Mededeling

**dorado** · 04-07-13, 22:32

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-04 22:28:09
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.FB4O 298,09GB
Running: vbcplc2y.exe; Driver: C:\Users\Ronald\AppData\Local\Temp\ugtdrpob.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA0D000, 0x2BFBF0, 0xE8000020]
? C:\Users\Ronald\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, 90, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, 93, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, 90, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, 91, 89, 00] {TEST AL, 0x91; MOV [EAX], EAX}
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, 92, 89, 00] {TEST AL, 0x92; MOV [EAX], EAX}
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, 91, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, 92, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, 90, 89, 00] {TEST AL, 0x90; MOV [EAX], EAX}
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, 91, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, 92, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, 93, 89, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[296] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, 34, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, 37, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, 34, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, 35, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, 36, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, 35, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, 36, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, 34, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, 35, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, 36, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, 37, 2E, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[872] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, 80, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, 83, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, 80, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, 81, B2, 00] {TEST AL, 0x81; MOV DL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, 82, B2, 00] {TEST AL, 0x82; MOV DL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, 81, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, 82, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, 80, B2, 00] {TEST AL, 0x80; MOV DL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, 81, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, 82, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, 83, B2, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[1312] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, 08, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, 0B, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, 08, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, 09, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, 0A, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, 09, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, 0A, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, 08, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, 09, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, 0A, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, 0B, 6F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[2532] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[2740] kernel32.dll!CreateRemoteThread + 175 7609CCAA 4 Bytes JMP 71AF0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!LdrLoadDll 77939378 5 Bytes JMP 6810EEB0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateProcessW 76051BF3 6 Bytes JMP 719E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateProcessA 76051C28 6 Bytes JMP 719B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!MoveFileW 7605A2F2 6 Bytes JMP 718C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CopyFileW 76060299 6 Bytes JMP 7192000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateProcessInternalW 76075467 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateProcessInternalW + 4 7607546B 2 Bytes [97, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!LoadLibraryExW + 173 760793DF 4 Bytes JMP 71AB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!HeapSetInformation + 26 7607A8B0 7 Bytes JMP 68114CE9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!LockResource + C 76096ACB 7 Bytes JMP 68719778 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!VirtualAllocEx + 54 7609AF50 7 Bytes JMP 6871979B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateFileW 7609B0CB 6 Bytes JMP 71AE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CreateFileA 7609D05F 6 Bytes JMP 71A7000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!CopyFileA 760A2633 6 Bytes JMP 7195000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!MoveFileA 760DF8A1 6 Bytes JMP 718F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!WinExec 760E614F 6 Bytes JMP 71A4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] GDI32.dll!SetStretchBltMode + 256 7716745C 7 Bytes JMP 687196F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] SHELL32.dll!ShellExecuteW 76469725 6 Bytes JMP 71A1000A
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, 80, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, 83, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, 80, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, 81, B3, 00] {TEST AL, 0x81; MOV BL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, 82, B3, 00] {TEST AL, 0x82; MOV BL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, 81, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, 82, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, 80, B3, 00] {TEST AL, 0x80; MOV BL, 0x0}
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, 81, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, 82, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, 83, B3, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, A0, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, A3, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, A0, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, A1, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, A2, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, A1, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, A2, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, A0, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, A1, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, A2, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, A3, 94, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[3760] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, A8, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, AB, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, A8, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, A9, 18, 00] {TEST AL, 0xa9; SBB [EAX], AL}
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, AA, 18, 00] {TEST AL, 0xaa; SBB [EAX], AL}
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, A9, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, AA, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, A8, 18, 00] {TEST AL, 0xa8; SBB [EAX], AL}
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, A9, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, AA, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, AB, 18, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4060] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtCreateFile + 6 7797424A 4 Bytes [28, B0, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtCreateFile + B 7797424F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtMapViewOfSection + 6 7797499A 4 Bytes [28, B3, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtMapViewOfSection + B 7797499F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenFile + 6 77974A2A 4 Bytes [68, B0, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenFile + B 77974A2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenProcess + 6 77974AAA 4 Bytes [A8, B1, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenProcess + B 77974AAF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenProcessToken + B 77974ABF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenProcessTokenEx + 6 77974ACA 4 Bytes [A8, B2, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenProcessTokenEx + B 77974ACF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenThread + 6 77974B1A 4 Bytes [68, B1, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenThread + B 77974B1F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenThreadToken + 6 77974B2A 4 Bytes [68, B2, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenThreadToken + B 77974B2F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtOpenThreadTokenEx + B 77974B3F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtQueryAttributesFile + 6 77974BCA 4 Bytes [A8, B0, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtQueryAttributesFile + B 77974BCF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtQueryFullAttributesFile + B 77974C7F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtSetInformationFile + 6 7797515A 4 Bytes [28, B1, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtSetInformationFile + B 7797515F 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtSetInformationThread + 6 779751AA 4 Bytes [28, B2, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtSetInformationThread + B 779751AF 1 Byte [E2]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6 7797544A 4 Bytes [68, B3, 5F, 00]
.text C:\Program Files\Comodo\Dragon\dragon.exe[4088] ntdll.dll!NtUnmapViewOfSection + B 7797544F 1 Byte [E2]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7453B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745273F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7457CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7451C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp ImmunetNetworkMonitor.sys
AttachedDevice \Driver\tdx \Device\Udp ImmunetNetworkMonitor.sys
AttachedDevice \Driver\tdx \Device\RawIp ImmunetNetworkMonitor.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0xD6 0xBA 0xF8 0xD5 ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

**dorado** · 05-07-13, 04:41

Extra informatie: deze regels:
~ Scheduled Task: 5 Legitimates Filtered in 00mn 05s
O61 - LFC: 5-7-2013 - 1:21:45 ---A- C:\Users\Ronald\AppData\Roaming\Microsoft\MMC\taskschd [87331]
kwalificeert ZPHDiag & deze regels:

==================== SharedTaskScheduler ========================
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
{8C7461EF-2B13-11d2-BE35-3078302C2030} = Component Categories cache daemon
File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\Windows\system32\browseui.dll

kwalificeert PCInfo.

**Emphyrio** · 05-07-13, 10:18

Hoi dorado,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Log enkel in als beheerder met alle rechten.
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Verwijderen
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

Download TDSSKiller naar je bureaublad.
Dubbelklik op TDSSKiller.exe om de tool te starten.

Klik op de knop "Start Scan" en volg de instructies.
Zet de items dat het vind in quarantaine
De unsigned files skip je.
Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen (= Cure).

Als er een Reboot (herstart) wordt gevraagt, dan klik je op Reboot Now.
Anders klik je op Report.
Kopie en plak de logfile die tevoorschijn komt.

Opmerking:

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Post eveneens een verse DDS log.

**dorado** · 05-07-13, 16:50

# AdwCleaner v2.304 - Verslag gemaakt op 05/07/2013 om 16:32:22
# Geactualiseerd op 03/07/2013 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Gebruiker : Ronald - ACER
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Ronald\Desktop\adwcleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

Map Verwijderd : C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\yat7uozw.default\jetpack

***** [Register] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

File : C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\ez9vw2zr.Standaardgebruiker\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

File : C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\yat7uozw.default\prefs.js

C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\yat7uozw.default\user.js ... Verwijderd !

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Opera v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Ronald\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [1452 octets] - [05/07/2013 16:31:40]
AdwCleaner[S1].txt - [1494 octets] - [05/07/2013 16:32:22]

########## EOF - C:\AdwCleaner[S1].txt - [1554 octets] ##########

**Emphyrio** · 05-07-13, 17:00

Je hebt tweemaal de AdwCleaner log gepost, dorado.
Mag ik de TDSSKiller log?

**dorado** · 05-07-13, 17:00

TDSS 1/3

16:39:44.0593 2184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:39:44.0945 2184 ============================================================ 16:39:44.0945 2184 Current date / time: 2013/07/05 16:39:44.0945 16:39:44.0945 2184 SystemInfo: 16:39:44.0945 2184 16:39:44.0946 2184 OS Version: 6.0.6002 ServicePack: 2.0 16:39:44.0946 2184 Product type: Workstation 16:39:44.0946 2184 ComputerName: ACER 16:39:44.0947 2184 UserName: Ronald 16:39:44.0947 2184 Windows directory: C:\Windows 16:39:44.0947 2184 System windows directory: C:\Windows 16:39:44.0947 2184 Processor architecture: Intel x86 16:39:44.0947 2184 Number of processors: 2 16:39:44.0947 2184 Page size: 0x1000 16:39:44.0947 2184 Boot type: Normal boot 16:39:44.0947 2184 ============================================================ 16:39:46.0188 2184 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:39:46.0191 2184 ============================================================ 16:39:46.0191 2184 \Device\Harddisk0\DR0: 16:39:46.0192 2184 MBR partitions: 16:39:46.0192 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE66E000 16:39:46.0244 2184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CEB4000, BlocksNum 0x7E61000 16:39:46.0244 2184 ============================================================ 16:39:46.0300 2184 C: \Device\Harddisk0\DR0\Partition1 16:39:46.0470 2184 D: \Device\Harddisk0\DR0\Partition2 16:39:46.0470 2184 ============================================================ 16:39:46.0470 2184 Initialize success 16:39:46.0470 2184 ============================================================ 16:41:05.0252 2712 Deinitialize success 16:41:06.0679 2908 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:41:07.0170 2908 ============================================================ 16:41:07.0171 2908 Current date / time: 2013/07/05 16:41:07.0170 16:41:07.0171 2908 SystemInfo: 16:41:07.0171 2908 16:41:07.0171 2908 OS Version: 6.0.6002 ServicePack: 2.0 16:41:07.0171 2908 Product type: Workstation 16:41:07.0171 2908 ComputerName: ACER 16:41:07.0172 2908 UserName: Ronald 16:41:07.0172 2908 Windows directory: C:\Windows 16:41:07.0172 2908 System windows directory: C:\Windows 16:41:07.0172 2908 Processor architecture: Intel x86 16:41:07.0172 2908 Number of processors: 2 16:41:07.0172 2908 Page size: 0x1000 16:41:07.0172 2908 Boot type: Normal boot 16:41:07.0172 2908 ============================================================ 16:41:08.0636 2908 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:41:08.0643 2908 ============================================================ 16:41:08.0644 2908 \Device\Harddisk0\DR0: 16:41:08.0662 2908 MBR partitions: 16:41:08.0662 2908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE66E000 16:41:08.0702 2908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CEB4000, BlocksNum 0x7E61000 16:41:08.0702 2908 ============================================================ 16:41:08.0825 2908 C: \Device\Harddisk0\DR0\Partition1 16:41:08.0957 2908 D: \Device\Harddisk0\DR0\Partition2 16:41:08.0957 2908 ============================================================ 16:41:08.0957 2908 Initialize success 16:41:08.0957 2908 ============================================================ 16:41:11.0532 2888 Deinitialize success

**dorado** · 05-07-13, 17:02

TDSS 2/3

16:41:13.0209 1036 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:41:13.0409 1036 ============================================================
16:41:13.0409 1036 Current date / time: 2013/07/05 16:41:13.0409
16:41:13.0410 1036 SystemInfo:
16:41:13.0410 1036
16:41:13.0410 1036 OS Version: 6.0.6002 ServicePack: 2.0
16:41:13.0410 1036 Product type: Workstation
16:41:13.0410 1036 ComputerName: ACER
16:41:13.0411 1036 UserName: Ronald
16:41:13.0411 1036 Windows directory: C:\Windows
16:41:13.0411 1036 System windows directory: C:\Windows
16:41:13.0411 1036 Processor architecture: Intel x86
16:41:13.0411 1036 Number of processors: 2
16:41:13.0411 1036 Page size: 0x1000
16:41:13.0411 1036 Boot type: Normal boot
16:41:13.0411 1036 ============================================================
16:41:14.0858 1036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:14.0862 1036 ============================================================
16:41:14.0862 1036 \Device\Harddisk0\DR0:
16:41:14.0863 1036 MBR partitions:
16:41:14.0863 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE66E000
16:41:14.0902 1036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CEB4000, BlocksNum 0x7E61000
16:41:14.0902 1036 ============================================================
16:41:14.0947 1036 C: <-> \Device\Harddisk0\DR0\Partition1
16:41:15.0142 1036 D: <-> \Device\Harddisk0\DR0\Partition2
16:41:15.0142 1036 ============================================================
16:41:15.0142 1036 Initialize success
16:41:15.0142 1036 ============================================================
16:41:17.0028 2484 ============================================================
16:41:17.0028 2484 Scan started
16:41:17.0028 2484 Mode: Manual;
16:41:17.0028 2484 ============================================================
16:41:17.0952 2484 ================ Scan system memory ========================
16:41:17.0952 2484 System memory - ok
16:41:17.0954 2484 ================ Scan services =============================
16:41:18.0035 2484 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:41:18.0038 2484 !SASCORE - ok
16:41:18.0399 2484 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:41:18.0409 2484 ACPI - ok
16:41:18.0505 2484 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:41:18.0515 2484 AdobeFlashPlayerUpdateSvc - ok
16:41:18.0603 2484 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:41:18.0617 2484 adp94xx - ok
16:41:18.0660 2484 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:41:18.0671 2484 adpahci - ok
16:41:18.0692 2484 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:41:18.0695 2484 adpu160m - ok
16:41:18.0727 2484 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:41:18.0731 2484 adpu320 - ok
16:41:18.0781 2484 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:41:18.0784 2484 AeLookupSvc - ok
16:41:18.0880 2484 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:41:18.0885 2484 AFD - ok
16:41:18.0941 2484 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
16:41:18.0943 2484 AgereModemAudio - ok
16:41:19.0005 2484 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:41:19.0022 2484 AgereSoftModem - ok
16:41:19.0062 2484 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:41:19.0065 2484 agp440 - ok
16:41:19.0108 2484 [ 9879FF9F6A04D660BC245788E1881B00 ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
16:41:19.0112 2484 ahcix86s - ok
16:41:19.0148 2484 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:41:19.0151 2484 aic78xx - ok
16:41:19.0177 2484 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:41:19.0180 2484 ALG - ok
16:41:19.0214 2484 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:41:19.0216 2484 aliide - ok
16:41:19.0285 2484 [ F9491B157A8CD70557745FA0312C1EEE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:41:19.0295 2484 AMD External Events Utility - ok
16:41:19.0412 2484 AMD FUEL Service - ok
16:41:19.0471 2484 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:41:19.0476 2484 amdagp - ok
16:41:19.0494 2484 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:41:19.0498 2484 amdide - ok
16:41:19.0559 2484 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
16:41:19.0563 2484 amdiox86 - ok
16:41:19.0581 2484 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:41:19.0585 2484 AmdK7 - ok
16:41:19.0604 2484 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:41:19.0607 2484 AmdK8 - ok
16:41:20.0306 2484 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:41:20.0487 2484 amdkmdag - ok
16:41:20.0574 2484 [ 3DEA9B1D1B274C739C9367FB1E56185F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:41:20.0579 2484 amdkmdap - ok
16:41:20.0648 2484 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:41:20.0651 2484 Appinfo - ok
16:41:20.0684 2484 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:41:20.0687 2484 arc - ok
16:41:20.0719 2484 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:41:20.0722 2484 arcsas - ok
16:41:20.0935 2484 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:41:20.0940 2484 aspnet_state - ok
16:41:20.0985 2484 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:41:20.0988 2484 AsyncMac - ok
16:41:21.0053 2484 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:41:21.0058 2484 atapi - ok
16:41:21.0147 2484 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys
16:41:21.0174 2484 athr - ok
16:41:21.0815 2484 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:41:21.0981 2484 atikmdag - ok
16:41:22.0034 2484 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:41:22.0036 2484 AtiPcie - ok
16:41:22.0099 2484 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:41:22.0102 2484 AudioEndpointBuilder - ok
16:41:22.0124 2484 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:41:22.0136 2484 Audiosrv - ok
16:41:22.0187 2484 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:41:22.0189 2484 Beep - ok
16:41:22.0230 2484 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:41:22.0234 2484 BFE - ok
16:41:22.0298 2484 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:41:22.0314 2484 BITS - ok
16:41:22.0344 2484 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:41:22.0346 2484 blbdrive - ok
16:41:22.0381 2484 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:41:22.0383 2484 bowser - ok
16:41:22.0400 2484 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:41:22.0401 2484 BrFiltLo - ok
16:41:22.0424 2484 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:41:22.0425 2484 BrFiltUp - ok
16:41:22.0442 2484 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:41:22.0444 2484 Browser - ok
16:41:22.0454 2484 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:41:22.0455 2484 Brserid - ok
16:41:22.0465 2484 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:41:22.0468 2484 BrSerWdm - ok
16:41:22.0477 2484 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:41:22.0478 2484 BrUsbMdm - ok
16:41:22.0487 2484 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:41:22.0488 2484 BrUsbSer - ok
16:41:22.0498 2484 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:41:22.0500 2484 BTHMODEM - ok
16:41:22.0596 2484 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
16:41:22.0597 2484 BUNAgentSvc - ok
16:41:22.0659 2484 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:41:22.0661 2484 cdfs - ok
16:41:22.0704 2484 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:41:22.0706 2484 cdrom - ok
16:41:22.0762 2484 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:41:22.0765 2484 CertPropSvc - ok
16:41:22.0798 2484 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:41:22.0801 2484 circlass - ok
16:41:22.0862 2484 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:41:22.0868 2484 CLFS - ok
16:41:22.0949 2484 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:41:22.0953 2484 clr_optimization_v2.0.50727_32 - ok
16:41:23.0018 2484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:41:23.0023 2484 clr_optimization_v4.0.30319_32 - ok
16:41:23.0071 2484 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:41:23.0075 2484 CmBatt - ok
16:41:23.0099 2484 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:41:23.0102 2484 cmdide - ok
16:41:23.0127 2484 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:41:23.0130 2484 Compbatt - ok
16:41:23.0143 2484 COMSysApp - ok
16:41:23.0163 2484 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:41:23.0165 2484 crcdisk - ok
16:41:23.0234 2484 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:41:23.0236 2484 Crusoe - ok
16:41:23.0309 2484 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:41:23.0313 2484 CryptSvc - ok
16:41:23.0382 2484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:41:23.0396 2484 DcomLaunch - ok
16:41:23.0462 2484 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:41:23.0465 2484 DfsC - ok
16:41:23.0579 2484 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:41:23.0609 2484 DFSR - ok
16:41:23.0665 2484 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:41:23.0675 2484 Dhcp - ok
16:41:23.0708 2484 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:41:23.0711 2484 disk - ok
16:41:23.0729 2484 DKbFltr - ok
16:41:23.0787 2484 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:41:23.0791 2484 Dnscache - ok
16:41:23.0837 2484 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:41:23.0842 2484 dot3svc - ok
16:41:23.0894 2484 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:41:23.0898 2484 DPS - ok
16:41:24.0351 2484 [ 582C08E418121232BD199F4B92A63D9B ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
16:41:24.0394 2484 DragonUpdater - ok
16:41:24.0440 2484 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:41:24.0442 2484 drmkaud - ok
16:41:24.0483 2484 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
16:41:24.0484 2484 DrvAgent32 - ok
16:41:24.0562 2484 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:41:24.0568 2484 DXGKrnl - ok
16:41:24.0632 2484 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:41:24.0633 2484 E1G60 - ok
16:41:24.0684 2484 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:41:24.0686 2484 EapHost - ok
16:41:24.0748 2484 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:41:24.0750 2484 Ecache - ok
16:41:24.0795 2484 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:41:24.0801 2484 ehRecvr - ok
16:41:24.0836 2484 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:41:24.0839 2484 ehSched - ok
16:41:24.0866 2484 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:41:24.0868 2484 ehstart - ok
16:41:24.0929 2484 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:41:24.0935 2484 elxstor - ok
16:41:25.0025 2484 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:41:25.0036 2484 EMDMgmt - ok
16:41:25.0081 2484 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:41:25.0083 2484 ErrDev - ok
16:41:25.0199 2484 esihdrv - ok
16:41:25.0281 2484 [ 1A35D06A53E2F143130EC9A889496DE4 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys
16:41:25.0285 2484 ESProtectionDriver - ok
16:41:25.0342 2484 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:41:25.0355 2484 EventSystem - ok
16:41:25.0416 2484 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:41:25.0423 2484 exfat - ok
16:41:25.0468 2484 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:41:25.0475 2484 fastfat - ok
16:41:25.0530 2484 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:41:25.0532 2484 fdc - ok
16:41:25.0590 2484 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:41:25.0593 2484 fdPHost - ok
16:41:25.0622 2484 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:41:25.0626 2484 FDResPub - ok
16:41:25.0678 2484 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:41:25.0680 2484 FileInfo - ok
16:41:25.0774 2484 [ 7EBAB88FEE6E97397C183ED3B71F0797 ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
16:41:25.0776 2484 FileMonitor - ok
16:41:25.0800 2484 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:41:25.0803 2484 Filetrace - ok
16:41:25.0830 2484 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:41:25.0833 2484 flpydisk - ok
16:41:25.0905 2484 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:41:25.0908 2484 FltMgr - ok
16:41:26.0009 2484 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
16:41:26.0017 2484 FontCache - ok
16:41:26.0092 2484 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:41:26.0093 2484 FontCache3.0.0.0 - ok
16:41:26.0165 2484 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:41:26.0166 2484 Fs_Rec - ok
16:41:26.0216 2484 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:41:26.0218 2484 gagp30kx - ok
16:41:26.0271 2484 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
16:41:26.0274 2484 giveio - ok
16:41:26.0331 2484 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:41:26.0342 2484 gpsvc - ok
16:41:26.0416 2484 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:41:26.0420 2484 HdAudAddService - ok
16:41:26.0513 2484 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:41:26.0530 2484 HDAudBus - ok
16:41:26.0558 2484 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:41:26.0562 2484 HidBth - ok
16:41:26.0608 2484 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:41:26.0612 2484 HidIr - ok
16:41:26.0661 2484 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:41:26.0668 2484 hidserv - ok
16:41:26.0711 2484 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:41:26.0715 2484 HidUsb - ok
16:41:26.0756 2484 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:41:26.0765 2484 hkmsvc - ok
16:41:26.0827 2484 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:41:26.0831 2484 HpCISSs - ok
16:41:26.0907 2484 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:41:26.0922 2484 HTTP - ok
16:41:26.0993 2484 [ DE3FF0AB0C551D7E00E250E81169996A ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
16:41:26.0997 2484 HWiNFO32 - ok
16:41:27.0023 2484 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:41:27.0027 2484 i2omp - ok
16:41:27.0106 2484 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:41:27.0110 2484 i8042prt - ok
16:41:27.0139 2484 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:41:27.0149 2484 iaStorV - ok
16:41:27.0433 2484 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:41:27.0460 2484 idsvc - ok
16:41:27.0494 2484 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:41:27.0498 2484 iirsp - ok
16:41:27.0607 2484 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:41:27.0626 2484 IKEEXT - ok
16:41:27.0679 2484 [ 24EA4E2F76E216CE70353736E3556585 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
16:41:27.0687 2484 IMFservice - ok
16:41:27.0765 2484 [ 7CF7BD7553672C5CDB847B333B265764 ] ImmunetNetworkMonitorDriver C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
16:41:27.0768 2484 ImmunetNetworkMonitorDriver - ok
16:41:27.0884 2484 [ 7C3DFB85845B278A772EC93BDF8F5DCB ] ImmunetProtect C:\Program Files\Immunet\3.0.8\agent.exe
16:41:27.0898 2484 ImmunetProtect - ok
16:41:27.0950 2484 [ 5E6FDD746742DC04D611A00F0F3514AE ] ImmunetProtectDriver C:\Windows\system32\DRIVERS\ImmunetProtect.sys
16:41:27.0952 2484 ImmunetProtectDriver - ok
16:41:27.0979 2484 [ 150D677F16E8BA98A7CD958EE3CCCCAF ] ImmunetSelfProtectDriver C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
16:41:27.0981 2484 ImmunetSelfProtectDriver - ok
16:41:28.0240 2484 [ FEBDD0310FBA3DA13F56EDE2E9F7B5DC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:41:28.0291 2484 IntcAzAudAddService - ok
16:41:28.0339 2484 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:41:28.0341 2484 intelide - ok
16:41:28.0369 2484 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:41:28.0372 2484 intelppm - ok
16:41:28.0420 2484 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:41:28.0424 2484 IPBusEnum - ok
16:41:28.0462 2484 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:28.0465 2484 IpFilterDriver - ok
16:41:28.0509 2484 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:41:28.0516 2484 iphlpsvc - ok
16:41:28.0534 2484 IpInIp - ok
16:41:28.0585 2484 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:41:28.0588 2484 IPMIDRV - ok
16:41:28.0623 2484 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:41:28.0627 2484 IPNAT - ok
16:41:28.0647 2484 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:41:28.0649 2484 IRENUM - ok
16:41:28.0671 2484 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:41:28.0673 2484 isapnp - ok
16:41:28.0720 2484 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:41:28.0724 2484 iScsiPrt - ok
16:41:28.0734 2484 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:41:28.0736 2484 iteatapi - ok
16:41:28.0747 2484 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:41:28.0749 2484 iteraid - ok
16:41:28.0775 2484 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:41:28.0778 2484 kbdclass - ok
16:41:28.0807 2484 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:41:28.0809 2484 kbdhid - ok
16:41:28.0840 2484 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:41:28.0844 2484 KeyIso - ok
16:41:28.0899 2484 [ D56C01321117CE8E073DE21C6365971E ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
16:41:28.0904 2484 KeyScrambler - ok
16:41:28.0936 2484 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:41:28.0944 2484 KSecDD - ok
16:41:29.0006 2484 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:41:29.0015 2484 KtmRm - ok
16:41:29.0085 2484 [ 0EBCE7560B5F4B52762C39C39F9DEC57 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys
16:41:29.0087 2484 L1E - ok
16:41:29.0114 2484 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:41:29.0123 2484 LanmanServer - ok
16:41:29.0163 2484 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:41:29.0172 2484 LanmanWorkstation - ok
16:41:29.0280 2484 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:41:29.0283 2484 LightScribeService - ok
16:41:29.0331 2484 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:41:29.0334 2484 lltdio - ok
16:41:29.0393 2484 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:41:29.0397 2484 lltdsvc - ok
16:41:29.0427 2484 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:41:29.0430 2484 lmhosts - ok
16:41:29.0459 2484 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:41:29.0461 2484 LSI_FC - ok
16:41:29.0481 2484 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:41:29.0483 2484 LSI_SAS - ok
16:41:29.0510 2484 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:41:29.0512 2484 LSI_SCSI - ok
16:41:29.0552 2484 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:41:29.0554 2484 luafv - ok
16:41:29.0584 2484 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:41:29.0587 2484 Mcx2Svc - ok
16:41:29.0605 2484 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:41:29.0607 2484 megasas - ok
16:41:29.0650 2484 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:41:29.0654 2484 MegaSR - ok
16:41:29.0686 2484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:41:29.0689 2484 MMCSS - ok
16:41:29.0730 2484 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:41:29.0731 2484 Modem - ok
16:41:29.0781 2484 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:41:29.0784 2484 monitor - ok
16:41:29.0803 2484 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:41:29.0806 2484 mouclass - ok
16:41:29.0822 2484 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:41:29.0826 2484 mouhid - ok
16:41:29.0853 2484 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:41:29.0856 2484 MountMgr - ok
16:41:29.0952 2484 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:41:29.0958 2484 MozillaMaintenance - ok
16:41:30.0027 2484 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:41:30.0030 2484 mpio - ok
16:41:30.0053 2484 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:41:30.0055 2484 mpsdrv - ok
16:41:30.0142 2484 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:41:30.0153 2484 MpsSvc - ok
16:41:30.0194 2484 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:41:30.0196 2484 Mraid35x - ok
16:41:30.0253 2484 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:41:30.0259 2484 MRxDAV - ok
16:41:30.0335 2484 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:30.0342 2484 mrxsmb - ok
16:41:30.0408 2484 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:30.0417 2484 mrxsmb10 - ok
16:41:30.0463 2484 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:30.0468 2484 mrxsmb20 - ok
16:41:30.0515 2484 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
16:41:30.0519 2484 msahci - ok
16:41:30.0548 2484 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:41:30.0554 2484 msdsm - ok
16:41:30.0604 2484 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:41:30.0609 2484 MSDTC - ok
16:41:30.0656 2484 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:41:30.0658 2484 Msfs - ok
16:41:30.0727 2484 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:41:30.0728 2484 msisadrv - ok
16:41:30.0783 2484 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:41:30.0786 2484 MSiSCSI - ok
16:41:30.0800 2484 msiserver - ok
16:41:30.0851 2484 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:41:30.0852 2484 MSKSSRV - ok
16:41:30.0870 2484 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:30.0871 2484 MSPCLOCK - ok
16:41:30.0894 2484 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:41:30.0895 2484 MSPQM - ok
16:41:30.0932 2484 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:41:30.0934 2484 MsRPC - ok
16:41:30.0969 2484 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:41:30.0970 2484 mssmbios - ok
16:41:30.0998 2484 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:41:30.0999 2484 MSTEE - ok
16:41:31.0041 2484 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:41:31.0042 2484 Mup - ok
16:41:31.0090 2484 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:41:31.0096 2484 napagent - ok
16:41:31.0137 2484 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:41:31.0139 2484 NativeWifiP - ok
16:41:31.0208 2484 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:41:31.0213 2484 NDIS - ok
16:41:31.0264 2484 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:31.0266 2484 NdisTapi - ok
16:41:31.0288 2484 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:31.0289 2484 Ndisuio - ok
16:41:31.0361 2484 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:31.0363 2484 NdisWan - ok
16:41:31.0398 2484 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:41:31.0401 2484 NDProxy - ok
16:41:31.0417 2484 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:41:31.0420 2484 NetBIOS - ok
16:41:31.0482 2484 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:41:31.0486 2484 netbt - ok
16:41:31.0518 2484 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:41:31.0522 2484 Netlogon - ok
16:41:31.0561 2484 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:41:31.0569 2484 Netman - ok
16:41:31.0634 2484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:41:31.0638 2484 NetMsmqActivator - ok
16:41:31.0669 2484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:41:31.0673 2484 NetPipeActivator - ok
16:41:31.0722 2484 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:41:31.0737 2484 netprofm - ok
16:41:31.0820 2484 [ 95725C00B580ED75A80E94ACBC77CDBC ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
16:41:31.0834 2484 netr28 - ok
16:41:31.0869 2484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:41:31.0876 2484 NetTcpActivator - ok
16:41:31.0895 2484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:41:31.0902 2484 NetTcpPortSharing - ok
16:41:31.0928 2484 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:41:31.0932 2484 nfrd960 - ok
16:41:31.0983 2484 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:41:31.0987 2484 NlaSvc - ok
16:41:32.0018 2484 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:41:32.0019 2484 Npfs - ok
16:41:32.0033 2484 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:41:32.0036 2484 nsi - ok
16:41:32.0059 2484 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:41:32.0061 2484 nsiproxy - ok
16:41:32.0110 2484 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:41:32.0119 2484 Ntfs - ok
16:41:32.0129 2484 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:41:32.0130 2484 NTIBackupSvc - ok
16:41:32.0181 2484 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:41:32.0183 2484 NTIDrvr - ok
16:41:32.0206 2484 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:41:32.0208 2484 NTISchedulerSvc - ok
16:41:32.0230 2484 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:41:32.0231 2484 ntrigdigi - ok
16:41:32.0243 2484 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:41:32.0244 2484 Null - ok
16:41:32.0252 2484 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:41:32.0254 2484 nvraid - ok
16:41:32.0262 2484 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:41:32.0263 2484 nvstor - ok
16:41:32.0270 2484 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:41:32.0272 2484 nv_agp - ok
16:41:32.0279 2484 NwlnkFlt - ok
16:41:32.0287 2484 NwlnkFwd - ok
16:41:32.0394 2484 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:41:32.0402 2484 odserv - ok
16:41:32.0447 2484 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:41:32.0450 2484 ohci1394 - ok
16:41:32.0483 2484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:41:32.0487 2484 ose - ok
16:41:32.0543 2484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:41:32.0557 2484 p2pimsvc - ok
16:41:32.0579 2484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:41:32.0593 2484 p2psvc - ok
16:41:32.0618 2484 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:41:32.0621 2484 Parport - ok
16:41:32.0649 2484 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:41:32.0652 2484 partmgr - ok
16:41:32.0684 2484 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:41:32.0685 2484 Parvdm - ok
16:41:32.0718 2484 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:41:32.0724 2484 PcaSvc - ok
16:41:32.0744 2484 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:41:32.0748 2484 pci - ok
16:41:32.0780 2484 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:41:32.0782 2484 pciide - ok
16:41:32.0802 2484 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:41:32.0806 2484 pcmcia - ok
16:41:32.0863 2484 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:41:32.0877 2484 PEAUTH - ok
16:41:32.0995 2484 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:41:33.0009 2484 pla - ok
16:41:33.0047 2484 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:41:33.0052 2484 PlugPlay - ok
16:41:33.0084 2484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:41:33.0092 2484 PNRPAutoReg - ok
16:41:33.0117 2484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:41:33.0125 2484 PNRPsvc - ok
16:41:33.0162 2484 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:41:33.0167 2484 PolicyAgent - ok
16:41:33.0206 2484 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:41:33.0207 2484 PptpMiniport - ok
16:41:33.0232 2484 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:41:33.0233 2484 Processor - ok
16:41:33.0276 2484 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:41:33.0280 2484 ProfSvc - ok
16:41:33.0307 2484 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:41:33.0309 2484 ProtectedStorage - ok
16:41:33.0338 2484 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:41:33.0345 2484 PSched - ok
16:41:33.0411 2484 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:41:33.0420 2484 ql2300 - ok
16:41:33.0441 2484 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:41:33.0443 2484 ql40xx - ok
16:41:33.0472 2484 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:41:33.0477 2484 QWAVE - ok
16:41:33.0487 2484 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:41:33.0489 2484 QWAVEdrv - ok
16:41:33.0513 2484 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:41:33.0514 2484 RasAcd - ok
16:41:33.0526 2484 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:41:33.0530 2484 RasAuto - ok
16:41:33.0543 2484 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:41:33.0544 2484 Rasl2tp - ok
16:41:33.0582 2484 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:41:33.0587 2484 RasMan - ok
16:41:33.0609 2484 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:33.0610 2484 RasPppoe - ok
16:41:33.0622 2484 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:41:33.0624 2484 RasSstp - ok
16:41:33.0648 2484 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:41:33.0651 2484 rdbss - ok
16:41:33.0673 2484 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:41:33.0674 2484 RDPCDD - ok
16:41:33.0708 2484 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:41:33.0711 2484 rdpdr - ok
16:41:33.0735 2484 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:41:33.0736 2484 RDPENCDD - ok
16:41:33.0777 2484 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:41:33.0780 2484 RDPWD - ok
16:41:33.0825 2484 [ 488F6A96E03A5A61B7F1FA6A6AB75457 ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
16:41:33.0826 2484 RegFilter - ok
16:41:33.0877 2484 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:41:33.0880 2484 RemoteAccess - ok
16:41:33.0905 2484 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:41:33.0913 2484 RemoteRegistry - ok
16:41:33.0938 2484 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:41:33.0942 2484 RpcLocator - ok
16:41:33.0981 2484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:41:33.0994 2484 RpcSs - ok
16:41:34.0027 2484 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:41:34.0030 2484 rspndr - ok
16:41:34.0067 2484 [ 68880C3B3C23F828B2D3F4FA22483457 ] rspUndeluxe C:\Windows\system32\DRIVERS\rspUnd32.sys
16:41:34.0070 2484 rspUndeluxe - ok
16:41:34.0124 2484 [ 5DFAA39D44E2EB090940351A85B891B8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
16:41:34.0128 2484 RTHDMIAzAudService - ok
16:41:34.0189 2484 [ B0538DEA03E088B80482CA939F4E8740 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
16:41:34.0191 2484 RTSTOR - ok
16:41:34.0218 2484 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:41:34.0223 2484 SamSs - ok
16:41:34.0258 2484 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:41:34.0259 2484 SASDIFSV - ok
16:41:34.0289 2484 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:41:34.0290 2484 SASKUTIL - ok
16:41:34.0318 2484 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:41:34.0319 2484 sbp2port - ok
16:41:34.0387 2484 [ 9797749EB2287F92A4B13DF7766EAF18 ] scan C:\Program Files\Immunet\tetra\scan.dll
16:41:34.0391 2484 scan - ok
16:41:34.0439 2484 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:41:34.0443 2484 SCardSvr - ok
16:41:34.0485 2484 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:41:34.0494 2484 Schedule - ok
16:41:34.0507 2484 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:41:34.0508 2484 SCPolicySvc - ok
16:41:34.0527 2484 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:41:34.0531 2484 SDRSVC - ok
16:41:34.0564 2484 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:41:34.0565 2484 secdrv - ok
16:41:34.0584 2484 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:41:34.0587 2484 seclogon - ok
16:41:34.0598 2484 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:41:34.0602 2484 SENS - ok
16:41:34.0622 2484 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:41:34.0623 2484 Serenum - ok
16:41:34.0636 2484 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:41:34.0639 2484 Serial - ok
16:41:34.0665 2484 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:41:34.0667 2484 sermouse - ok
16:41:34.0708 2484 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:41:34.0712 2484 SessionEnv - ok
16:41:34.0721 2484 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:41:34.0722 2484 sffdisk - ok
16:41:34.0731 2484 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:41:34.0732 2484 sffp_mmc - ok
16:41:34.0739 2484 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:41:34.0740 2484 sffp_sd - ok
16:41:34.0748 2484 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:41:34.0750 2484 sfloppy - ok
16:41:34.0771 2484 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:41:34.0776 2484 SharedAccess - ok
16:41:34.0794 2484 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:41:34.0800 2484 ShellHWDetection - ok
16:41:34.0807 2484 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:41:34.0808 2484 sisagp - ok
16:41:34.0816 2484 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:41:34.0817 2484 SiSRaid2 - ok
16:41:34.0824 2484 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:41:34.0826 2484 SiSRaid4 - ok
16:41:34.0940 2484 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:41:34.0968 2484 slsvc - ok
16:41:34.0986 2484 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:41:34.0990 2484 SLUINotify - ok
16:41:35.0027 2484 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:41:35.0029 2484 Smb - ok
16:41:35.0071 2484 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:41:35.0075 2484 SNMPTRAP - ok
16:41:35.0097 2484 [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan C:\Windows\system32\speedfan.sys
16:41:35.0100 2484 speedfan - ok
16:41:35.0118 2484 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:41:35.0119 2484 spldr - ok
16:41:35.0151 2484 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:41:35.0156 2484 Spooler - ok
16:41:35.0169 2484 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:41:35.0172 2484 srv - ok
16:41:35.0208 2484 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:41:35.0210 2484 srv2 - ok
16:41:35.0221 2484 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:41:35.0224 2484 srvnet - ok
16:41:35.0249 2484 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:41:35.0254 2484 SSDPSRV - ok
16:41:35.0305 2484 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:41:35.0310 2484 SstpSvc - ok
16:41:35.0375 2484 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:41:35.0383 2484 stisvc - ok
16:41:35.0407 2484 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:41:35.0408 2484 swenum - ok
16:41:35.0435 2484 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:41:35.0441 2484 swprv - ok
16:41:35.0463 2484 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:41:35.0464 2484 Symc8xx - ok
16:41:35.0471 2484 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:41:35.0472 2484 Sym_hi - ok
16:41:35.0481 2484 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:41:35.0483 2484 Sym_u3 - ok
16:41:35.0537 2484 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:41:35.0540 2484 SynTP - ok
16:41:35.0574 2484 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:41:35.0582 2484 SysMain - ok
16:41:35.0639 2484 [ 7EAEF49D206899909EB63014FC8DC19A ] SystemExplorerHelpService C:\Program Files\System Explorer\service\SystemExplorerService.exe
16:41:35.0644 2484 SystemExplorerHelpService - ok
16:41:35.0672 2484 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

**dorado** · 05-07-13, 17:03

TDSS 3/3

16:41:35.0677 2484 TabletInputService - ok
16:41:35.0704 2484 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:41:35.0710 2484 TapiSrv - ok
16:41:35.0717 2484 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:41:35.0722 2484 TBS - ok
16:41:35.0772 2484 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:41:35.0779 2484 Tcpip - ok
16:41:35.0801 2484 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:41:35.0808 2484 Tcpip6 - ok
16:41:35.0835 2484 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:41:35.0837 2484 tcpipreg - ok
16:41:35.0863 2484 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
16:41:35.0865 2484 TcUsb - ok
16:41:35.0901 2484 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:41:35.0902 2484 TDPIPE - ok
16:41:35.0912 2484 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:41:35.0915 2484 TDTCP - ok
16:41:35.0948 2484 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:41:35.0950 2484 tdx - ok
16:41:35.0989 2484 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:41:35.0990 2484 TermDD - ok
16:41:36.0032 2484 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:41:36.0040 2484 TermService - ok
16:41:36.0063 2484 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:41:36.0069 2484 Themes - ok
16:41:36.0086 2484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:41:36.0089 2484 THREADORDER - ok
16:41:36.0117 2484 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:41:36.0122 2484 TrkWks - ok
16:41:36.0152 2484 [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
16:41:36.0155 2484 Trufos - ok
16:41:36.0210 2484 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:41:36.0211 2484 TrustedInstaller - ok
16:41:36.0248 2484 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:41:36.0249 2484 tssecsrv - ok
16:41:36.0286 2484 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:41:36.0288 2484 tunmp - ok
16:41:36.0309 2484 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:41:36.0310 2484 tunnel - ok
16:41:36.0321 2484 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:41:36.0324 2484 uagp35 - ok
16:41:36.0356 2484 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:41:36.0359 2484 udfs - ok
16:41:36.0395 2484 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:41:36.0399 2484 UI0Detect - ok
16:41:36.0411 2484 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:41:36.0412 2484 uliagpkx - ok
16:41:36.0439 2484 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:41:36.0444 2484 uliahci - ok
16:41:36.0457 2484 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:41:36.0459 2484 UlSata - ok
16:41:36.0471 2484 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:41:36.0473 2484 ulsata2 - ok
16:41:36.0505 2484 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:41:36.0507 2484 umbus - ok
16:41:36.0527 2484 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:41:36.0533 2484 upnphost - ok
16:41:36.0579 2484 [ 085C7D657B6594D73A473EE55079810B ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
16:41:36.0580 2484 UrlFilter - ok
16:41:36.0656 2484 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:41:36.0659 2484 usbaudio - ok
16:41:36.0710 2484 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:41:36.0713 2484 usbccgp - ok
16:41:36.0749 2484 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:41:36.0752 2484 usbcir - ok
16:41:36.0780 2484 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:41:36.0783 2484 usbehci - ok
16:41:36.0835 2484 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:41:36.0837 2484 usbfilter - ok
16:41:36.0877 2484 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:41:36.0882 2484 usbhub - ok
16:41:36.0918 2484 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:41:36.0921 2484 usbohci - ok
16:41:36.0968 2484 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:41:36.0970 2484 usbprint - ok
16:41:37.0013 2484 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:41:37.0016 2484 USBSTOR - ok
16:41:37.0033 2484 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:41:37.0037 2484 usbuhci - ok
16:41:37.0088 2484 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:41:37.0092 2484 usbvideo - ok
16:41:37.0133 2484 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:41:37.0140 2484 UxSms - ok
16:41:37.0194 2484 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:41:37.0206 2484 vds - ok
16:41:37.0239 2484 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:41:37.0244 2484 vga - ok
16:41:37.0277 2484 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:41:37.0280 2484 VgaSave - ok
16:41:37.0298 2484 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:41:37.0303 2484 viaagp - ok
16:41:37.0324 2484 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:41:37.0326 2484 ViaC7 - ok
16:41:37.0350 2484 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:41:37.0352 2484 viaide - ok
16:41:37.0381 2484 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:41:37.0383 2484 volmgr - ok
16:41:37.0400 2484 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:41:37.0404 2484 volmgrx - ok
16:41:37.0427 2484 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:41:37.0430 2484 volsnap - ok
16:41:37.0465 2484 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:41:37.0467 2484 vsmraid - ok
16:41:37.0513 2484 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:41:37.0524 2484 VSS - ok
16:41:37.0549 2484 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:41:37.0555 2484 W32Time - ok
16:41:37.0566 2484 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:41:37.0567 2484 WacomPen - ok
16:41:37.0586 2484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:41:37.0587 2484 Wanarp - ok
16:41:37.0593 2484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:41:37.0595 2484 Wanarpv6 - ok
16:41:37.0608 2484 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:41:37.0616 2484 wcncsvc - ok
16:41:37.0634 2484 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:41:37.0639 2484 WcsPlugInService - ok
16:41:37.0666 2484 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:41:37.0669 2484 Wd - ok
16:41:37.0713 2484 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:41:37.0718 2484 Wdf01000 - ok
16:41:37.0732 2484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:41:37.0736 2484 WdiServiceHost - ok
16:41:37.0750 2484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:41:37.0754 2484 WdiSystemHost - ok
16:41:37.0776 2484 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:41:37.0782 2484 WebClient - ok
16:41:37.0800 2484 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:41:37.0808 2484 Wecsvc - ok
16:41:37.0820 2484 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:41:37.0824 2484 wercplsupport - ok
16:41:37.0864 2484 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:41:37.0873 2484 WerSvc - ok
16:41:37.0960 2484 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
16:41:37.0963 2484 winbondcir - ok
16:41:37.0995 2484 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:41:37.0998 2484 WinDefend - ok
16:41:38.0017 2484 WinHttpAutoProxySvc - ok
16:41:38.0065 2484 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:41:38.0069 2484 Winmgmt - ok
16:41:38.0120 2484 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
16:41:38.0130 2484 WinRM - ok
16:41:38.0170 2484 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:41:38.0178 2484 Wlansvc - ok
16:41:38.0206 2484 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:41:38.0208 2484 WmiAcpi - ok
16:41:38.0239 2484 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:41:38.0243 2484 wmiApSrv - ok
16:41:38.0283 2484 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:41:38.0291 2484 WMPNetworkSvc - ok
16:41:38.0303 2484 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:41:38.0308 2484 WPCSvc - ok
16:41:38.0329 2484 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:41:38.0333 2484 WPDBusEnum - ok
16:41:38.0421 2484 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:41:38.0427 2484 WPFFontCache_v0400 - ok
16:41:38.0454 2484 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:41:38.0456 2484 ws2ifsl - ok
16:41:38.0472 2484 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:41:38.0480 2484 wscsvc - ok
16:41:38.0497 2484 WSearch - ok
16:41:38.0590 2484 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:41:38.0608 2484 wuauserv - ok
16:41:38.0645 2484 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:41:38.0647 2484 WUDFRd - ok
16:41:38.0670 2484 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:41:38.0676 2484 wudfsvc - ok
16:41:38.0698 2484 ================ Scan global ===============================
16:41:38.0733 2484 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:41:38.0767 2484 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:41:38.0784 2484 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:41:38.0821 2484 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:41:38.0827 2484 [Global] - ok
16:41:38.0827 2484 ================ Scan MBR ==================================
16:41:38.0837 2484 [ FF1761EF7140665743A6D636F95DFD81 ] \Device\Harddisk0\DR0
16:41:38.0897 2484 \Device\Harddisk0\DR0 - ok
16:41:38.0899 2484 ================ Scan VBR ==================================
16:41:38.0910 2484 [ FB3D62677C14D318574421F83657DC66 ] \Device\Harddisk0\DR0\Partition1
16:41:38.0917 2484 \Device\Harddisk0\DR0\Partition1 - ok
16:41:38.0943 2484 [ 1D72E0C209AFEB6BE04EDF376B8B0C45 ] \Device\Harddisk0\DR0\Partition2
16:41:38.0945 2484 \Device\Harddisk0\DR0\Partition2 - ok
16:41:38.0946 2484 ============================================================
16:41:38.0946 2484 Scan finished
16:41:38.0946 2484 ============================================================
16:41:38.0993 2996 Detected object count: 0
16:41:38.0993 2996 Actual detected object count: 0
16:41:56.0178 3544 Deinitialize success

**Emphyrio** · 05-07-13, 17:05

IObit Malware Fighter zou ik verwijderen van je pc. heeft geen goede reputatie.

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

Emphyrio

**dorado** · 05-07-13, 20:42

In de handleidingen op bleepincomputer staat het uitschakelen van Immunet niet bij.
Het uitvoeren van Combofix werkt niet zoals het hoort.
Synaxisfout krijg ik als melding en ComboFix wordt niet uitgevoerd.

**Emphyrio** · 05-07-13, 22:34

2 Opties: verwijderen of uitschakelen met msconfig.

**dorado** · 05-07-13, 23:15

Die Combofixlog gaat niet lukken
Syntaxisregel van de opdracht is fout.

**Emphyrio** · 05-07-13, 23:17

Oorspronkelijk geplaatst door dorado Bekijk Berichten

Die Combofixlog gaat niet lukken
Syntaxsregel van de opdrachregel is fout.

Welke opdrachtregel ?

Verwijder Combofix van je bureaublad en download het opnieuw.
Deze keer zorg je dat je beveiligingssoftware uitstaat.
Heb je tevens Obit Malware Fighter verwijderdt zoals geadvizeerd?

**dorado** · 05-07-13, 23:51

Sorry om correct te zijn: Syntaxisregel van de opdracht is fout. (Dit in het blauwe beginscherm van CF)

Verdere instructies precies zoals je zei opgevolgd met helaas voor mij een negatief resultaat.

Mededeling

moet rkill gebruiken om programma's uit te voeren

moet rkill gebruiken om programma's uit te voeren

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment