vannie1981
-
Items
6 -
Registratiedatum
-
Laatst bezocht
vannie1981's prestaties
-
Diverse Trojaans paard bedreigingen
vannie1981 reageerde op vannie1981's topic in Archief Bestrijding malware & virussen
ok, helaas. dan is het niet anders. In ieder geval bedankt! -
Diverse Trojaans paard bedreigingen
vannie1981 reageerde op vannie1981's topic in Archief Bestrijding malware & virussen
Net weer een scan gedaan van avg...maar helaas nog steeds hetzelfde.
-
Diverse Trojaans paard bedreigingen
vannie1981 reageerde op vannie1981's topic in Archief Bestrijding malware & virussen
Zo, die scan duurde zeker lang. Hierbij het rapportje: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 24-5-2012 15:04:21 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 24-5-2012 15:08:36 c:\windows\system32\TVUAx\libcurl.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\libeay32.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\libexpatw.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\npTVUAx.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\ssleay32.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\zlib1.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> HelpText Ontdekt: Trace.Registry.SEO Toolbar!A2 Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> MenuText Ontdekt: Trace.Registry.SEO Toolbar!A2 Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.dl.tvunetworks.com!A2 C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\download.zip/Tibia.exe Ontdekt: Virus.Win32.Virut!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\Tibia.exe Ontdekt: Virus.Win32.Virut!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.rar/1.da_ Ontdekt: Trojan.Agent!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.zip/1.da_ Ontdekt: Trojan.Agent!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\Tibia Loader.rar/loader\updater.exe Ontdekt: Trojan-Dropper.Agent!IK C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\cnet2_RegpairSetup_exe.exe Ontdekt: Riskware.Win32.InstallCore.AMN!A2 C:\Documents and Settings\Gebruiker\Mijn documenten\ipchanger\2.da_ Ontdekt: Trojan.Win32.Spy.45056.Y!A2 C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\loader(1).exe Ontdekt: Trojan-Dropper.Delf!IK C:\Muziek\bestanden 2 november 2007\Dries Heringa\DRIES HERINGA\Mijn afbeeldingen\Neverland.exe Ontdekt: Trojan.Win32.GameServer.AMN!A2 C:\Muziek\My downloads\BSINSTALLNL.exe Ontdekt: Riskware.AdWare.Win32.SaveNow!IK C:\Muziek\White Stars Universe Twisters Full.wma Ontdekt: Trojan-Downloader.ASX.Wimad!IK C:\Program Files\TibiaBot NG\loader\apps\hook.dll Ontdekt: Trojan.ATRAPS!IK C:\Program Files\TibiaBot NG\loader\apps\tibia831\download.zip/Tibia.exe Ontdekt: Virus.Win32.Virut!IK C:\Program Files\TibiaBot NG\loader\apps\tibia831\Tibia.exe Ontdekt: Virus.Win32.Virut!IK C:\Program Files\TibiaBot NG\loader\ipchanger.rar/1.da_ Ontdekt: Trojan.Agent!IK C:\Program Files\TibiaBot NG\loader\ipchanger.zip/1.da_ Ontdekt: Trojan.Agent!IK C:\Program Files\TibiaBot NG\loader\loader.exe Ontdekt: Trojan-Dropper.Win32.VB!IK C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader\updater.exe Ontdekt: Trojan-Dropper.Agent!IK C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader.exe Ontdekt: Trojan-Dropper.Win32.VB!IK C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\59AA.A05.vir Ontdekt: Backdoor.Conf!IK C:\System Volume Information\_restore{090D9B8E-3167-4E9B-B6C4-7EE725F9A4D5}\RP1187\A0288320.exe Ontdekt: Riskware.Hacktool.Nokia!IK C:\TDSSKiller_Quarantine\23.05.2012_22.16.50\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK Gescand Bestanden: 158197 Sporen: 431845 Cookies: 64 Processen: 41 Gevonden Bestanden: 22 Sporen: 14 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 24-5-2012 20:10:39 Scantijd: 5:02:03 C:\TDSSKiller_Quarantine\23.05.2012_22.16.50\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK C:\System Volume Information\_restore{090D9B8E-3167-4E9B-B6C4-7EE725F9A4D5}\RP1187\A0288320.exe Verwijderd Riskware.Hacktool.Nokia!IK C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\59AA.A05.vir Verwijderd Backdoor.Conf!IK C:\Program Files\TibiaBot NG\loader\loader.exe Verwijderd Trojan-Dropper.Win32.VB!IK C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader.exe Verwijderd Trojan-Dropper.Win32.VB!IK C:\Program Files\TibiaBot NG\loader\apps\hook.dll Verwijderd Trojan.ATRAPS!IK C:\Muziek\White Stars Universe Twisters Full.wma Verwijderd Trojan-Downloader.ASX.Wimad!IK C:\Muziek\My downloads\BSINSTALLNL.exe Verwijderd Riskware.AdWare.Win32.SaveNow!IK C:\Muziek\bestanden 2 november 2007\Dries Heringa\DRIES HERINGA\Mijn afbeeldingen\Neverland.exe Verwijderd Trojan.Win32.GameServer.AMN!A2 C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\loader(1).exe Verwijderd Trojan-Dropper.Delf!IK C:\Documents and Settings\Gebruiker\Mijn documenten\ipchanger\2.da_ Verwijderd Trojan.Win32.Spy.45056.Y!A2 C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\cnet2_RegpairSetup_exe.exe Verwijderd Riskware.Win32.InstallCore.AMN!A2 C:\Documents and Settings\Gebruiker\Bureaublad\loader\Tibia Loader.rar/loader\updater.exe Verwijderd Trojan-Dropper.Agent!IK C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader\updater.exe Verwijderd Trojan-Dropper.Agent!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.rar/1.da_ Verwijderd Trojan.Agent!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.zip/1.da_ Verwijderd Trojan.Agent!IK C:\Program Files\TibiaBot NG\loader\ipchanger.rar/1.da_ Verwijderd Trojan.Agent!IK C:\Program Files\TibiaBot NG\loader\ipchanger.zip/1.da_ Verwijderd Trojan.Agent!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\download.zip/Tibia.exe Verwijderd Virus.Win32.Virut!IK C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\Tibia.exe Verwijderd Virus.Win32.Virut!IK C:\Program Files\TibiaBot NG\loader\apps\tibia831\download.zip/Tibia.exe Verwijderd Virus.Win32.Virut!IK C:\Program Files\TibiaBot NG\loader\apps\tibia831\Tibia.exe Verwijderd Virus.Win32.Virut!IK Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.dl.tvunetworks.com!A2 Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> HelpText Verwijderd Trace.Registry.SEO Toolbar!A2 Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> MenuText Verwijderd Trace.Registry.SEO Toolbar!A2 c:\windows\system32\TVUAx\libcurl.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\libeay32.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\libexpatw.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\npTVUAx.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\ssleay32.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 c:\windows\system32\TVUAx\zlib1.dll Verwijderd Trace.File.dl.tvunetworks.com!A2 Verwijderd Bestanden: 22 Sporen: 14 Cookies: 0 -
Diverse Trojaans paard bedreigingen
vannie1981 reageerde op vannie1981's topic in Archief Bestrijding malware & virussen
Ja, nog steeds hetzelfde. Ik heb even een afbeelding bijgevoegd van wat de meldingen zijn van agv.
-
Diverse Trojaans paard bedreigingen
vannie1981 reageerde op vannie1981's topic in Archief Bestrijding malware & virussen
Bij deze..... 22:16:50.0265 0404 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 22:16:50.0406 0404 ============================================================ 22:16:50.0406 0404 Current date / time: 2012/05/23 22:16:50.0406 22:16:50.0406 0404 SystemInfo: 22:16:50.0406 0404 22:16:50.0406 0404 OS Version: 5.1.2600 ServicePack: 3.0 22:16:50.0406 0404 Product type: Workstation 22:16:50.0406 0404 ComputerName: DRIESHERMA 22:16:50.0406 0404 UserName: Gebruiker 22:16:50.0406 0404 Windows directory: C:\WINDOWS 22:16:50.0406 0404 System windows directory: C:\WINDOWS 22:16:50.0406 0404 Processor architecture: Intel x86 22:16:50.0406 0404 Number of processors: 1 22:16:50.0406 0404 Page size: 0x1000 22:16:50.0406 0404 Boot type: Normal boot 22:16:50.0406 0404 ============================================================ 22:16:53.0281 0404 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:16:53.0281 0404 ============================================================ 22:16:53.0281 0404 \Device\Harddisk0\DR0: 22:16:53.0281 0404 MBR partitions: 22:16:53.0281 0404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1 22:16:53.0281 0404 ============================================================ 22:16:53.0328 0404 C: <-> \Device\Harddisk0\DR0\Partition0 22:16:53.0328 0404 ============================================================ 22:16:53.0328 0404 Initialize success 22:16:53.0328 0404 ============================================================ 22:17:11.0625 1236 ============================================================ 22:17:11.0625 1236 Scan started 22:17:11.0625 1236 Mode: Manual; 22:17:11.0625 1236 ============================================================ 22:17:12.0296 1236 Abiosdsk - ok 22:17:12.0312 1236 abp480n5 - ok 22:17:12.0375 1236 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys 22:17:12.0453 1236 ACEDRV07 - ok 22:17:12.0546 1236 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:17:12.0546 1236 ACPI - ok 22:17:12.0593 1236 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:17:12.0593 1236 ACPIEC - ok 22:17:12.0609 1236 adpu160m - ok 22:17:12.0656 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:17:12.0687 1236 aec - ok 22:17:12.0750 1236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:17:12.0765 1236 AFD - ok 22:17:12.0828 1236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 22:17:12.0828 1236 agp440 - ok 22:17:12.0843 1236 Aha154x - ok 22:17:12.0875 1236 aic78u2 - ok 22:17:12.0890 1236 aic78xx - ok 22:17:12.0937 1236 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 22:17:12.0937 1236 Alerter - ok 22:17:13.0000 1236 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 22:17:13.0000 1236 ALG - ok 22:17:13.0015 1236 AliIde - ok 22:17:13.0078 1236 AmdK7 (5e8eb512f516247e8c1b96a9dcab6c9c) C:\WINDOWS\system32\DRIVERS\amdk7.sys 22:17:13.0093 1236 AmdK7 - ok 22:17:13.0125 1236 amsint - ok 22:17:13.0203 1236 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 22:17:13.0218 1236 AppMgmt - ok 22:17:13.0281 1236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:17:13.0281 1236 Arp1394 - ok 22:17:13.0296 1236 asc - ok 22:17:13.0312 1236 asc3350p - ok 22:17:13.0328 1236 asc3550 - ok 22:17:13.0562 1236 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:17:13.0562 1236 aspnet_state - ok 22:17:13.0625 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:17:13.0625 1236 AsyncMac - ok 22:17:13.0671 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:17:13.0671 1236 atapi - ok 22:17:13.0703 1236 Atdisk - ok 22:17:13.0781 1236 ati2mtag (9d888490786f4c3b3e2a81492967a403) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 22:17:13.0843 1236 ati2mtag - ok 22:17:14.0140 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:17:14.0156 1236 Atmarpc - ok 22:17:14.0187 1236 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 22:17:14.0203 1236 AudioSrv - ok 22:17:14.0281 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:17:14.0281 1236 audstub - ok 22:17:14.0953 1236 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe 22:17:15.0218 1236 AVGIDSAgent - ok 22:17:15.0453 1236 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 22:17:15.0468 1236 AVGIDSDriver - ok 22:17:15.0484 1236 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 22:17:15.0484 1236 AVGIDSFilter - ok 22:17:15.0515 1236 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys 22:17:15.0531 1236 AVGIDSHX - ok 22:17:15.0562 1236 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 22:17:15.0562 1236 AVGIDSShim - ok 22:17:15.0718 1236 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 22:17:15.0734 1236 Avgldx86 - ok 22:17:15.0781 1236 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 22:17:15.0781 1236 Avgmfx86 - ok 22:17:15.0812 1236 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 22:17:15.0812 1236 Avgrkx86 - ok 22:17:15.0875 1236 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 22:17:15.0875 1236 Avgtdix - ok 22:17:16.0015 1236 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 22:17:16.0031 1236 avgwd - ok 22:17:16.0078 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:17:16.0078 1236 Beep - ok 22:17:16.0156 1236 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 22:17:16.0218 1236 BITS - ok 22:17:16.0296 1236 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 22:17:16.0312 1236 Browser - ok 22:17:16.0312 1236 catchme - ok 22:17:16.0375 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:17:16.0390 1236 cbidf2k - ok 22:17:16.0406 1236 cd20xrnt - ok 22:17:16.0468 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:17:16.0468 1236 Cdaudio - ok 22:17:16.0531 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:17:16.0531 1236 Cdfs - ok 22:17:16.0593 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:17:16.0593 1236 Cdrom - ok 22:17:16.0609 1236 Changer - ok 22:17:16.0656 1236 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 22:17:16.0656 1236 CiSvc - ok 22:17:16.0796 1236 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 22:17:16.0796 1236 ClipSrv - ok 22:17:16.0937 1236 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:17:16.0968 1236 clr_optimization_v2.0.50727_32 - ok 22:17:17.0015 1236 CmdIde - ok 22:17:17.0218 1236 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys 22:17:17.0296 1236 cmuda - ok 22:17:17.0328 1236 COMSysApp - ok 22:17:17.0375 1236 Cpqarray - ok 22:17:17.0437 1236 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 22:17:17.0453 1236 CryptSvc - ok 22:17:17.0468 1236 dac2w2k - ok 22:17:17.0500 1236 dac960nt - ok 22:17:17.0625 1236 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 22:17:17.0656 1236 DcomLaunch - ok 22:17:17.0718 1236 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 22:17:17.0734 1236 Dhcp - ok 22:17:17.0765 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:17:17.0765 1236 Disk - ok 22:17:17.0781 1236 dmadmin - ok 22:17:17.0921 1236 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 22:17:17.0968 1236 dmboot - ok 22:17:18.0031 1236 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\DRIVERS\dmio.sys 22:17:18.0046 1236 dmio - ok 22:17:18.0078 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:17:18.0078 1236 dmload - ok 22:17:18.0125 1236 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 22:17:18.0125 1236 dmserver - ok 22:17:18.0203 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:17:18.0218 1236 DMusic - ok 22:17:18.0296 1236 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 22:17:18.0296 1236 Dnscache - ok 22:17:18.0359 1236 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 22:17:18.0375 1236 Dot3svc - ok 22:17:18.0390 1236 dpti2o - ok 22:17:18.0453 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:17:18.0453 1236 drmkaud - ok 22:17:18.0500 1236 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 22:17:18.0500 1236 EapHost - ok 22:17:18.0562 1236 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 22:17:18.0562 1236 EL90XBC - ok 22:17:18.0640 1236 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 22:17:18.0640 1236 ERSvc - ok 22:17:18.0687 1236 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys 22:17:18.0687 1236 es1371 - ok 22:17:18.0750 1236 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 22:17:18.0765 1236 Eventlog - ok 22:17:18.0828 1236 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 22:17:18.0843 1236 EventSystem - ok 22:17:19.0000 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:17:19.0000 1236 Fastfat - ok 22:17:19.0062 1236 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 22:17:19.0078 1236 FastUserSwitchingCompatibility - ok 22:17:19.0140 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:17:19.0140 1236 Fdc - ok 22:17:19.0187 1236 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 22:17:19.0187 1236 Fips - ok 22:17:19.0218 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:17:19.0218 1236 Flpydisk - ok 22:17:19.0281 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:17:19.0281 1236 FltMgr - ok 22:17:19.0421 1236 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:17:19.0421 1236 FontCache3.0.0.0 - ok 22:17:19.0484 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:17:19.0484 1236 Fs_Rec - ok 22:17:19.0515 1236 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:17:19.0531 1236 Ftdisk - ok 22:17:19.0593 1236 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 22:17:19.0593 1236 gameenum - ok 22:17:19.0609 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:17:19.0609 1236 Gpc - ok 22:17:19.0765 1236 gupdate1c9b07f434ddce2 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:17:19.0781 1236 gupdate1c9b07f434ddce2 - ok 22:17:19.0812 1236 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:17:19.0812 1236 gupdatem - ok 22:17:19.0890 1236 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:17:19.0906 1236 helpsvc - ok 22:17:19.0921 1236 HidServ - ok 22:17:20.0000 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:17:20.0000 1236 HidUsb - ok 22:17:20.0093 1236 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 22:17:20.0109 1236 hkmsvc - ok 22:17:20.0125 1236 hpn - ok 22:17:20.0234 1236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 22:17:20.0234 1236 HPZid412 - ok 22:17:20.0250 1236 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 22:17:20.0250 1236 HPZipr12 - ok 22:17:20.0281 1236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 22:17:20.0281 1236 HPZius12 - ok 22:17:20.0359 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:17:20.0375 1236 HTTP - ok 22:17:20.0437 1236 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 22:17:20.0453 1236 HTTPFilter - ok 22:17:20.0468 1236 i2omgmt - ok 22:17:20.0484 1236 i2omp - ok 22:17:20.0515 1236 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:17:20.0531 1236 i8042prt - ok 22:17:20.0625 1236 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:17:20.0671 1236 idsvc - ok 22:17:20.0718 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:17:20.0734 1236 Imapi - ok 22:17:20.0765 1236 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 22:17:20.0781 1236 ImapiService - ok 22:17:20.0812 1236 ini910u - ok 22:17:20.0875 1236 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 22:17:20.0875 1236 IntelIde - ok 22:17:20.0953 1236 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:17:20.0953 1236 intelppm - ok 22:17:21.0000 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:17:21.0000 1236 Ip6Fw - ok 22:17:21.0031 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:17:21.0046 1236 IpFilterDriver - ok 22:17:21.0062 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:17:21.0078 1236 IpInIp - ok 22:17:21.0187 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:17:21.0203 1236 IpNat - ok 22:17:21.0265 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:17:21.0281 1236 IPSec - ok 22:17:21.0328 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:17:21.0328 1236 IRENUM - ok 22:17:21.0406 1236 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:17:21.0406 1236 isapnp - ok 22:17:21.0609 1236 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 22:17:21.0625 1236 JavaQuickStarterService - ok 22:17:21.0687 1236 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:17:21.0687 1236 Kbdclass - ok 22:17:21.0750 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:17:21.0765 1236 kmixer - ok 22:17:21.0828 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:17:21.0828 1236 KSecDD - ok 22:17:21.0875 1236 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 22:17:21.0890 1236 lanmanserver - ok 22:17:21.0968 1236 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 22:17:21.0968 1236 lanmanworkstation - ok 22:17:22.0000 1236 lbrtfdc - ok 22:17:22.0078 1236 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 22:17:22.0093 1236 LmHosts - ok 22:17:22.0140 1236 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 22:17:22.0140 1236 Messenger - ok 22:17:22.0296 1236 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 22:17:22.0296 1236 Microsoft Office Groove Audit Service - ok 22:17:22.0343 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:17:22.0343 1236 mnmdd - ok 22:17:22.0406 1236 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 22:17:22.0406 1236 mnmsrvc - ok 22:17:22.0453 1236 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 22:17:22.0453 1236 Modem - ok 22:17:22.0484 1236 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:17:22.0484 1236 Mouclass - ok 22:17:22.0546 1236 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:17:22.0546 1236 mouhid - ok 22:17:22.0609 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:17:22.0609 1236 MountMgr - ok 22:17:22.0656 1236 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 22:17:22.0671 1236 MozillaMaintenance - ok 22:17:22.0687 1236 mraid35x - ok 22:17:22.0734 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:17:22.0750 1236 MRxDAV - ok 22:17:22.0843 1236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:17:22.0890 1236 MRxSmb - ok 22:17:23.0546 1236 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 22:17:23.0546 1236 MSDTC - ok 22:17:23.0609 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:17:23.0625 1236 Msfs - ok 22:17:23.0640 1236 MSIServer - ok 22:17:23.0687 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:17:23.0687 1236 MSKSSRV - ok 22:17:23.0718 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:17:23.0718 1236 MSPCLOCK - ok 22:17:23.0734 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:17:23.0734 1236 MSPQM - ok 22:17:23.0781 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:17:23.0781 1236 mssmbios - ok 22:17:23.0843 1236 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 22:17:23.0843 1236 ms_mpu401 - ok 22:17:23.0890 1236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:17:23.0906 1236 Mup - ok 22:17:23.0984 1236 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 22:17:24.0015 1236 napagent - ok 22:17:24.0062 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:17:24.0062 1236 NDIS - ok 22:17:24.0109 1236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:17:24.0109 1236 NdisTapi - ok 22:17:24.0171 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:17:24.0171 1236 Ndisuio - ok 22:17:24.0218 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:17:24.0218 1236 NdisWan - ok 22:17:24.0265 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:17:24.0265 1236 NDProxy - ok 22:17:24.0328 1236 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll 22:17:24.0328 1236 Net Driver HPZ12 - ok 22:17:24.0390 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:17:24.0406 1236 NetBIOS - ok 22:17:24.0437 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:17:24.0437 1236 NetBT - ok 22:17:24.0546 1236 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 22:17:24.0546 1236 NetDDE - ok 22:17:24.0578 1236 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 22:17:24.0578 1236 NetDDEdsdm - ok 22:17:24.0625 1236 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 22:17:24.0640 1236 Netlogon - ok 22:17:24.0703 1236 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 22:17:24.0718 1236 Netman - ok 22:17:24.0828 1236 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:17:24.0843 1236 NetTcpPortSharing - ok 22:17:24.0890 1236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:17:24.0890 1236 NIC1394 - ok 22:17:24.0968 1236 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 22:17:24.0984 1236 Nla - ok 22:17:25.0000 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:17:25.0000 1236 Npfs - ok 22:17:25.0093 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:17:25.0109 1236 Ntfs - ok 22:17:25.0125 1236 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 22:17:25.0140 1236 NtLmSsp - ok 22:17:25.0218 1236 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 22:17:25.0234 1236 NtmsSvc - ok 22:17:25.0281 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:17:25.0281 1236 Null - ok 22:17:25.0437 1236 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:17:25.0515 1236 nv - ok 22:17:25.0859 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:17:25.0890 1236 NwlnkFlt - ok 22:17:25.0921 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:17:25.0921 1236 NwlnkFwd - ok 22:17:26.0031 1236 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:17:26.0046 1236 odserv - ok 22:17:26.0109 1236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:17:26.0109 1236 ohci1394 - ok 22:17:26.0171 1236 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:17:26.0187 1236 ose - ok 22:17:26.0250 1236 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys 22:17:26.0250 1236 P3 - ok 22:17:26.0265 1236 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 22:17:26.0281 1236 Parport - ok 22:17:26.0296 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:17:26.0312 1236 PartMgr - ok 22:17:26.0359 1236 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 22:17:26.0359 1236 ParVdm - ok 22:17:26.0421 1236 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 22:17:26.0421 1236 PCI - ok 22:17:26.0453 1236 PCIDump - ok 22:17:26.0484 1236 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:17:26.0484 1236 PCIIde - ok 22:17:26.0531 1236 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:17:26.0546 1236 Pcmcia - ok 22:17:26.0562 1236 PDCOMP - ok 22:17:26.0593 1236 PDFRAME - ok 22:17:26.0609 1236 PDRELI - ok 22:17:26.0625 1236 PDRFRAME - ok 22:17:26.0656 1236 perc2 - ok 22:17:26.0671 1236 perc2hib - ok 22:17:26.0812 1236 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 22:17:26.0828 1236 PlugPlay - ok 22:17:26.0890 1236 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll 22:17:26.0890 1236 Pml Driver HPZ12 - ok 22:17:26.0937 1236 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 22:17:26.0937 1236 PolicyAgent - ok 22:17:26.0968 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:17:26.0968 1236 PptpMiniport - ok 22:17:26.0984 1236 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 22:17:27.0000 1236 ProtectedStorage - ok 22:17:27.0015 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:17:27.0015 1236 PSched - ok 22:17:27.0062 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:17:27.0062 1236 Ptilink - ok 22:17:27.0078 1236 ql1080 - ok 22:17:27.0093 1236 Ql10wnt - ok 22:17:27.0125 1236 ql12160 - ok 22:17:27.0140 1236 ql1240 - ok 22:17:27.0171 1236 ql1280 - ok 22:17:27.0203 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:17:27.0203 1236 RasAcd - ok 22:17:27.0265 1236 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 22:17:27.0281 1236 RasAuto - ok 22:17:27.0343 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:17:27.0343 1236 Rasl2tp - ok 22:17:27.0406 1236 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 22:17:27.0421 1236 RasMan - ok 22:17:27.0468 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:17:27.0468 1236 RasPppoe - ok 22:17:27.0484 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:17:27.0500 1236 Raspti - ok 22:17:27.0562 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:17:27.0578 1236 Rdbss - ok 22:17:27.0625 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:17:27.0625 1236 RDPCDD - ok 22:17:27.0687 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:17:27.0703 1236 rdpdr - ok 22:17:27.0765 1236 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 22:17:27.0828 1236 RDPWD - ok 22:17:27.0921 1236 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 22:17:27.0953 1236 RDSessMgr - ok 22:17:27.0984 1236 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:17:28.0000 1236 redbook - ok 22:17:28.0046 1236 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 22:17:28.0046 1236 RemoteAccess - ok 22:17:28.0093 1236 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 22:17:28.0093 1236 RemoteRegistry - ok 22:17:28.0140 1236 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 22:17:28.0140 1236 RpcLocator - ok 22:17:28.0218 1236 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 22:17:28.0234 1236 RpcSs - ok 22:17:28.0281 1236 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 22:17:28.0296 1236 RSVP - ok 22:17:28.0343 1236 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 22:17:28.0343 1236 rtl8139 - ok 22:17:28.0390 1236 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 22:17:28.0390 1236 SamSs - ok 22:17:28.0453 1236 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 22:17:28.0468 1236 SCardSvr - ok 22:17:28.0546 1236 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 22:17:28.0562 1236 Schedule - ok 22:17:28.0640 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:17:28.0640 1236 Secdrv - ok 22:17:28.0687 1236 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 22:17:28.0687 1236 seclogon - ok 22:17:28.0718 1236 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 22:17:28.0718 1236 SENS - ok 22:17:28.0765 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:17:28.0765 1236 serenum - ok 22:17:28.0796 1236 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 22:17:28.0796 1236 Serial - ok 22:17:28.0875 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:17:28.0890 1236 Sfloppy - ok 22:17:29.0015 1236 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 22:17:29.0031 1236 SharedAccess - ok 22:17:29.0078 1236 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 22:17:29.0078 1236 ShellHWDetection - ok 22:17:29.0109 1236 Simbad - ok 22:17:29.0140 1236 Sparrow - ok 22:17:29.0203 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:17:29.0203 1236 splitter - ok 22:17:29.0265 1236 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 22:17:29.0265 1236 Spooler - ok 22:17:29.0296 1236 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 22:17:29.0312 1236 sr - ok 22:17:29.0359 1236 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 22:17:29.0375 1236 srservice - ok 22:17:29.0453 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:17:29.0500 1236 Srv - ok 22:17:29.0546 1236 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 22:17:29.0562 1236 SSDPSRV - ok 22:17:29.0609 1236 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 22:17:29.0640 1236 stisvc - ok 22:17:29.0687 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:17:29.0687 1236 swenum - ok 22:17:29.0750 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:17:29.0750 1236 swmidi - ok 22:17:29.0781 1236 SwPrv - ok 22:17:29.0812 1236 symc810 - ok 22:17:29.0843 1236 symc8xx - ok 22:17:29.0859 1236 sym_hi - ok 22:17:29.0875 1236 sym_u3 - ok 22:17:30.0046 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:17:30.0078 1236 sysaudio - ok 22:17:30.0140 1236 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 22:17:30.0156 1236 SysmonLog - ok 22:17:30.0187 1236 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 22:17:30.0203 1236 TapiSrv - ok 22:17:30.0265 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:17:30.0281 1236 Tcpip - ok 22:17:30.0328 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:17:30.0359 1236 TDPIPE - ok 22:17:30.0390 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:17:30.0390 1236 TDTCP - ok 22:17:30.0421 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:17:30.0421 1236 TermDD - ok 22:17:30.0515 1236 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 22:17:30.0531 1236 TermService - ok 22:17:30.0593 1236 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 22:17:30.0593 1236 Themes - ok 22:17:30.0656 1236 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 22:17:30.0656 1236 TlntSvr - ok 22:17:30.0671 1236 TosIde - ok 22:17:30.0718 1236 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 22:17:30.0718 1236 TrkWks - ok 22:17:30.0765 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:17:30.0765 1236 Udfs - ok 22:17:30.0796 1236 ultra - ok 22:17:30.0859 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:17:30.0875 1236 Update - ok 22:17:30.0937 1236 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 22:17:30.0953 1236 upnphost - ok 22:17:30.0984 1236 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 22:17:31.0000 1236 UPS - ok 22:17:31.0125 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:17:31.0140 1236 usbccgp - ok 22:17:31.0203 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:17:31.0218 1236 usbehci - ok 22:17:31.0250 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:17:31.0250 1236 usbhub - ok 22:17:31.0281 1236 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 22:17:31.0281 1236 usbohci - ok 22:17:31.0312 1236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:17:31.0312 1236 usbprint - ok 22:17:31.0359 1236 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:17:31.0359 1236 usbstor - ok 22:17:31.0390 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:17:31.0390 1236 usbuhci - ok 22:17:31.0437 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:17:31.0437 1236 VgaSave - ok 22:17:31.0500 1236 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 22:17:31.0515 1236 viaagp - ok 22:17:31.0562 1236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:17:31.0562 1236 ViaIde - ok 22:17:31.0609 1236 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys 22:17:31.0609 1236 VIAudio - ok 22:17:31.0671 1236 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 22:17:31.0671 1236 VolSnap - ok 22:17:31.0734 1236 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 22:17:31.0750 1236 VSS - ok 22:17:31.0968 1236 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe 22:17:32.0000 1236 vToolbarUpdater10.2.0 - ok 22:17:32.0062 1236 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 22:17:32.0078 1236 W32Time - ok 22:17:32.0187 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:17:32.0187 1236 Wanarp - ok 22:17:32.0296 1236 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 22:17:32.0312 1236 Wdf01000 - ok 22:17:32.0343 1236 WDICA - ok 22:17:32.0406 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:17:32.0421 1236 wdmaud - ok 22:17:32.0453 1236 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 22:17:32.0468 1236 WebClient - ok 22:17:32.0578 1236 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 22:17:32.0578 1236 WinDefend - ok 22:17:32.0671 1236 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:17:32.0671 1236 winmgmt - ok 22:17:32.0734 1236 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 22:17:32.0750 1236 WmdmPmSN - ok 22:17:32.0828 1236 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 22:17:32.0859 1236 Wmi - ok 22:17:32.0921 1236 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:17:32.0937 1236 WmiApSrv - ok 22:17:33.0281 1236 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 22:17:33.0343 1236 WMPNetworkSvc - ok 22:17:33.0500 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 22:17:33.0500 1236 WpdUsb - ok 22:17:33.0546 1236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:17:33.0562 1236 WS2IFSL - ok 22:17:33.0609 1236 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 22:17:33.0609 1236 wscsvc - ok 22:17:33.0656 1236 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 22:17:33.0671 1236 wuauserv - ok 22:17:33.0734 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:17:33.0734 1236 WudfPf - ok 22:17:33.0781 1236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:17:33.0781 1236 WudfRd - ok 22:17:33.0828 1236 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 22:17:33.0843 1236 WudfSvc - ok 22:17:33.0921 1236 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 22:17:33.0968 1236 WZCSVC - ok 22:17:34.0046 1236 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 22:17:34.0062 1236 xmlprov - ok 22:17:34.0093 1236 xpsec - ok 22:17:34.0140 1236 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 22:17:34.0140 1236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 22:17:34.0140 1236 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 22:17:34.0156 1236 Boot (0x1200) (27660904e3d4dff787d08d4974204375) \Device\Harddisk0\DR0\Partition0 22:17:34.0156 1236 \Device\Harddisk0\DR0\Partition0 - ok 22:17:34.0171 1236 ============================================================ 22:17:34.0171 1236 Scan finished 22:17:34.0171 1236 ============================================================ 22:17:34.0218 3764 Detected object count: 1 22:17:34.0218 3764 Actual detected object count: 1 22:17:51.0359 3764 \Device\Harddisk0\DR0\# - copied to quarantine 22:17:51.0359 3764 \Device\Harddisk0\DR0 - copied to quarantine 22:17:51.0406 3764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot 22:17:51.0437 3764 \Device\Harddisk0\DR0 - ok 22:17:51.0437 3764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 22:17:57.0312 1064 Deinitialize success Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:34:08, on 23-5-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17109) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221638488613 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221642580684 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate1c9b07f434ddce2) (gupdate1c9b07f434ddce2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- End of file - 8944 bytes -
Diverse Trojaans paard bedreigingen
vannie1981 plaatste een topic in Archief Bestrijding malware & virussen
Hallo, ik ben met de computer van mijn oom bezig die helemaal niets meer deed en ben redelijk ver gekomen om alles weer te fixen. Alleen nu heb ik wanneer ik scan (AVG FREE 2012) nog steeds last van trojaanse paarden die uiteraard niet verwijdert kunnen worden door AVG. Heb al van alles geprobeerd maar kom niet verder. Blijf nu elke keer steken op zo'n 50 bedreigingen waarvan dan ongeveer de helft niet verwijdert wordt. Wie kan mij helpen? Hieronder mijn hijackthis logfile. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:40:10, on 23-5-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17109) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221638488613 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221642580684 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate1c9b07f434ddce2) (gupdate1c9b07f434ddce2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- End of file - 9013 bytes
