mijn internet werkt heelm erg traag

[stigdepaepe]

12:42:31.0234 3892 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

12:42:31.0406 3892 ============================================================

12:42:31.0406 3892 Current date / time: 2012/04/12 12:42:31.0406

12:42:31.0406 3892 SystemInfo:

12:42:31.0406 3892

12:42:31.0406 3892 OS Version: 5.1.2600 ServicePack: 3.0

12:42:31.0406 3892 Product type: Workstation

12:42:31.0406 3892 ComputerName: UW-EE1F709DE401

12:42:31.0406 3892 UserName: stig

12:42:31.0406 3892 Windows directory: C:\WINDOWS

12:42:31.0406 3892 System windows directory: C:\WINDOWS

12:42:31.0406 3892 Processor architecture: Intel x86

12:42:31.0406 3892 Number of processors: 2

12:42:31.0406 3892 Page size: 0x1000

12:42:31.0406 3892 Boot type: Normal boot

12:42:31.0406 3892 ============================================================

12:42:34.0531 3892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:42:34.0531 3892 \Device\Harddisk0\DR0:

12:42:34.0531 3892 MBR used

12:42:34.0531 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0

12:42:34.0531 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800

12:42:34.0687 3892 Initialize success

12:42:34.0687 3892 ============================================================

12:42:46.0859 3712 ============================================================

12:42:46.0859 3712 Scan started

12:42:46.0859 3712 Mode: Manual;

12:42:46.0859 3712 ============================================================

12:42:47.0453 3712 Abiosdsk - ok

12:42:47.0468 3712 abp480n5 - ok

12:42:47.0531 3712 ACPI (d6314c6c65078596556b407b09a7bcdf) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:42:47.0546 3712 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d6314c6c65078596556b407b09a7bcdf, Fake md5: 02273a448ba21a7d447daeb47810d40c

12:42:47.0546 3712 ACPI ( Virus.Win32.Rloader.a ) - infected

12:42:47.0546 3712 ACPI - detected Virus.Win32.Rloader.a (0)

12:42:47.0593 3712 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

12:42:47.0609 3712 ACPIEC - ok

12:42:47.0609 3712 adpu160m - ok

12:42:47.0703 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:42:47.0703 3712 aec - ok

12:42:47.0781 3712 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

12:42:47.0781 3712 AFD - ok

12:42:47.0796 3712 Aha154x - ok

12:42:47.0828 3712 aic78u2 - ok

12:42:47.0828 3712 aic78xx - ok

12:42:47.0875 3712 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

12:42:47.0875 3712 Alerter - ok

12:42:47.0921 3712 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

12:42:47.0921 3712 ALG - ok

12:42:47.0937 3712 AliIde - ok

12:42:47.0953 3712 amsint - ok

12:42:48.0015 3712 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

12:42:48.0015 3712 androidusb - ok

12:42:48.0156 3712 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:42:48.0171 3712 Apple Mobile Device - ok

12:42:48.0187 3712 AppMgmt - ok

12:42:48.0281 3712 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys

12:42:48.0312 3712 AR5416 - ok

12:42:48.0328 3712 asc - ok

12:42:48.0359 3712 asc3350p - ok

12:42:48.0375 3712 asc3550 - ok

12:42:48.0437 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:42:48.0437 3712 AsyncMac - ok

12:42:48.0484 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:42:48.0500 3712 atapi - ok

12:42:48.0515 3712 Atdisk - ok

12:42:48.0562 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:42:48.0562 3712 Atmarpc - ok

12:42:48.0609 3712 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

12:42:48.0609 3712 AudioSrv - ok

12:42:48.0687 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:42:48.0687 3712 audstub - ok

12:42:48.0765 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:42:48.0765 3712 Beep - ok

12:42:48.0828 3712 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

12:42:48.0875 3712 BITS - ok

12:42:49.0078 3712 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

12:42:49.0078 3712 Bonjour Service - ok

12:42:49.0171 3712 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

12:42:49.0171 3712 Browser - ok

12:42:49.0250 3712 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys

12:42:49.0265 3712 btaudio - ok

12:42:49.0312 3712 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys

12:42:49.0312 3712 BTDriver - ok

12:42:49.0500 3712 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

12:42:49.0515 3712 BTKRNL - ok

12:42:49.0703 3712 btwdins (80349cb09ddc2f99e16d0f8919e2dca3) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

12:42:49.0718 3712 btwdins - ok

12:42:49.0859 3712 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

12:42:49.0859 3712 BTWDNDIS - ok

12:42:49.0968 3712 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

12:42:49.0968 3712 btwmodem - ok

12:42:50.0031 3712 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys

12:42:50.0031 3712 BTWUSB - ok

12:42:50.0140 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:42:50.0140 3712 cbidf2k - ok

12:42:50.0250 3712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

12:42:50.0250 3712 CCDECODE - ok

12:42:50.0265 3712 cd20xrnt - ok

12:42:50.0328 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:42:50.0343 3712 Cdaudio - ok

12:42:50.0375 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:42:50.0390 3712 Cdfs - ok

12:42:50.0468 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:42:50.0515 3712 Cdrom - ok

12:42:50.0546 3712 Changer - ok

12:42:50.0625 3712 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

12:42:50.0625 3712 CiSvc - ok

12:42:50.0703 3712 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

12:42:50.0703 3712 ClipSrv - ok

12:42:50.0796 3712 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:42:50.0796 3712 clr_optimization_v4.0.30319_32 - ok

12:42:51.0015 3712 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:42:51.0015 3712 CmBatt - ok

12:42:51.0031 3712 CmdIde - ok

12:42:51.0140 3712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:42:51.0140 3712 Compbatt - ok

12:42:51.0171 3712 COMSysApp - ok

12:42:51.0218 3712 Cpqarray - ok

12:42:51.0281 3712 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

12:42:51.0281 3712 CryptSvc - ok

12:42:51.0296 3712 dac2w2k - ok

12:42:51.0328 3712 dac960nt - ok

12:42:51.0500 3712 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

12:42:51.0500 3712 DcomLaunch - ok

12:42:51.0578 3712 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

12:42:51.0578 3712 dgderdrv - ok

12:42:51.0640 3712 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

12:42:51.0640 3712 Dhcp - ok

12:42:51.0687 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:42:51.0687 3712 Disk - ok

12:42:51.0750 3712 dmadmin - ok

12:42:51.0828 3712 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

12:42:51.0843 3712 dmboot - ok

12:42:51.0953 3712 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

12:42:51.0953 3712 dmio - ok

12:42:52.0015 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:42:52.0015 3712 dmload - ok

12:42:52.0062 3712 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

12:42:52.0062 3712 dmserver - ok

12:42:52.0125 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:42:52.0125 3712 DMusic - ok

12:42:52.0187 3712 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

12:42:52.0187 3712 Dnscache - ok

12:42:52.0265 3712 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys

12:42:52.0265 3712 DNSeFilter - ok

12:42:52.0296 3712 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS

12:42:52.0312 3712 DOSMEMIO - ok

12:42:52.0359 3712 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

12:42:52.0375 3712 Dot3svc - ok

12:42:52.0390 3712 dpti2o - ok

12:42:52.0437 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:42:52.0437 3712 drmkaud - ok

12:42:52.0484 3712 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

12:42:52.0484 3712 EapHost - ok

12:42:52.0515 3712 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

12:42:52.0515 3712 ERSvc - ok

12:42:52.0593 3712 esgiguard - ok

12:42:52.0656 3712 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

12:42:52.0671 3712 Eventlog - ok

12:42:52.0734 3712 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

12:42:52.0734 3712 EventSystem - ok

12:42:52.0796 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:42:52.0812 3712 Fastfat - ok

12:42:52.0875 3712 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

12:42:52.0875 3712 FastUserSwitchingCompatibility - ok

12:42:52.0921 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

12:42:52.0921 3712 Fdc - ok

12:42:52.0953 3712 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

12:42:52.0953 3712 Fips - ok

12:42:53.0015 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:42:53.0015 3712 Flpydisk - ok

12:42:53.0046 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

12:42:53.0062 3712 FltMgr - ok

12:42:53.0109 3712 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS

12:42:53.0109 3712 FsUsbExDisk - ok

12:42:53.0156 3712 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\WINDOWS\system32\FsUsbExService.Exe

12:42:53.0171 3712 FsUsbExService - ok

12:42:53.0203 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:42:53.0203 3712 Fs_Rec - ok

12:42:53.0250 3712 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:42:53.0250 3712 Ftdisk - ok

12:42:53.0312 3712 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:42:53.0312 3712 GEARAspiWDM - ok

12:42:53.0390 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:42:53.0406 3712 Gpc - ok

12:42:53.0562 3712 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:42:53.0562 3712 gupdate - ok

12:42:53.0593 3712 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:42:53.0593 3712 gupdatem - ok

12:42:53.0625 3712 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

12:42:53.0640 3712 gusvc - ok

12:42:53.0718 3712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:42:53.0718 3712 HDAudBus - ok

12:42:53.0796 3712 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:42:53.0796 3712 helpsvc - ok

12:42:53.0812 3712 HidServ - ok

12:42:53.0859 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:42:53.0859 3712 HidUsb - ok

12:42:53.0906 3712 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

12:42:53.0906 3712 hkmsvc - ok

12:42:53.0937 3712 hpn - ok

12:42:54.0000 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:42:54.0015 3712 HTTP - ok

12:42:54.0078 3712 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

12:42:54.0093 3712 HTTPFilter - ok

12:42:54.0109 3712 i2omgmt - ok

12:42:54.0125 3712 i2omp - ok

12:42:54.0203 3712 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:42:54.0203 3712 i8042prt - ok

12:42:54.0453 3712 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

12:42:54.0593 3712 ialm - ok

12:42:54.0750 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:42:54.0750 3712 Imapi - ok

12:42:54.0812 3712 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

12:42:54.0812 3712 ImapiService - ok

12:42:54.0843 3712 ini910u - ok

12:42:55.0078 3712 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:42:55.0140 3712 IntcAzAudAddService - ok

12:42:55.0796 3712 IntelIde - ok

12:42:55.0968 3712 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:42:56.0000 3712 intelppm - ok

12:42:56.0046 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

12:42:56.0046 3712 Ip6Fw - ok

12:42:56.0078 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:42:56.0078 3712 IpFilterDriver - ok

12:42:56.0093 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:42:56.0093 3712 IpInIp - ok

12:42:56.0140 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:42:56.0140 3712 IpNat - ok

12:42:56.0281 3712 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

12:42:56.0312 3712 iPod Service - ok

12:42:56.0375 3712 IPSec (e5cc27ae0d9f18317aa4fac717f9ecc9) C:\WINDOWS\system32\drivers\IPSec.sys

12:42:56.0375 3712 Suspicious file (Forged): C:\WINDOWS\system32\drivers\IPSec.sys. Real md5: e5cc27ae0d9f18317aa4fac717f9ecc9, Fake md5: 23c74d75e36e7158768dd63d92789a91

12:42:56.0375 3712 IPSec ( Virus.Win32.ZAccess.k ) - infected

12:42:56.0375 3712 IPSec - detected Virus.Win32.ZAccess.k (0)

12:42:56.0437 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:42:56.0437 3712 IRENUM - ok

12:42:56.0515 3712 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:42:56.0515 3712 isapnp - ok

12:42:56.0625 3712 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe

12:42:56.0625 3712 JavaQuickStarterService - ok

12:42:56.0687 3712 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:42:56.0687 3712 Kbdclass - ok

12:42:56.0750 3712 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:42:56.0750 3712 kbdhid - ok

12:42:56.0812 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:42:56.0812 3712 kmixer - ok

12:42:56.0859 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:42:56.0859 3712 KSecDD - ok

12:42:56.0921 3712 kservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\smrt.dll

12:42:56.0937 3712 kservice ( Backdoor.Multi.ZAccess.gen ) - infected

12:42:56.0937 3712 kservice - detected Backdoor.Multi.ZAccess.gen (0)

12:42:57.0031 3712 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

12:42:57.0046 3712 LanmanServer - ok

12:42:57.0109 3712 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

12:42:57.0125 3712 lanmanworkstation - ok

12:42:57.0156 3712 lbrtfdc - ok

12:42:57.0234 3712 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

12:42:57.0234 3712 LmHosts - ok

12:42:57.0296 3712 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

12:42:57.0296 3712 MBAMProtector - ok

12:42:57.0421 3712 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:42:57.0437 3712 MBAMService - ok

12:42:57.0453 3712 McComponentHostService - ok

12:42:57.0484 3712 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

12:42:57.0500 3712 Messenger - ok

12:42:57.0562 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:42:57.0562 3712 mnmdd - ok

12:42:57.0625 3712 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

12:42:57.0625 3712 mnmsrvc - ok

12:42:57.0703 3712 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

12:42:57.0703 3712 Modem - ok

12:42:57.0734 3712 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:42:57.0734 3712 Mouclass - ok

12:42:57.0796 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:42:57.0812 3712 MountMgr - ok

12:42:57.0843 3712 mraid35x - ok

12:42:57.0890 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:42:57.0890 3712 MRxDAV - ok

12:42:57.0984 3712 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:42:58.0015 3712 MRxSmb - ok

12:42:58.0078 3712 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

12:42:58.0093 3712 MSDTC - ok

12:42:58.0140 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:42:58.0140 3712 Msfs - ok

12:42:58.0171 3712 MSIServer - ok

12:42:58.0203 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:42:58.0203 3712 MSKSSRV - ok

12:42:58.0234 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:42:58.0234 3712 MSPCLOCK - ok

12:42:58.0265 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:42:58.0265 3712 MSPQM - ok

12:42:58.0328 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:42:58.0328 3712 mssmbios - ok

12:42:58.0390 3712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

12:42:58.0390 3712 MSTEE - ok

12:42:58.0421 3712 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

12:42:58.0421 3712 Mup - ok

12:42:58.0453 3712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

12:42:58.0453 3712 NABTSFEC - ok

12:42:58.0578 3712 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

12:42:58.0593 3712 napagent - ok

12:42:58.0656 3712 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys

12:42:58.0671 3712 NDIS - ok

12:42:58.0718 3712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

12:42:58.0718 3712 NdisIP - ok

12:42:58.0781 3712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:42:58.0781 3712 NdisTapi - ok

12:42:58.0875 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:42:58.0875 3712 Ndisuio - ok

12:42:58.0906 3712 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:42:58.0921 3712 NdisWan - ok

12:42:59.0000 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:42:59.0000 3712 NDProxy - ok

12:42:59.0031 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:42:59.0031 3712 NetBIOS - ok

12:42:59.0109 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:42:59.0109 3712 NetBT - ok

12:42:59.0218 3712 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

12:42:59.0218 3712 NetDDE - ok

12:42:59.0265 3712 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

12:42:59.0281 3712 NetDDEdsdm - ok

12:42:59.0359 3712 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

12:42:59.0375 3712 Netlogon - ok

12:42:59.0468 3712 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

12:42:59.0484 3712 Netman - ok

12:42:59.0593 3712 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

12:42:59.0593 3712 Nla - ok

12:42:59.0734 3712 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys

12:42:59.0734 3712 NPF - ok

12:42:59.0843 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:42:59.0859 3712 Npfs - ok

12:43:00.0031 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:43:00.0093 3712 Ntfs - ok

12:43:00.0187 3712 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

12:43:00.0187 3712 NtLmSsp - ok

12:43:00.0312 3712 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

12:43:00.0343 3712 NtmsSvc - ok

12:43:00.0406 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:43:00.0421 3712 Null - ok

12:43:00.0468 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:43:00.0468 3712 NwlnkFlt - ok

12:43:00.0484 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:43:00.0484 3712 NwlnkFwd - ok

12:43:00.0515 3712 p1131vid - ok

12:43:00.0546 3712 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

12:43:00.0546 3712 Parport - ok

12:43:00.0578 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:43:00.0578 3712 PartMgr - ok

12:43:00.0640 3712 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

12:43:00.0640 3712 ParVdm - ok

12:43:00.0703 3712 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

12:43:00.0703 3712 PCI - ok

12:43:00.0734 3712 PCIDump - ok

12:43:00.0765 3712 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:43:00.0765 3712 PCIIde - ok

12:43:00.0812 3712 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:43:00.0828 3712 Pcmcia - ok

12:43:00.0859 3712 PDCOMP - ok

12:43:00.0875 3712 PDFRAME - ok

12:43:00.0890 3712 PDRELI - ok

12:43:00.0906 3712 PDRFRAME - ok

12:43:00.0921 3712 perc2 - ok

12:43:00.0953 3712 perc2hib - ok

12:43:01.0046 3712 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

12:43:01.0046 3712 PlugPlay - ok

12:43:01.0078 3712 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

12:43:01.0093 3712 PolicyAgent - ok

12:43:01.0125 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:43:01.0125 3712 PptpMiniport - ok

12:43:01.0156 3712 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

12:43:01.0156 3712 ProtectedStorage - ok

12:43:01.0171 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:43:01.0187 3712 PSched - ok

12:43:01.0203 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:43:01.0203 3712 Ptilink - ok

12:43:01.0234 3712 ql1080 - ok

12:43:01.0250 3712 Ql10wnt - ok

12:43:01.0265 3712 ql12160 - ok

12:43:01.0296 3712 ql1240 - ok

12:43:01.0312 3712 ql1280 - ok

12:43:01.0328 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:43:01.0343 3712 RasAcd - ok

12:43:01.0375 3712 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

12:43:01.0375 3712 RasAuto - ok

12:43:01.0421 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:43:01.0421 3712 Rasl2tp - ok

12:43:01.0484 3712 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

12:43:01.0484 3712 RasMan - ok

12:43:01.0515 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:43:01.0515 3712 RasPppoe - ok

12:43:01.0546 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:43:01.0546 3712 Raspti - ok

12:43:01.0609 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:43:01.0625 3712 Rdbss - ok

12:43:01.0671 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:43:01.0671 3712 RDPCDD - ok

12:43:01.0734 3712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:43:01.0750 3712 RDPWD - ok

12:43:01.0796 3712 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

12:43:01.0796 3712 RDSessMgr - ok

12:43:01.0843 3712 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:43:01.0843 3712 redbook - ok

12:43:01.0921 3712 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

12:43:01.0921 3712 RemoteAccess - ok

12:43:02.0000 3712 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

12:43:02.0015 3712 RpcLocator - ok

12:43:02.0093 3712 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

12:43:02.0093 3712 RpcSs - ok

12:43:02.0156 3712 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

12:43:02.0156 3712 RSVP - ok

12:43:02.0203 3712 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

12:43:02.0203 3712 SamSs - ok

12:43:02.0312 3712 Samsung Update Plus (b1c20cf045a559ff8b622893d05067b5) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

12:43:02.0312 3712 Samsung Update Plus - ok

12:43:02.0375 3712 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

12:43:02.0390 3712 SCardSvr - ok

12:43:02.0437 3712 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

12:43:02.0453 3712 Schedule - ok

12:43:02.0484 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:43:02.0484 3712 Secdrv - ok

12:43:02.0562 3712 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

12:43:02.0562 3712 seclogon - ok

12:43:02.0593 3712 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

12:43:02.0609 3712 SENS - ok

12:43:02.0625 3712 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

12:43:02.0640 3712 Serial - ok

12:43:02.0718 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:43:02.0718 3712 Sfloppy - ok

12:43:02.0796 3712 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

12:43:02.0796 3712 SharedAccess - ok

12:43:02.0890 3712 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

12:43:02.0890 3712 ShellHWDetection - ok

12:43:02.0921 3712 Simbad - ok

12:43:02.0984 3712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

12:43:02.0984 3712 SLIP - ok

12:43:03.0062 3712 Sparrow - ok

12:43:03.0125 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:43:03.0125 3712 splitter - ok

12:43:03.0187 3712 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

12:43:03.0187 3712 Spooler - ok

12:43:03.0281 3712 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

12:43:03.0281 3712 sr - ok

12:43:03.0375 3712 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

12:43:03.0375 3712 srservice - ok

12:43:03.0453 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:43:03.0468 3712 Srv - ok

12:43:03.0515 3712 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

12:43:03.0531 3712 ssadbus - ok

12:43:03.0578 3712 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

12:43:03.0593 3712 ssadmdfl - ok

12:43:03.0656 3712 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

12:43:03.0656 3712 ssadmdm - ok

12:43:03.0718 3712 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys

12:43:03.0718 3712 ssadserd - ok

12:43:03.0796 3712 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

12:43:03.0796 3712 SSDPSRV - ok

12:43:03.0875 3712 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

12:43:03.0890 3712 stisvc - ok

12:43:03.0937 3712 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

12:43:03.0937 3712 streamip - ok

12:43:04.0000 3712 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys

12:43:04.0000 3712 SUEPD - ok

12:43:04.0093 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:43:04.0093 3712 swenum - ok

12:43:04.0125 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:43:04.0125 3712 swmidi - ok

12:43:04.0156 3712 SwPrv - ok

12:43:04.0171 3712 symc810 - ok

12:43:04.0203 3712 symc8xx - ok

12:43:04.0218 3712 sym_hi - ok

12:43:04.0234 3712 sym_u3 - ok

12:43:04.0312 3712 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

12:43:04.0328 3712 SynTP - ok

12:43:04.0359 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:43:04.0359 3712 sysaudio - ok

12:43:04.0406 3712 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

12:43:04.0406 3712 SysmonLog - ok

12:43:04.0453 3712 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

12:43:04.0468 3712 TapiSrv - ok

12:43:04.0531 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:43:04.0546 3712 Tcpip - ok

12:43:04.0593 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:43:04.0593 3712 TDPIPE - ok

12:43:04.0640 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:43:04.0640 3712 TDTCP - ok

12:43:04.0718 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:43:04.0718 3712 TermDD - ok

12:43:04.0765 3712 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

12:43:04.0781 3712 TermService - ok

12:43:04.0859 3712 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

12:43:04.0875 3712 Themes - ok

12:43:04.0890 3712 TosIde - ok

12:43:04.0953 3712 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

12:43:04.0953 3712 TrkWks - ok

12:43:05.0015 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:43:05.0031 3712 Udfs - ok

12:43:05.0046 3712 ultra - ok

12:43:05.0109 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:43:05.0125 3712 Update - ok

12:43:05.0171 3712 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

12:43:05.0187 3712 upnphost - ok

12:43:05.0218 3712 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

12:43:05.0234 3712 UPS - ok

12:43:05.0250 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:43:05.0265 3712 usbccgp - ok

12:43:05.0328 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:43:05.0328 3712 usbehci - ok

12:43:05.0343 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:43:05.0359 3712 usbhub - ok

12:43:05.0406 3712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:43:05.0406 3712 usbprint - ok

12:43:05.0484 3712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:43:05.0484 3712 usbscan - ok

12:43:05.0562 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:43:05.0562 3712 USBSTOR - ok

12:43:05.0609 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:43:05.0609 3712 usbuhci - ok

12:43:05.0687 3712 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

12:43:05.0687 3712 usbvideo - ok

12:43:05.0734 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:43:05.0734 3712 VgaSave - ok

12:43:05.0750 3712 ViaIde - ok

12:43:05.0812 3712 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys

12:43:05.0828 3712 VMC326 - ok

12:43:05.0890 3712 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

12:43:05.0906 3712 VolSnap - ok

12:43:06.0031 3712 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

12:43:06.0046 3712 VSS - ok

12:43:06.0109 3712 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

12:43:06.0109 3712 W32Time - ok

12:43:06.0187 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:43:06.0187 3712 Wanarp - ok

12:43:06.0250 3712 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:43:06.0265 3712 Wdf01000 - ok

12:43:06.0296 3712 WDICA - ok

12:43:06.0343 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:43:06.0343 3712 wdmaud - ok

12:43:06.0421 3712 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

12:43:06.0437 3712 WebClient - ok

12:43:06.0500 3712 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:43:06.0515 3712 winmgmt - ok

12:43:06.0546 3712 wlancfg - ok

12:43:06.0625 3712 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:43:06.0640 3712 WmdmPmSN - ok

12:43:06.0671 3712 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:43:06.0687 3712 WmiApSrv - ok

12:43:06.0843 3712 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:43:06.0859 3712 WMPNetworkSvc - ok

12:43:07.0015 3712 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:43:07.0031 3712 WPFFontCache_v0400 - ok

12:43:07.0140 3712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:43:07.0140 3712 WS2IFSL - ok

12:43:07.0218 3712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

12:43:07.0218 3712 WSTCODEC - ok

12:43:07.0281 3712 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:43:07.0281 3712 WudfPf - ok

12:43:07.0343 3712 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:43:07.0343 3712 WudfRd - ok

12:43:07.0390 3712 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:43:07.0406 3712 WudfSvc - ok

12:43:07.0453 3712 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

12:43:07.0468 3712 WZCSVC - ok

12:43:07.0515 3712 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

12:43:07.0515 3712 xmlprov - ok

12:43:07.0578 3712 yksvc (b074b1ee465a3292636858323d176402) C:\WINDOWS\System32\yk51x86.dll

12:43:07.0593 3712 yksvc - ok

12:43:07.0625 3712 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

12:43:07.0640 3712 yukonwxp - ok

12:43:07.0703 3712 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0

12:43:08.0218 3712 \Device\Harddisk0\DR0 - ok

12:43:08.0234 3712 Boot (0x1200) (0c618598187d20ba91adcf3e244d3553) \Device\Harddisk0\DR0\Partition0

12:43:08.0234 3712 \Device\Harddisk0\DR0\Partition0 - ok

12:43:08.0281 3712 Boot (0x1200) (65d7f811b81884c40314d5225644d3a3) \Device\Harddisk0\DR0\Partition1

12:43:08.0281 3712 \Device\Harddisk0\DR0\Partition1 - ok

12:43:08.0281 3712 ============================================================

12:43:08.0281 3712 Scan finished

12:43:08.0281 3712 ============================================================

12:43:08.0312 2552 Detected object count: 3

12:43:08.0312 2552 Actual detected object count: 3

12:44:14.0234 2552 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine

12:44:17.0203 2552 Backup copy found, using it..

12:44:17.0234 2552 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot

12:44:17.0234 2552 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

12:44:17.0562 2552 C:\WINDOWS\system32\drivers\IPSec.sys - copied to quarantine

12:44:19.0281 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\@ - copied to quarantine

12:44:19.0312 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\cfg.ini - copied to quarantine

12:44:19.0312 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\Desktop.ini - copied to quarantine

12:44:19.0390 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\L\vqkmksuu - copied to quarantine

12:44:19.0406 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\twl.dll - copied to quarantine

12:44:19.0484 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000001.@ - copied to quarantine

12:44:19.0546 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000002.@ - copied to quarantine

12:44:19.0687 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000004.@ - copied to quarantine

12:44:19.0750 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000000.@ - copied to quarantine

12:44:19.0796 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000004.@ - copied to quarantine

12:44:19.0812 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000032.@ - copied to quarantine

12:44:19.0812 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\version - copied to quarantine

12:44:22.0765 2552 Backup copy found, using it..

12:44:22.0796 2552 C:\WINDOWS\system32\drivers\IPSec.sys - will be cured on reboot

12:44:26.0640 2552 C:\WINDOWS\$NtUninstallKB59140$\3690379776 - will be deleted on reboot

12:44:26.0640 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\@ - will be deleted on reboot

12:44:26.0640 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\cfg.ini - will be deleted on reboot

12:44:26.0640 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\Desktop.ini - will be deleted on reboot

12:44:26.0640 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\twl.dll - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000001.$ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000001.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000002.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\00000004.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000000.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000004.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\U\80000032.@ - will be deleted on reboot

12:44:26.0734 2552 C:\WINDOWS\$NtUninstallKB59140$\765381274\version - will be deleted on reboot

12:44:26.0750 2552 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure

12:44:26.0812 2552 C:\WINDOWS\system32\smrt.dll - copied to quarantine

12:44:26.0828 2552 HKLM\SYSTEM\ControlSet001\services\kservice - will be deleted on reboot

12:44:26.0828 2552 HKLM\SYSTEM\ControlSet002\services\kservice - will be deleted on reboot

12:44:26.0859 2552 C:\WINDOWS\system32\smrt.dll - will be deleted on reboot

12:44:26.0859 2552 kservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

12:47:59.0375 3688 Deinitialize success

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[stigdepaepe]

ik kan het logbestandje van combofix nergens vinden maar het internet werkt nu terug normaal

[kape]

Kijk een in de C-partitie naar ComboFix.txt ?

[stigdepaepe]

niets te vinden ik heb het programma nog eens laten scannen en heeft weer geen log bestand opgeslaan

[kape]

In één van je vorige berichten las ik dat Internet terug OK was. Wil dit eigenlijk zeggen dat je probleem volledig opgelost is ? Zo ja, dan laten we Combofix - als extra controle - maar weg en beginnen we aan de opruiming. Laat even weten of die conclusie juist is ?

[stigdepaepe]

inderdaad het internet is terug ok dus er mag aan opruiming begonen worden. Wat was nu juist het probleem want die log bestanden dat was chinees voor mij?

[kape]

Oorzaak : het downloaden van een "foute" scanner met virus en backdoor tot gevolg. Deze zijn nu verwijderd, waardoor ook de verbinding hersteld is. Dit mag je nog doen om de restjes op te ruimen.

Verwijder HijackThis en TDSSKiller.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

13 april 2012 aangepast door kape

[stigdepaepe]

!!!WREED BEDANKT VOOR DE HULP!!!!

groeten,