bert eskes
-
Items
4 -
Registratiedatum
-
Laatst bezocht
bert eskes's prestaties
-
Beste Kape, Wederom al je instructies opgevolgd! Dan moet het nu in orde zijn. Nogmaals bedankt! groeten, Bert
-
Beste Kape, Dit is helemaal super! Geweldig, mijn computer is weer schoon. Hartelijk dank voor de snelle hulp. Helemaal top. groeten,Bert ps: kan ik HijackThis en TDSSKiller gewoon op mijn bureaublad laten staan?
-
Beste, Hieronder vind je het REPORT De mogelijkheden van verwijderen die TDSSKiller gaf, heb ik nog niet gebruikt. Wel moet ik de computer herstarten. Ik hoor zo wel war ik nog meer moet doen?? groeten, Bert 18:32:14.0109 1084 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37 18:32:14.0187 1084 ============================================================ 18:32:14.0187 1084 Current date / time: 2012/04/10 18:32:14.0187 18:32:14.0187 1084 SystemInfo: 18:32:14.0187 1084 18:32:14.0187 1084 OS Version: 5.1.2600 ServicePack: 3.0 18:32:14.0187 1084 Product type: Workstation 18:32:14.0187 1084 ComputerName: ESKES-BOVEN 18:32:14.0187 1084 UserName: Bert 18:32:14.0187 1084 Windows directory: C:\WINDOWS 18:32:14.0187 1084 System windows directory: C:\WINDOWS 18:32:14.0187 1084 Processor architecture: Intel x86 18:32:14.0187 1084 Number of processors: 1 18:32:14.0187 1084 Page size: 0x1000 18:32:14.0187 1084 Boot type: Normal boot 18:32:14.0187 1084 ============================================================ 18:32:17.0468 1084 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:32:17.0671 1084 \Device\Harddisk0\DR0: 18:32:17.0718 1084 MBR used 18:32:17.0718 1084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6E00CCD 18:32:17.0750 1084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6E00D4B, BlocksNum 0xC34F28D 18:32:17.0796 1084 Initialize success 18:32:17.0796 1084 ============================================================ 18:32:23.0531 6012 ============================================================ 18:32:23.0531 6012 Scan started 18:32:23.0531 6012 Mode: Manual; 18:32:23.0531 6012 ============================================================ 18:32:24.0734 6012 2jmk6.sys - ok 18:32:24.0890 6012 Abiosdsk - ok 18:32:24.0953 6012 abp480n5 - ok 18:32:25.0015 6012 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:32:25.0046 6012 ACPI - ok 18:32:25.0156 6012 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:32:25.0265 6012 ACPIEC - ok 18:32:25.0312 6012 adpu160m - ok 18:32:25.0375 6012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:32:25.0390 6012 aec - ok 18:32:25.0453 6012 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 18:32:25.0453 6012 AegisP - ok 18:32:25.0500 6012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:32:25.0515 6012 AFD - ok 18:32:25.0546 6012 Aha154x - ok 18:32:25.0578 6012 aic78u2 - ok 18:32:25.0609 6012 aic78xx - ok 18:32:25.0781 6012 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 18:32:25.0906 6012 ALCXWDM - ok 18:32:25.0984 6012 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 18:32:25.0984 6012 Alerter - ok 18:32:26.0015 6012 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 18:32:26.0031 6012 ALG - ok 18:32:26.0062 6012 AliIde - ok 18:32:26.0093 6012 amsint - ok 18:32:26.0187 6012 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys 18:32:26.0250 6012 APL531 - ok 18:32:26.0312 6012 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:32:26.0328 6012 Apple Mobile Device - ok 18:32:26.0406 6012 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 18:32:26.0421 6012 AppMgmt - ok 18:32:26.0453 6012 asc - ok 18:32:26.0500 6012 asc3350p - ok 18:32:26.0531 6012 asc3550 - ok 18:32:26.0593 6012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:32:26.0593 6012 AsyncMac - ok 18:32:26.0625 6012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:32:26.0640 6012 atapi - ok 18:32:26.0671 6012 Atdisk - ok 18:32:26.0718 6012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:32:26.0718 6012 Atmarpc - ok 18:32:26.0796 6012 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 18:32:26.0796 6012 AudioSrv - ok 18:32:26.0890 6012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:32:26.0890 6012 audstub - ok 18:32:27.0140 6012 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe 18:32:27.0296 6012 AVGIDSAgent - ok 18:32:27.0359 6012 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 18:32:27.0375 6012 AVGIDSDriver - ok 18:32:27.0421 6012 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys 18:32:27.0421 6012 AVGIDSEH - ok 18:32:27.0453 6012 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 18:32:27.0468 6012 AVGIDSFilter - ok 18:32:27.0500 6012 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 18:32:27.0500 6012 AVGIDSShim - ok 18:32:27.0562 6012 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 18:32:27.0578 6012 Avgldx86 - ok 18:32:27.0609 6012 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 18:32:27.0609 6012 Avgmfx86 - ok 18:32:27.0687 6012 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 18:32:27.0687 6012 Avgrkx86 - ok 18:32:27.0734 6012 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 18:32:27.0750 6012 Avgtdix - ok 18:32:27.0890 6012 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 18:32:27.0906 6012 avgwd - ok 18:32:27.0937 6012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:32:27.0968 6012 Beep - ok 18:32:28.0046 6012 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 18:32:28.0109 6012 BITS - ok 18:32:28.0203 6012 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 18:32:28.0234 6012 Bonjour Service - ok 18:32:28.0359 6012 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 18:32:28.0375 6012 Browser - ok 18:32:28.0500 6012 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 18:32:28.0500 6012 BrScnUsb - ok 18:32:28.0609 6012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:32:28.0703 6012 cbidf2k - ok 18:32:28.0906 6012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:32:28.0906 6012 CCDECODE - ok 18:32:29.0015 6012 cd20xrnt - ok 18:32:29.0078 6012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:32:29.0125 6012 Cdaudio - ok 18:32:30.0062 6012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:32:30.0078 6012 Cdfs - ok 18:32:30.0140 6012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:32:30.0156 6012 Cdrom - ok 18:32:30.0265 6012 Changer - ok 18:32:30.0390 6012 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 18:32:30.0390 6012 CiSvc - ok 18:32:30.0578 6012 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 18:32:30.0578 6012 ClipSrv - ok 18:32:30.0625 6012 CmdIde - ok 18:32:30.0656 6012 COMSysApp - ok 18:32:30.0703 6012 Cpqarray - ok 18:32:30.0750 6012 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 18:32:30.0750 6012 CryptSvc - ok 18:32:30.0796 6012 dac2w2k - ok 18:32:30.0968 6012 dac960nt - ok 18:32:31.0031 6012 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 18:32:31.0046 6012 DcomLaunch - ok 18:32:31.0140 6012 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 18:32:31.0156 6012 Dhcp - ok 18:32:31.0187 6012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:32:31.0187 6012 Disk - ok 18:32:31.0250 6012 dmadmin - ok 18:32:31.0312 6012 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 18:32:31.0328 6012 dmboot - ok 18:32:31.0390 6012 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 18:32:31.0390 6012 dmio - ok 18:32:31.0468 6012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:32:31.0468 6012 dmload - ok 18:32:31.0500 6012 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 18:32:31.0500 6012 dmserver - ok 18:32:31.0546 6012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:32:31.0562 6012 DMusic - ok 18:32:31.0593 6012 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 18:32:31.0609 6012 Dnscache - ok 18:32:31.0687 6012 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 18:32:31.0703 6012 Dot3svc - ok 18:32:31.0734 6012 dpti2o - ok 18:32:31.0796 6012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:32:31.0812 6012 drmkaud - ok 18:32:31.0875 6012 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 18:32:31.0875 6012 EapHost - ok 18:32:31.0937 6012 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 18:32:31.0937 6012 ERSvc - ok 18:32:32.0000 6012 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 18:32:32.0015 6012 Eventlog - ok 18:32:32.0093 6012 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 18:32:32.0109 6012 EventSystem - ok 18:32:32.0171 6012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:32:32.0187 6012 Fastfat - ok 18:32:32.0281 6012 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:32:32.0281 6012 FastUserSwitchingCompatibility - ok 18:32:32.0312 6012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:32:32.0328 6012 Fdc - ok 18:32:32.0359 6012 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 18:32:32.0421 6012 Fips - ok 18:32:32.0500 6012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:32:32.0500 6012 Flpydisk - ok 18:32:32.0562 6012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:32:32.0578 6012 FltMgr - ok 18:32:32.0609 6012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:32:32.0656 6012 Fs_Rec - ok 18:32:32.0734 6012 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:32:32.0734 6012 Ftdisk - ok 18:32:32.0796 6012 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 18:32:32.0796 6012 gameenum - ok 18:32:32.0906 6012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:32:32.0906 6012 Gpc - ok 18:32:33.0031 6012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 18:32:33.0062 6012 gupdate - ok 18:32:33.0078 6012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 18:32:33.0078 6012 gupdatem - ok 18:32:33.0125 6012 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 18:32:33.0140 6012 gusvc - ok 18:32:33.0218 6012 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:32:33.0218 6012 helpsvc - ok 18:32:33.0281 6012 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 18:32:33.0281 6012 HidServ - ok 18:32:33.0343 6012 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:32:33.0359 6012 hidusb - ok 18:32:33.0421 6012 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 18:32:33.0421 6012 hkmsvc - ok 18:32:33.0468 6012 hpn - ok 18:32:33.0609 6012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:32:33.0625 6012 HTTP - ok 18:32:33.0687 6012 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 18:32:33.0687 6012 HTTPFilter - ok 18:32:33.0718 6012 i2omgmt - ok 18:32:33.0750 6012 i2omp - ok 18:32:33.0828 6012 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:32:33.0828 6012 i8042prt - ok 18:32:33.0937 6012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:32:33.0937 6012 Imapi - ok 18:32:33.0984 6012 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 18:32:34.0015 6012 ImapiService - ok 18:32:34.0062 6012 ini910u - ok 18:32:34.0109 6012 IntelIde - ok 18:32:34.0140 6012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:32:34.0140 6012 Ip6Fw - ok 18:32:34.0203 6012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:32:34.0203 6012 IpFilterDriver - ok 18:32:34.0281 6012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:32:34.0281 6012 IpInIp - ok 18:32:34.0328 6012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:32:34.0343 6012 IpNat - ok 18:32:34.0406 6012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:32:34.0421 6012 IPSec - ok 18:32:34.0468 6012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:32:34.0468 6012 IRENUM - ok 18:32:34.0546 6012 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:32:34.0546 6012 isapnp - ok 18:32:34.0609 6012 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe 18:32:34.0625 6012 JavaQuickStarterService - ok 18:32:34.0687 6012 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:32:34.0687 6012 Kbdclass - ok 18:32:34.0734 6012 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:32:34.0734 6012 kbdhid - ok 18:32:34.0796 6012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:32:34.0796 6012 kmixer - ok 18:32:34.0890 6012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:32:34.0890 6012 KSecDD - ok 18:32:34.0984 6012 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 18:32:34.0984 6012 lanmanserver - ok 18:32:35.0031 6012 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 18:32:35.0046 6012 lanmanworkstation - ok 18:32:35.0078 6012 lbrtfdc - ok 18:32:35.0156 6012 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 18:32:35.0156 6012 LmHosts - ok 18:32:35.0203 6012 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 18:32:35.0203 6012 Messenger - ok 18:32:35.0296 6012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:32:35.0343 6012 mnmdd - ok 18:32:35.0406 6012 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 18:32:35.0406 6012 mnmsrvc - ok 18:32:35.0484 6012 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 18:32:35.0531 6012 Modem - ok 18:32:35.0578 6012 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:32:35.0578 6012 Mouclass - ok 18:32:35.0656 6012 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:32:35.0656 6012 mouhid - ok 18:32:35.0734 6012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:32:35.0734 6012 MountMgr - ok 18:32:35.0812 6012 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 18:32:35.0812 6012 MpFilter - ok 18:32:36.0015 6012 MpKsl91dd6cc5 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A641C02-DED6-4D17-9355-CBE91DF59C75}\MpKsl91dd6cc5.sys 18:32:36.0015 6012 MpKsl91dd6cc5 - ok 18:32:36.0062 6012 mraid35x - ok 18:32:36.0109 6012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:32:36.0125 6012 MRxDAV - ok 18:32:36.0187 6012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:32:36.0234 6012 MRxSmb - ok 18:32:36.0265 6012 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 18:32:36.0281 6012 MSDTC - ok 18:32:36.0328 6012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:32:36.0328 6012 Msfs - ok 18:32:36.0359 6012 MSIServer - ok 18:32:36.0406 6012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:32:36.0406 6012 MSKSSRV - ok 18:32:36.0500 6012 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 18:32:36.0515 6012 MsMpSvc - ok 18:32:36.0593 6012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:32:36.0609 6012 MSPCLOCK - ok 18:32:36.0656 6012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:32:36.0656 6012 MSPQM - ok 18:32:36.0718 6012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:32:36.0718 6012 mssmbios - ok 18:32:36.0781 6012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 18:32:36.0781 6012 MSTEE - ok 18:32:36.0953 6012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:32:36.0953 6012 Mup - ok 18:32:37.0000 6012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:32:37.0000 6012 NABTSFEC - ok 18:32:37.0078 6012 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 18:32:37.0093 6012 napagent - ok 18:32:37.0171 6012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:32:37.0187 6012 NDIS - ok 18:32:37.0250 6012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:32:37.0250 6012 NdisIP - ok 18:32:37.0312 6012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:32:37.0312 6012 NdisTapi - ok 18:32:37.0375 6012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:32:37.0375 6012 Ndisuio - ok 18:32:37.0453 6012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:32:37.0453 6012 NdisWan - ok 18:32:37.0500 6012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:32:37.0515 6012 NDProxy - ok 18:32:37.0562 6012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:32:37.0562 6012 NetBIOS - ok 18:32:37.0640 6012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:32:37.0656 6012 NetBT - ok 18:32:37.0718 6012 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 18:32:37.0734 6012 NetDDE - ok 18:32:37.0734 6012 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 18:32:37.0750 6012 NetDDEdsdm - ok 18:32:37.0796 6012 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:32:37.0796 6012 Netlogon - ok 18:32:37.0921 6012 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 18:32:37.0953 6012 Netman - ok 18:32:38.0000 6012 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 18:32:38.0015 6012 Nla - ok 18:32:38.0093 6012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:32:38.0109 6012 Npfs - ok 18:32:38.0156 6012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:32:38.0171 6012 Ntfs - ok 18:32:38.0218 6012 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:32:38.0218 6012 NtLmSsp - ok 18:32:38.0281 6012 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 18:32:38.0296 6012 NtmsSvc - ok 18:32:38.0375 6012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:32:38.0421 6012 Null - ok 18:32:38.0578 6012 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:32:38.0671 6012 nv - ok 18:32:38.0734 6012 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 18:32:38.0765 6012 NVENETFD - ok 18:32:38.0796 6012 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 18:32:38.0812 6012 nvnetbus - ok 18:32:38.0921 6012 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe 18:32:38.0953 6012 NVSvc - ok 18:32:39.0046 6012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:32:39.0046 6012 NwlnkFlt - ok 18:32:39.0093 6012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:32:39.0093 6012 NwlnkFwd - ok 18:32:39.0187 6012 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:32:39.0203 6012 odserv - ok 18:32:39.0250 6012 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:32:39.0296 6012 ose - ok 18:32:39.0375 6012 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 18:32:39.0375 6012 Parport - ok 18:32:39.0437 6012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:32:39.0437 6012 PartMgr - ok 18:32:39.0500 6012 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 18:32:39.0500 6012 ParVdm - ok 18:32:39.0546 6012 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 18:32:39.0546 6012 PCI - ok 18:32:39.0578 6012 PCIDump - ok 18:32:39.0625 6012 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:32:39.0625 6012 PCIIde - ok 18:32:39.0703 6012 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:32:39.0734 6012 Pcmcia - ok 18:32:39.0781 6012 PDCOMP - ok 18:32:39.0812 6012 PDFRAME - ok 18:32:39.0843 6012 PDRELI - ok 18:32:39.0953 6012 PDRFRAME - ok 18:32:39.0984 6012 perc2 - ok 18:32:39.0984 6012 perc2hib - ok 18:32:40.0093 6012 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 18:32:40.0093 6012 PlugPlay - ok 18:32:40.0171 6012 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:32:40.0171 6012 PolicyAgent - ok 18:32:40.0265 6012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:32:40.0281 6012 PptpMiniport - ok 18:32:40.0312 6012 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys 18:32:40.0328 6012 Processor - ok 18:32:40.0343 6012 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:32:40.0343 6012 ProtectedStorage - ok 18:32:40.0406 6012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:32:40.0421 6012 PSched - ok 18:32:40.0500 6012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:32:40.0500 6012 Ptilink - ok 18:32:40.0531 6012 ql1080 - ok 18:32:40.0562 6012 Ql10wnt - ok 18:32:40.0593 6012 ql12160 - ok 18:32:40.0625 6012 ql1240 - ok 18:32:40.0656 6012 ql1280 - ok 18:32:40.0703 6012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:32:40.0703 6012 RasAcd - ok 18:32:40.0765 6012 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 18:32:40.0765 6012 RasAuto - ok 18:32:40.0828 6012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:32:40.0843 6012 Rasl2tp - ok 18:32:41.0000 6012 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 18:32:41.0015 6012 RasMan - ok 18:32:41.0062 6012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:32:41.0062 6012 RasPppoe - ok 18:32:41.0125 6012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:32:41.0125 6012 Raspti - ok 18:32:41.0187 6012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:32:41.0203 6012 Rdbss - ok 18:32:41.0281 6012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:32:41.0281 6012 RDPCDD - ok 18:32:41.0359 6012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:32:41.0359 6012 rdpdr - ok 18:32:41.0468 6012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 18:32:41.0484 6012 RDPWD - ok 18:32:41.0531 6012 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 18:32:41.0531 6012 RDSessMgr - ok 18:32:41.0593 6012 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:32:41.0609 6012 redbook - ok 18:32:41.0687 6012 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 18:32:41.0687 6012 RemoteAccess - ok 18:32:41.0750 6012 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 18:32:41.0750 6012 RemoteRegistry - ok 18:32:41.0812 6012 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 18:32:41.0812 6012 RpcLocator - ok 18:32:42.0328 6012 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 18:32:42.0343 6012 RpcSs - ok 18:32:42.0406 6012 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 18:32:42.0421 6012 RSVP - ok 18:32:42.0500 6012 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys 18:32:42.0531 6012 RT73 - ok 18:32:42.0562 6012 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:32:42.0578 6012 SamSs - ok 18:32:42.0625 6012 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 18:32:42.0625 6012 SCardSvr - ok 18:32:42.0718 6012 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 18:32:42.0734 6012 Schedule - ok 18:32:42.0812 6012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:32:42.0812 6012 Secdrv - ok 18:32:42.0921 6012 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 18:32:42.0921 6012 seclogon - ok 18:32:42.0968 6012 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 18:32:42.0968 6012 SENS - ok 18:32:43.0031 6012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:32:43.0031 6012 serenum - ok 18:32:43.0109 6012 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 18:32:43.0125 6012 Serial - ok 18:32:43.0171 6012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:32:43.0203 6012 Sfloppy - ok 18:32:43.0296 6012 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 18:32:43.0312 6012 SharedAccess - ok 18:32:43.0390 6012 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:32:43.0390 6012 ShellHWDetection - ok 18:32:43.0421 6012 Simbad - ok 18:32:43.0500 6012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:32:43.0500 6012 SLIP - ok 18:32:43.0562 6012 Sparrow - ok 18:32:43.0625 6012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:32:43.0625 6012 splitter - ok 18:32:43.0703 6012 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:32:43.0703 6012 Spooler - ok 18:32:43.0781 6012 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 18:32:43.0781 6012 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 18:32:43.0781 6012 sptd ( LockedFile.Multi.Generic ) - warning 18:32:43.0781 6012 sptd - detected LockedFile.Multi.Generic (1) 18:32:43.0843 6012 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 18:32:43.0843 6012 sr - ok 18:32:43.0953 6012 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 18:32:43.0968 6012 srservice - ok 18:32:44.0015 6012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:32:44.0031 6012 Srv - ok 18:32:44.0078 6012 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 18:32:44.0078 6012 SSDPSRV - ok 18:32:44.0156 6012 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 18:32:44.0171 6012 stisvc - ok 18:32:44.0250 6012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:32:44.0250 6012 streamip - ok 18:32:44.0328 6012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:32:44.0328 6012 swenum - ok 18:32:44.0375 6012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:32:44.0390 6012 swmidi - ok 18:32:44.0421 6012 SwPrv - ok 18:32:44.0484 6012 symc810 - ok 18:32:44.0515 6012 symc8xx - ok 18:32:44.0562 6012 sym_hi - ok 18:32:44.0609 6012 sym_u3 - ok 18:32:44.0656 6012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:32:44.0656 6012 sysaudio - ok 18:32:44.0750 6012 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 18:32:44.0750 6012 SysmonLog - ok 18:32:44.0828 6012 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 18:32:44.0843 6012 TapiSrv - ok 18:32:45.0000 6012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:32:45.0015 6012 Tcpip - ok 18:32:45.0093 6012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:32:45.0187 6012 TDPIPE - ok 18:32:45.0250 6012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:32:45.0250 6012 TDTCP - ok 18:32:45.0312 6012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:32:45.0312 6012 TermDD - ok 18:32:45.0390 6012 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 18:32:45.0406 6012 TermService - ok 18:32:45.0484 6012 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:32:45.0500 6012 Themes - ok 18:32:45.0562 6012 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 18:32:45.0562 6012 TlntSvr - ok 18:32:45.0640 6012 TosIde - ok 18:32:45.0703 6012 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 18:32:45.0703 6012 TrkWks - ok 18:32:45.0781 6012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:32:45.0843 6012 Udfs - ok 18:32:45.0937 6012 ultra - ok 18:32:45.0984 6012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:32:46.0000 6012 Update - ok 18:32:46.0062 6012 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 18:32:46.0093 6012 upnphost - ok 18:32:46.0171 6012 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 18:32:46.0171 6012 UPS - ok 18:32:46.0250 6012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:32:46.0265 6012 usbccgp - ok 18:32:46.0312 6012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:32:46.0312 6012 usbehci - ok 18:32:46.0359 6012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:32:46.0359 6012 usbhub - ok 18:32:46.0406 6012 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 18:32:46.0406 6012 usbohci - ok 18:32:46.0453 6012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:32:46.0468 6012 usbprint - ok 18:32:46.0531 6012 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:32:46.0531 6012 usbstor - ok 18:32:46.0593 6012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:32:46.0593 6012 VgaSave - ok 18:32:46.0625 6012 ViaIde - ok 18:32:46.0671 6012 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 18:32:46.0687 6012 VolSnap - ok 18:32:46.0750 6012 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 18:32:46.0765 6012 VSS - ok 18:32:46.0828 6012 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 18:32:46.0843 6012 W32Time - ok 18:32:46.0984 6012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:32:46.0984 6012 Wanarp - ok 18:32:47.0031 6012 WDICA - ok 18:32:47.0078 6012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:32:47.0078 6012 wdmaud - ok 18:32:47.0109 6012 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 18:32:47.0109 6012 WebClient - ok 18:32:47.0171 6012 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:32:47.0187 6012 winmgmt - ok 18:32:47.0281 6012 WmdmPmSN (2628076412ec86c92827ae5202501e5d) C:\WINDOWS\system32\mspmsnsv.dll 18:32:47.0281 6012 WmdmPmSN - ok 18:32:47.0375 6012 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 18:32:47.0390 6012 Wmi - ok 18:32:47.0500 6012 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:32:47.0500 6012 WmiApSrv - ok 18:32:47.0578 6012 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 18:32:47.0578 6012 wscsvc - ok 18:32:47.0656 6012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:32:47.0656 6012 WSTCODEC - ok 18:32:47.0718 6012 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 18:32:47.0718 6012 wuauserv - ok 18:32:47.0796 6012 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 18:32:47.0828 6012 WZCSVC - ok 18:32:47.0953 6012 xcpip - ok 18:32:48.0000 6012 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 18:32:48.0031 6012 xmlprov - ok 18:32:48.0062 6012 xpsec - ok 18:32:48.0203 6012 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 18:32:48.0203 6012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 18:32:48.0203 6012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 18:32:48.0218 6012 Boot (0x1200) (090fee4fc7bb1e8028fe6641222b9b00) \Device\Harddisk0\DR0\Partition0 18:32:48.0218 6012 \Device\Harddisk0\DR0\Partition0 - ok 18:32:48.0250 6012 Boot (0x1200) (17d12e94e565fc5005d2b1e46fa38200) \Device\Harddisk0\DR0\Partition1 18:32:48.0265 6012 \Device\Harddisk0\DR0\Partition1 - ok 18:32:48.0265 6012 ============================================================ 18:32:48.0265 6012 Scan finished 18:32:48.0265 6012 ============================================================ 18:32:48.0281 4604 Detected object count: 2 18:32:48.0281 4604 Actual detected object count: 2 18:35:55.0609 4604 sptd ( LockedFile.Multi.Generic ) - skipped by user 18:35:55.0609 4604 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 18:35:56.0062 4604 \Device\Harddisk0\DR0\# - copied to quarantine 18:35:56.0343 4604 \Device\Harddisk0\DR0 - copied to quarantine 18:35:56.0468 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot 18:35:56.0468 4604 \Device\Harddisk0\DR0 - ok 18:35:56.0468 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
-
Geacht Forum, Ik heb een virus op de computer dat ik niet kan verwijderen via AVG. Via Google kwam ik bij jullie terecht en ik heb de stappen genomen die via Hijack genomen moesten worden. Onderstaand vinden jullie mijn kladblok notitie. Hopelijk kunnen jullie mij helpen. mvg Bert Eskes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:50:46, on 10-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = #KPN Vandaag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\18.0.1025.152\npchrome_frame.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261484150207 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\18.0.1025.152\npchrome_frame.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9341 bytes
