibus.sys

    12:32:41.0552 0860 W32Time C:\Windows\system32\w32time.dll

    12:32:41.0599 0860 WacomPen C:\Windows\system32\drivers\wacompen.sys

    12:32:41.0630 0860 WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    12:32:41.0662 0860 Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    12:32:41.0849 0860 WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    12:32:41.0990 0860 wbengine C:\Windows\system32\wbengine.exe

    12:32:42.0115 0860 WbioSrvc C:\Windows\System32\wbiosrvc.dll

    12:32:42.0240 0860 wcncsvc C:\Windows\System32\wcncsvc.dll

    12:32:42.0318 0860 WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    12:32:42.0380 0860 Wd C:\Windows\system32\drivers\wd.sys

    12:32:42.0396 0860 Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    12:32:42.0443 0860 WdiServiceHost C:\Windows\system32\wdi.dll

    12:32:42.0505 0860 WdiSystemHost C:\Windows\system32\wdi.dll

    12:32:42.0537 0860 WebClient C:\Windows\System32\webclnt.dll

    12:32:42.0568 0860 Wecsvc C:\Windows\system32\wecsvc.dll

    12:32:42.0630 0860 wercplsupport C:\Windows\System32\wercplsupport.dll

    12:32:42.0708 0860 WerSvc C:\Windows\System32\WerSvc.dll

    12:32:42.0771 0860 WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    12:32:42.0802 0860 WIMMount C:\Windows\system32\drivers\wimmount.sys

    12:32:42.0849 0860 WinDefend C:\Program Files\Windows Defender\mpsvc.dll

    12:32:42.0958 0860 Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    12:32:43.0052 0860 WinRM C:\Windows\system32\WsmSvc.dll

    12:32:43.0162 0860 Wlansvc C:\Windows\System32\wlansvc.dll

    12:32:43.0271 0860 wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    12:32:43.0349 0860 WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    12:32:43.0396 0860 wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    12:32:43.0474 0860 WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

    12:32:43.0568 0860 WPCSvc C:\Windows\System32\wpcsvc.dll

    12:32:43.0599 0860 WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    12:32:43.0646 0860 ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    12:32:43.0693 0860 wscsvc C:\Windows\System32\wscsvc.dll

    12:32:43.0802 0860 wuauserv C:\Windows\system32\wuaueng.dll

    12:32:43.0880 0860 WudfPf C:\Windows\system32\drivers\WudfPf.sys

    12:32:43.0943 0860 WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    12:32:43.0990 0860 wudfsvc C:\Windows\System32\WUDFSvc.dll

    12:32:44.0037 0860 WwanSvc C:\Windows\System32\wwansvc.dll

    12:32:44.0115 0860 ================ Scan global ===============================

    12:32:44.0130 0860 C:\Windows\system32\basesrv.dll

    12:32:44.0146 0860 C:\Windows\system32\winsrv.dll

    12:32:44.0162 0860 C:\Windows\system32\winsrv.dll

    12:32:44.0177 0860 C:\Windows\system32\sxssrv.dll

    12:32:44.0193 0860 C:\Windows\system32\services.exe

    12:32:44.0208 0860 ================ Scan MBR ==================================

    12:32:44.0208 0860 \Device\Harddisk0\DR0

    12:32:45.0005 0860 ================ Scan VBR ==================================

    12:32:45.0037 0860 \Device\Harddisk0\DR0\Partition1

    12:32:45.0083 0860 \Device\Harddisk0\DR0\Partition2

    12:32:45.0083 0860 ================ Scan UEFI extensions ======================

    12:32:45.0083 0860 ================ Scan active images ========================

    12:32:45.0083 0860 ============================================================

    12:32:45.0083 0860 Scan finished

    12:32:45.0083 0860 ============================================================

    12:32:45.0990 1064 Deinitialize success

    .

    ==============================================

    System Restore Point Check:

    .

    TDSSKiller Starter Restore Point Created Succesfully

    ==============================================

  • Anonymous avatar

    Ben

    Hallo,

    “zoek.exe” gebruiken

    Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.

    (hier of hier) kan je lezen hoe je dat doet.

    Download daarna zoek.exe naar het bureaublad.

    Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.

    Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.

    Vervolgens zal er na een tijdje een venster geopend worden.

    Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)

    Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:

    filesrcm;

    emptyclsid;

    emptyjava;

    emptyflash;

    startupall;

    Sluit nu eerst alle nog openstaande programmavensters!

    Klik nu op de knop "Run script".

    Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)

    Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    Post nu de inhoud van het geopende logje in het volgende bericht.

    Gr.Ben

    Antivirusprikbord.nl

  • Anonymous avatar

    lg

    Zoals gevraagd

    Zoek.exe Version 3.0.0.3 Updated 30-08-2012

    Tool run by Freek en Donna on ma 03-09-2012 at 18:50:05,73.

    Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86

    Running from: C:\Users\Freek en Donna\AppData\Local\Temp\zoek.exe

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\FREEKE~1\AppData\Local\Temp ====

    2012-08-29 11:38:36 8EC2A656042BFF1243C09FFD33F25496 894952 —-a-w- C:\Users\FREEKE~1\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

    ====== C:\Windows\system32 =====

    2012-09-01 12:03:43 FC07490794C92D3E359D05AE58FDA4EB 93672 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll

    ====== C:\Windows\system32\drivers =====

    2012-08-30 15:27:17 6DFE7F2E8E8A337263AA5C92A215F161 22344 —-a-w- C:\Windows\System32\drivers\mbam.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    2012-08-13 19:44:51 ——– d—–w- C:\Program Files\Windows Media Components

    2012-08-13 19:44:51 ——– d—–w- C:\Program Files\Mingjong

    2012-08-04 22:07:15 ——– d—–w- C:\Program Files\Belastingdienst

    ======= C: =====

    2012-08-30 15:44:08 19C7A5482CF6A5D39BE3B45705254589 1073 —-a-w- C:\AdwCleaner.txt

    2012-08-13 19:49:34 C129B9EEA1BD459B4F9ADB133B30E5EF 5242880 —-a-w- C:\CAPTURE.AVI

    ====== C:\Users\Freek en Donna\AppData\Roaming ======

    2012-08-30 15:42:40 DB2F9DAE057790EF9F24005BE5172C36 246058 —-a-w- C:\users\Freek en Donna\AppData\Local\census.cache

    2012-08-30 15:42:31 7F1A8DD2B8CAEE8B59A1090EBD47D73B 123920 —-a-w- C:\users\Freek en Donna\AppData\Local\ars.cache

    2012-08-30 15:38:10 34F2AC778FA3F46ADF0662C2DBB32134 36 —-a-w- C:\users\Freek en Donna\AppData\Local\housecall.guid.cache

    2012-08-15 12:39:44 ——– d—–w- C:\users\Freek en Donna\AppData\Local\CrashDumps

    2012-08-04 22:12:48 ——– d—–w- C:\users\Freek en Donna\AppData\Roaming\Belastingdienst

    ====== C:\Users\Freek en Donna ======

    ====== C: exe-files ==

    2012-09-02 10:31:52 7AD347718319D488FD9FE6D15DF8DCD6 93184 —-a-w- C:\Users\Freek en Donna\Downloads\TDSSKStarter.exe

    2012-09-01 12:06:25 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\Freek en Donna\Desktop\Spy\HijackThis.exe

    2012-09-01 12:05:44 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\Freek en Donna\Downloads\HijackThis.exe

    2012-08-30 15:38:18 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\bspatch.exe

    2012-08-30 15:38:11 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HCBackup\hcpackage.exe

    2012-08-29 11:38:36 8EC2A656042BFF1243C09FFD33F25496 894952 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

    === C: other files ==

    2012-09-01 12:03:43 FC07490794C92D3E359D05AE58FDA4EB 93672 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll

    2012-08-30 15:38:26 82337F9C52EDF268C4ED5DF450CE1910 486928 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\tscdll32.dll

    2012-08-30 15:38:26 5B0514235274FF4C84DC87DE7AF96294 91552 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\BPMNT.dll

    2012-08-30 15:38:26 53CB3D2A569106F08924BB4F2DAAE984 25600 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\MEMBOOT.DLL

    2012-08-30 15:38:26 050BB5AE62F1B9054DFB7D41250BBFBC 1824272 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\vsapi32.dll

    2012-08-30 15:38:19 EE9BF48743DCCEF46527C54BBD8BA5AE 528384 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\libcurl.dll

    2012-08-30 15:38:19 DF6FEFE6F98FAFD3E5CE55C81079AF23 315392 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\ssleay32.dll

    2012-08-30 15:38:19 DECA60F8772002CB8A7F7215814DDF77 151552 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\libexpatw.dll

    2012-08-30 15:38:19 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\tmcomm.sys

    2012-08-30 15:38:19 ACC5FAD1798DBC029D77F08081E268B9 550416 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\tmfbeng.dll

    2012-08-30 15:38:19 A38C1A1003C76E5EEBDAE66B0C7B844F 890192 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\tmufeng.dll

    2012-08-30 15:38:19 9AA69A2F61E7C4F1C6D94A6C3E3680E0 1249280 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\libeay32.dll

    2012-08-30 15:38:19 743F1AEFBFEA418A1B80566B22BBAB68 181776 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll

    2012-08-30 15:38:19 22CA046D18121AADCB5AE9DF4331BBBF 2389 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip

    2012-08-30 15:38:19 148D2019D0E7C718793F0E68A87F2FFA 58632 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\utilClientLoader.dll

    2012-08-30 15:38:19 0BC449E397A3A82FD48636BFFE19403E 263728 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\TmEngDrv.dll

    2012-08-30 15:38:18 9B165FA638E01D5CFEBEEB2C7C29244B 1586224 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\hc_core.dll

    2012-08-30 15:38:18 75676CFB7D636406059C49280BB00791 824848 —-a-w- C:\Users\Freek en Donna\AppData\Local\Temp\HouseCall\ICRCHdler.dll

    2012-08-30 15:27:17 6DFE7F2E8E8A337263AA5C92A215F161 22344 —-a-w- C:\Windows\System32\drivers\mbam.sys

    ==== Startup Registry Enabled ======================

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020”

    “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”

    “Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s”

    “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

    “snpstd”=“C:\Windows\vsnpstd.exe”

    “SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    “IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020”

    “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    ==== Startup Registry Disabled ======================

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“msnmsgr”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

  • Anonymous avatar

    Ben

    Hallo,

    Hoe staat het nu met de problemen?

    Ik zie geen rare dingen in de logjes.

    Waarschijnlijk heb je alles al verwijderd.

    Gr.Ben

    Antivirusprikbord.nl

  • Anonymous avatar

    lg

    Ik hierop antwoorden dat ziggo aangeeft middels een brieft dat de pc is besmet.

    Ik kon ook geen afwijkingen vinden.

    Bel je met ziggo dan is het advies ga maar naar de winkel met de pc en laat hem opnieuw installeren.

    Daarom vroeg ik jullie hulp.

    Ivm het troyan horse citadel/dorifel

  • Anonymous avatar

    fazantje

    Hoi LG,

    Verwijs ziggo naar deze pagina.

    Hier hebben ze de bevestiging dat jou pc schoon is.

    Als je nog twijfelt, dan mag je combofix eens uitvoeren en dat logje hier nog plaatsen.

    Gebruik ff de zoekfunctie voor combo download.

    Succes,

    Huib;)

  • Anonymous avatar

    lg

    Hartstikke bedank voor de goede zorgen, schoon is schoon, dan laten we het er hier bij.

    LG.

  • Anonymous avatar

    Ben

    Hallo,

    Is goed verwijder al de gebruikte programma's maar weer.

    Gr.Ben

    Antivirusprikbord.nl

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.