Ga naar inhoud

Diverse Trojaans paard bedreigingen

vannie1981
 Delen

Aanbevolen berichten

vannie1981 Groentje

vannie1981

Geplaatst:
Geplaatst: (aangepast)

Hallo,

ik ben met de computer van mijn oom bezig die helemaal niets meer deed en ben redelijk ver gekomen om alles weer te fixen.

Alleen nu heb ik wanneer ik scan (AVG FREE 2012) nog steeds last van trojaanse paarden die uiteraard niet verwijdert kunnen worden door AVG.

Heb al van alles geprobeerd maar kom niet verder. Blijf nu elke keer steken op zo'n 50 bedreigingen waarvan dan ongeveer de helft niet verwijdert wordt.

Wie kan mij helpen?

Hieronder mijn hijackthis logfile.

Alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:40:10, on 23-5-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17109)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221638488613

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221642580684

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate1c9b07f434ddce2) (gupdate1c9b07f434ddce2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--

End of file - 9013 bytes

aangepast door vannie1981
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Babylon Search 54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search 54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={ searchTerms}

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
vannie1981 Groentje

vannie1981

Geplaatst:
  • Auteur
Geplaatst:

Bij deze.....

22:16:50.0265 0404 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

22:16:50.0406 0404 ============================================================

22:16:50.0406 0404 Current date / time: 2012/05/23 22:16:50.0406

22:16:50.0406 0404 SystemInfo:

22:16:50.0406 0404

22:16:50.0406 0404 OS Version: 5.1.2600 ServicePack: 3.0

22:16:50.0406 0404 Product type: Workstation

22:16:50.0406 0404 ComputerName: DRIESHERMA

22:16:50.0406 0404 UserName: Gebruiker

22:16:50.0406 0404 Windows directory: C:\WINDOWS

22:16:50.0406 0404 System windows directory: C:\WINDOWS

22:16:50.0406 0404 Processor architecture: Intel x86

22:16:50.0406 0404 Number of processors: 1

22:16:50.0406 0404 Page size: 0x1000

22:16:50.0406 0404 Boot type: Normal boot

22:16:50.0406 0404 ============================================================

22:16:53.0281 0404 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:16:53.0281 0404 ============================================================

22:16:53.0281 0404 \Device\Harddisk0\DR0:

22:16:53.0281 0404 MBR partitions:

22:16:53.0281 0404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1

22:16:53.0281 0404 ============================================================

22:16:53.0328 0404 C: <-> \Device\Harddisk0\DR0\Partition0

22:16:53.0328 0404 ============================================================

22:16:53.0328 0404 Initialize success

22:16:53.0328 0404 ============================================================

22:17:11.0625 1236 ============================================================

22:17:11.0625 1236 Scan started

22:17:11.0625 1236 Mode: Manual;

22:17:11.0625 1236 ============================================================

22:17:12.0296 1236 Abiosdsk - ok

22:17:12.0312 1236 abp480n5 - ok

22:17:12.0375 1236 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys

22:17:12.0453 1236 ACEDRV07 - ok

22:17:12.0546 1236 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:17:12.0546 1236 ACPI - ok

22:17:12.0593 1236 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:17:12.0593 1236 ACPIEC - ok

22:17:12.0609 1236 adpu160m - ok

22:17:12.0656 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:17:12.0687 1236 aec - ok

22:17:12.0750 1236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:17:12.0765 1236 AFD - ok

22:17:12.0828 1236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

22:17:12.0828 1236 agp440 - ok

22:17:12.0843 1236 Aha154x - ok

22:17:12.0875 1236 aic78u2 - ok

22:17:12.0890 1236 aic78xx - ok

22:17:12.0937 1236 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

22:17:12.0937 1236 Alerter - ok

22:17:13.0000 1236 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

22:17:13.0000 1236 ALG - ok

22:17:13.0015 1236 AliIde - ok

22:17:13.0078 1236 AmdK7 (5e8eb512f516247e8c1b96a9dcab6c9c) C:\WINDOWS\system32\DRIVERS\amdk7.sys

22:17:13.0093 1236 AmdK7 - ok

22:17:13.0125 1236 amsint - ok

22:17:13.0203 1236 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll

22:17:13.0218 1236 AppMgmt - ok

22:17:13.0281 1236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:17:13.0281 1236 Arp1394 - ok

22:17:13.0296 1236 asc - ok

22:17:13.0312 1236 asc3350p - ok

22:17:13.0328 1236 asc3550 - ok

22:17:13.0562 1236 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:17:13.0562 1236 aspnet_state - ok

22:17:13.0625 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:17:13.0625 1236 AsyncMac - ok

22:17:13.0671 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:17:13.0671 1236 atapi - ok

22:17:13.0703 1236 Atdisk - ok

22:17:13.0781 1236 ati2mtag (9d888490786f4c3b3e2a81492967a403) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:17:13.0843 1236 ati2mtag - ok

22:17:14.0140 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:17:14.0156 1236 Atmarpc - ok

22:17:14.0187 1236 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

22:17:14.0203 1236 AudioSrv - ok

22:17:14.0281 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:17:14.0281 1236 audstub - ok

22:17:14.0953 1236 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe

22:17:15.0218 1236 AVGIDSAgent - ok

22:17:15.0453 1236 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

22:17:15.0468 1236 AVGIDSDriver - ok

22:17:15.0484 1236 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

22:17:15.0484 1236 AVGIDSFilter - ok

22:17:15.0515 1236 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys

22:17:15.0531 1236 AVGIDSHX - ok

22:17:15.0562 1236 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

22:17:15.0562 1236 AVGIDSShim - ok

22:17:15.0718 1236 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

22:17:15.0734 1236 Avgldx86 - ok

22:17:15.0781 1236 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

22:17:15.0781 1236 Avgmfx86 - ok

22:17:15.0812 1236 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

22:17:15.0812 1236 Avgrkx86 - ok

22:17:15.0875 1236 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

22:17:15.0875 1236 Avgtdix - ok

22:17:16.0015 1236 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

22:17:16.0031 1236 avgwd - ok

22:17:16.0078 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:17:16.0078 1236 Beep - ok

22:17:16.0156 1236 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

22:17:16.0218 1236 BITS - ok

22:17:16.0296 1236 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

22:17:16.0312 1236 Browser - ok

22:17:16.0312 1236 catchme - ok

22:17:16.0375 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:17:16.0390 1236 cbidf2k - ok

22:17:16.0406 1236 cd20xrnt - ok

22:17:16.0468 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:17:16.0468 1236 Cdaudio - ok

22:17:16.0531 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:17:16.0531 1236 Cdfs - ok

22:17:16.0593 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:17:16.0593 1236 Cdrom - ok

22:17:16.0609 1236 Changer - ok

22:17:16.0656 1236 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

22:17:16.0656 1236 CiSvc - ok

22:17:16.0796 1236 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

22:17:16.0796 1236 ClipSrv - ok

22:17:16.0937 1236 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:17:16.0968 1236 clr_optimization_v2.0.50727_32 - ok

22:17:17.0015 1236 CmdIde - ok

22:17:17.0218 1236 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys

22:17:17.0296 1236 cmuda - ok

22:17:17.0328 1236 COMSysApp - ok

22:17:17.0375 1236 Cpqarray - ok

22:17:17.0437 1236 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

22:17:17.0453 1236 CryptSvc - ok

22:17:17.0468 1236 dac2w2k - ok

22:17:17.0500 1236 dac960nt - ok

22:17:17.0625 1236 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

22:17:17.0656 1236 DcomLaunch - ok

22:17:17.0718 1236 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

22:17:17.0734 1236 Dhcp - ok

22:17:17.0765 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:17:17.0765 1236 Disk - ok

22:17:17.0781 1236 dmadmin - ok

22:17:17.0921 1236 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

22:17:17.0968 1236 dmboot - ok

22:17:18.0031 1236 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\DRIVERS\dmio.sys

22:17:18.0046 1236 dmio - ok

22:17:18.0078 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:17:18.0078 1236 dmload - ok

22:17:18.0125 1236 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

22:17:18.0125 1236 dmserver - ok

22:17:18.0203 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:17:18.0218 1236 DMusic - ok

22:17:18.0296 1236 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

22:17:18.0296 1236 Dnscache - ok

22:17:18.0359 1236 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

22:17:18.0375 1236 Dot3svc - ok

22:17:18.0390 1236 dpti2o - ok

22:17:18.0453 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:17:18.0453 1236 drmkaud - ok

22:17:18.0500 1236 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

22:17:18.0500 1236 EapHost - ok

22:17:18.0562 1236 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

22:17:18.0562 1236 EL90XBC - ok

22:17:18.0640 1236 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

22:17:18.0640 1236 ERSvc - ok

22:17:18.0687 1236 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys

22:17:18.0687 1236 es1371 - ok

22:17:18.0750 1236 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

22:17:18.0765 1236 Eventlog - ok

22:17:18.0828 1236 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

22:17:18.0843 1236 EventSystem - ok

22:17:19.0000 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:17:19.0000 1236 Fastfat - ok

22:17:19.0062 1236 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

22:17:19.0078 1236 FastUserSwitchingCompatibility - ok

22:17:19.0140 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:17:19.0140 1236 Fdc - ok

22:17:19.0187 1236 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

22:17:19.0187 1236 Fips - ok

22:17:19.0218 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:17:19.0218 1236 Flpydisk - ok

22:17:19.0281 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:17:19.0281 1236 FltMgr - ok

22:17:19.0421 1236 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:17:19.0421 1236 FontCache3.0.0.0 - ok

22:17:19.0484 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:17:19.0484 1236 Fs_Rec - ok

22:17:19.0515 1236 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:17:19.0531 1236 Ftdisk - ok

22:17:19.0593 1236 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

22:17:19.0593 1236 gameenum - ok

22:17:19.0609 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:17:19.0609 1236 Gpc - ok

22:17:19.0765 1236 gupdate1c9b07f434ddce2 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

22:17:19.0781 1236 gupdate1c9b07f434ddce2 - ok

22:17:19.0812 1236 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

22:17:19.0812 1236 gupdatem - ok

22:17:19.0890 1236 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:17:19.0906 1236 helpsvc - ok

22:17:19.0921 1236 HidServ - ok

22:17:20.0000 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:17:20.0000 1236 HidUsb - ok

22:17:20.0093 1236 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

22:17:20.0109 1236 hkmsvc - ok

22:17:20.0125 1236 hpn - ok

22:17:20.0234 1236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

22:17:20.0234 1236 HPZid412 - ok

22:17:20.0250 1236 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

22:17:20.0250 1236 HPZipr12 - ok

22:17:20.0281 1236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:17:20.0281 1236 HPZius12 - ok

22:17:20.0359 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:17:20.0375 1236 HTTP - ok

22:17:20.0437 1236 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

22:17:20.0453 1236 HTTPFilter - ok

22:17:20.0468 1236 i2omgmt - ok

22:17:20.0484 1236 i2omp - ok

22:17:20.0515 1236 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:17:20.0531 1236 i8042prt - ok

22:17:20.0625 1236 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:17:20.0671 1236 idsvc - ok

22:17:20.0718 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:17:20.0734 1236 Imapi - ok

22:17:20.0765 1236 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

22:17:20.0781 1236 ImapiService - ok

22:17:20.0812 1236 ini910u - ok

22:17:20.0875 1236 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys

22:17:20.0875 1236 IntelIde - ok

22:17:20.0953 1236 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:17:20.0953 1236 intelppm - ok

22:17:21.0000 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:17:21.0000 1236 Ip6Fw - ok

22:17:21.0031 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:17:21.0046 1236 IpFilterDriver - ok

22:17:21.0062 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:17:21.0078 1236 IpInIp - ok

22:17:21.0187 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:17:21.0203 1236 IpNat - ok

22:17:21.0265 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:17:21.0281 1236 IPSec - ok

22:17:21.0328 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:17:21.0328 1236 IRENUM - ok

22:17:21.0406 1236 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:17:21.0406 1236 isapnp - ok

22:17:21.0609 1236 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe

22:17:21.0625 1236 JavaQuickStarterService - ok

22:17:21.0687 1236 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:17:21.0687 1236 Kbdclass - ok

22:17:21.0750 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:17:21.0765 1236 kmixer - ok

22:17:21.0828 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:17:21.0828 1236 KSecDD - ok

22:17:21.0875 1236 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

22:17:21.0890 1236 lanmanserver - ok

22:17:21.0968 1236 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

22:17:21.0968 1236 lanmanworkstation - ok

22:17:22.0000 1236 lbrtfdc - ok

22:17:22.0078 1236 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

22:17:22.0093 1236 LmHosts - ok

22:17:22.0140 1236 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll

22:17:22.0140 1236 Messenger - ok

22:17:22.0296 1236 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

22:17:22.0296 1236 Microsoft Office Groove Audit Service - ok

22:17:22.0343 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:17:22.0343 1236 mnmdd - ok

22:17:22.0406 1236 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

22:17:22.0406 1236 mnmsrvc - ok

22:17:22.0453 1236 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

22:17:22.0453 1236 Modem - ok

22:17:22.0484 1236 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:17:22.0484 1236 Mouclass - ok

22:17:22.0546 1236 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:17:22.0546 1236 mouhid - ok

22:17:22.0609 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:17:22.0609 1236 MountMgr - ok

22:17:22.0656 1236 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

22:17:22.0671 1236 MozillaMaintenance - ok

22:17:22.0687 1236 mraid35x - ok

22:17:22.0734 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:17:22.0750 1236 MRxDAV - ok

22:17:22.0843 1236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:17:22.0890 1236 MRxSmb - ok

22:17:23.0546 1236 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

22:17:23.0546 1236 MSDTC - ok

22:17:23.0609 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:17:23.0625 1236 Msfs - ok

22:17:23.0640 1236 MSIServer - ok

22:17:23.0687 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:17:23.0687 1236 MSKSSRV - ok

22:17:23.0718 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:17:23.0718 1236 MSPCLOCK - ok

22:17:23.0734 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:17:23.0734 1236 MSPQM - ok

22:17:23.0781 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:17:23.0781 1236 mssmbios - ok

22:17:23.0843 1236 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

22:17:23.0843 1236 ms_mpu401 - ok

22:17:23.0890 1236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:17:23.0906 1236 Mup - ok

22:17:23.0984 1236 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

22:17:24.0015 1236 napagent - ok

22:17:24.0062 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:17:24.0062 1236 NDIS - ok

22:17:24.0109 1236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:17:24.0109 1236 NdisTapi - ok

22:17:24.0171 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:17:24.0171 1236 Ndisuio - ok

22:17:24.0218 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:17:24.0218 1236 NdisWan - ok

22:17:24.0265 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:17:24.0265 1236 NDProxy - ok

22:17:24.0328 1236 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll

22:17:24.0328 1236 Net Driver HPZ12 - ok

22:17:24.0390 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:17:24.0406 1236 NetBIOS - ok

22:17:24.0437 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:17:24.0437 1236 NetBT - ok

22:17:24.0546 1236 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

22:17:24.0546 1236 NetDDE - ok

22:17:24.0578 1236 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

22:17:24.0578 1236 NetDDEdsdm - ok

22:17:24.0625 1236 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

22:17:24.0640 1236 Netlogon - ok

22:17:24.0703 1236 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

22:17:24.0718 1236 Netman - ok

22:17:24.0828 1236 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:17:24.0843 1236 NetTcpPortSharing - ok

22:17:24.0890 1236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:17:24.0890 1236 NIC1394 - ok

22:17:24.0968 1236 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

22:17:24.0984 1236 Nla - ok

22:17:25.0000 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:17:25.0000 1236 Npfs - ok

22:17:25.0093 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:17:25.0109 1236 Ntfs - ok

22:17:25.0125 1236 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

22:17:25.0140 1236 NtLmSsp - ok

22:17:25.0218 1236 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

22:17:25.0234 1236 NtmsSvc - ok

22:17:25.0281 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:17:25.0281 1236 Null - ok

22:17:25.0437 1236 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:17:25.0515 1236 nv - ok

22:17:25.0859 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:17:25.0890 1236 NwlnkFlt - ok

22:17:25.0921 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:17:25.0921 1236 NwlnkFwd - ok

22:17:26.0031 1236 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:17:26.0046 1236 odserv - ok

22:17:26.0109 1236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:17:26.0109 1236 ohci1394 - ok

22:17:26.0171 1236 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:17:26.0187 1236 ose - ok

22:17:26.0250 1236 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys

22:17:26.0250 1236 P3 - ok

22:17:26.0265 1236 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

22:17:26.0281 1236 Parport - ok

22:17:26.0296 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:17:26.0312 1236 PartMgr - ok

22:17:26.0359 1236 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

22:17:26.0359 1236 ParVdm - ok

22:17:26.0421 1236 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

22:17:26.0421 1236 PCI - ok

22:17:26.0453 1236 PCIDump - ok

22:17:26.0484 1236 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:17:26.0484 1236 PCIIde - ok

22:17:26.0531 1236 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:17:26.0546 1236 Pcmcia - ok

22:17:26.0562 1236 PDCOMP - ok

22:17:26.0593 1236 PDFRAME - ok

22:17:26.0609 1236 PDRELI - ok

22:17:26.0625 1236 PDRFRAME - ok

22:17:26.0656 1236 perc2 - ok

22:17:26.0671 1236 perc2hib - ok

22:17:26.0812 1236 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

22:17:26.0828 1236 PlugPlay - ok

22:17:26.0890 1236 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll

22:17:26.0890 1236 Pml Driver HPZ12 - ok

22:17:26.0937 1236 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

22:17:26.0937 1236 PolicyAgent - ok

22:17:26.0968 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:17:26.0968 1236 PptpMiniport - ok

22:17:26.0984 1236 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

22:17:27.0000 1236 ProtectedStorage - ok

22:17:27.0015 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:17:27.0015 1236 PSched - ok

22:17:27.0062 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:17:27.0062 1236 Ptilink - ok

22:17:27.0078 1236 ql1080 - ok

22:17:27.0093 1236 Ql10wnt - ok

22:17:27.0125 1236 ql12160 - ok

22:17:27.0140 1236 ql1240 - ok

22:17:27.0171 1236 ql1280 - ok

22:17:27.0203 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:17:27.0203 1236 RasAcd - ok

22:17:27.0265 1236 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

22:17:27.0281 1236 RasAuto - ok

22:17:27.0343 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:17:27.0343 1236 Rasl2tp - ok

22:17:27.0406 1236 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

22:17:27.0421 1236 RasMan - ok

22:17:27.0468 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:17:27.0468 1236 RasPppoe - ok

22:17:27.0484 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:17:27.0500 1236 Raspti - ok

22:17:27.0562 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:17:27.0578 1236 Rdbss - ok

22:17:27.0625 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:17:27.0625 1236 RDPCDD - ok

22:17:27.0687 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:17:27.0703 1236 rdpdr - ok

22:17:27.0765 1236 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

22:17:27.0828 1236 RDPWD - ok

22:17:27.0921 1236 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

22:17:27.0953 1236 RDSessMgr - ok

22:17:27.0984 1236 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:17:28.0000 1236 redbook - ok

22:17:28.0046 1236 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

22:17:28.0046 1236 RemoteAccess - ok

22:17:28.0093 1236 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll

22:17:28.0093 1236 RemoteRegistry - ok

22:17:28.0140 1236 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

22:17:28.0140 1236 RpcLocator - ok

22:17:28.0218 1236 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll

22:17:28.0234 1236 RpcSs - ok

22:17:28.0281 1236 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

22:17:28.0296 1236 RSVP - ok

22:17:28.0343 1236 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

22:17:28.0343 1236 rtl8139 - ok

22:17:28.0390 1236 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

22:17:28.0390 1236 SamSs - ok

22:17:28.0453 1236 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

22:17:28.0468 1236 SCardSvr - ok

22:17:28.0546 1236 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

22:17:28.0562 1236 Schedule - ok

22:17:28.0640 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:17:28.0640 1236 Secdrv - ok

22:17:28.0687 1236 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

22:17:28.0687 1236 seclogon - ok

22:17:28.0718 1236 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

22:17:28.0718 1236 SENS - ok

22:17:28.0765 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:17:28.0765 1236 serenum - ok

22:17:28.0796 1236 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

22:17:28.0796 1236 Serial - ok

22:17:28.0875 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:17:28.0890 1236 Sfloppy - ok

22:17:29.0015 1236 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

22:17:29.0031 1236 SharedAccess - ok

22:17:29.0078 1236 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

22:17:29.0078 1236 ShellHWDetection - ok

22:17:29.0109 1236 Simbad - ok

22:17:29.0140 1236 Sparrow - ok

22:17:29.0203 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:17:29.0203 1236 splitter - ok

22:17:29.0265 1236 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

22:17:29.0265 1236 Spooler - ok

22:17:29.0296 1236 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

22:17:29.0312 1236 sr - ok

22:17:29.0359 1236 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

22:17:29.0375 1236 srservice - ok

22:17:29.0453 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:17:29.0500 1236 Srv - ok

22:17:29.0546 1236 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

22:17:29.0562 1236 SSDPSRV - ok

22:17:29.0609 1236 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

22:17:29.0640 1236 stisvc - ok

22:17:29.0687 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:17:29.0687 1236 swenum - ok

22:17:29.0750 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:17:29.0750 1236 swmidi - ok

22:17:29.0781 1236 SwPrv - ok

22:17:29.0812 1236 symc810 - ok

22:17:29.0843 1236 symc8xx - ok

22:17:29.0859 1236 sym_hi - ok

22:17:29.0875 1236 sym_u3 - ok

22:17:30.0046 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:17:30.0078 1236 sysaudio - ok

22:17:30.0140 1236 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

22:17:30.0156 1236 SysmonLog - ok

22:17:30.0187 1236 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

22:17:30.0203 1236 TapiSrv - ok

22:17:30.0265 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:17:30.0281 1236 Tcpip - ok

22:17:30.0328 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:17:30.0359 1236 TDPIPE - ok

22:17:30.0390 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:17:30.0390 1236 TDTCP - ok

22:17:30.0421 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:17:30.0421 1236 TermDD - ok

22:17:30.0515 1236 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

22:17:30.0531 1236 TermService - ok

22:17:30.0593 1236 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

22:17:30.0593 1236 Themes - ok

22:17:30.0656 1236 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe

22:17:30.0656 1236 TlntSvr - ok

22:17:30.0671 1236 TosIde - ok

22:17:30.0718 1236 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

22:17:30.0718 1236 TrkWks - ok

22:17:30.0765 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:17:30.0765 1236 Udfs - ok

22:17:30.0796 1236 ultra - ok

22:17:30.0859 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:17:30.0875 1236 Update - ok

22:17:30.0937 1236 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

22:17:30.0953 1236 upnphost - ok

22:17:30.0984 1236 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

22:17:31.0000 1236 UPS - ok

22:17:31.0125 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:17:31.0140 1236 usbccgp - ok

22:17:31.0203 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:17:31.0218 1236 usbehci - ok

22:17:31.0250 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:17:31.0250 1236 usbhub - ok

22:17:31.0281 1236 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

22:17:31.0281 1236 usbohci - ok

22:17:31.0312 1236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:17:31.0312 1236 usbprint - ok

22:17:31.0359 1236 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:17:31.0359 1236 usbstor - ok

22:17:31.0390 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:17:31.0390 1236 usbuhci - ok

22:17:31.0437 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:17:31.0437 1236 VgaSave - ok

22:17:31.0500 1236 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:17:31.0515 1236 viaagp - ok

22:17:31.0562 1236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:17:31.0562 1236 ViaIde - ok

22:17:31.0609 1236 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys

22:17:31.0609 1236 VIAudio - ok

22:17:31.0671 1236 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

22:17:31.0671 1236 VolSnap - ok

22:17:31.0734 1236 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

22:17:31.0750 1236 VSS - ok

22:17:31.0968 1236 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

22:17:32.0000 1236 vToolbarUpdater10.2.0 - ok

22:17:32.0062 1236 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

22:17:32.0078 1236 W32Time - ok

22:17:32.0187 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:17:32.0187 1236 Wanarp - ok

22:17:32.0296 1236 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

22:17:32.0312 1236 Wdf01000 - ok

22:17:32.0343 1236 WDICA - ok

22:17:32.0406 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:17:32.0421 1236 wdmaud - ok

22:17:32.0453 1236 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

22:17:32.0468 1236 WebClient - ok

22:17:32.0578 1236 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe

22:17:32.0578 1236 WinDefend - ok

22:17:32.0671 1236 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:17:32.0671 1236 winmgmt - ok

22:17:32.0734 1236 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

22:17:32.0750 1236 WmdmPmSN - ok

22:17:32.0828 1236 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll

22:17:32.0859 1236 Wmi - ok

22:17:32.0921 1236 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:17:32.0937 1236 WmiApSrv - ok

22:17:33.0281 1236 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe

22:17:33.0343 1236 WMPNetworkSvc - ok

22:17:33.0500 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

22:17:33.0500 1236 WpdUsb - ok

22:17:33.0546 1236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:17:33.0562 1236 WS2IFSL - ok

22:17:33.0609 1236 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

22:17:33.0609 1236 wscsvc - ok

22:17:33.0656 1236 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

22:17:33.0671 1236 wuauserv - ok

22:17:33.0734 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:17:33.0734 1236 WudfPf - ok

22:17:33.0781 1236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:17:33.0781 1236 WudfRd - ok

22:17:33.0828 1236 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

22:17:33.0843 1236 WudfSvc - ok

22:17:33.0921 1236 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

22:17:33.0968 1236 WZCSVC - ok

22:17:34.0046 1236 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

22:17:34.0062 1236 xmlprov - ok

22:17:34.0093 1236 xpsec - ok

22:17:34.0140 1236 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0

22:17:34.0140 1236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

22:17:34.0140 1236 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

22:17:34.0156 1236 Boot (0x1200) (27660904e3d4dff787d08d4974204375) \Device\Harddisk0\DR0\Partition0

22:17:34.0156 1236 \Device\Harddisk0\DR0\Partition0 - ok

22:17:34.0171 1236 ============================================================

22:17:34.0171 1236 Scan finished

22:17:34.0171 1236 ============================================================

22:17:34.0218 3764 Detected object count: 1

22:17:34.0218 3764 Actual detected object count: 1

22:17:51.0359 3764 \Device\Harddisk0\DR0\# - copied to quarantine

22:17:51.0359 3764 \Device\Harddisk0\DR0 - copied to quarantine

22:17:51.0406 3764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

22:17:51.0437 3764 \Device\Harddisk0\DR0 - ok

22:17:51.0437 3764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

22:17:57.0312 1064 Deinitialize success

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:34:08, on 23-5-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17109)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=NL&userid=54eeabec-52b7-4f1e-ab57-71327ff6edb9&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221638488613

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221642580684

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate1c9b07f434ddce2) (gupdate1c9b07f434ddce2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--

End of file - 8944 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites
vannie1981 Groentje

vannie1981

Geplaatst:
  • Auteur
Geplaatst:

Zo, die scan duurde zeker lang.

Hierbij het rapportje:

Emsisoft Emergency Kit - Versie 1.0

Laatste Update: 24-5-2012 15:04:21

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 24-5-2012 15:08:36

c:\windows\system32\TVUAx\libcurl.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\libeay32.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\libexpatw.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\npTVUAx.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\ssleay32.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\zlib1.dll Ontdekt: Trace.File.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> HelpText Ontdekt: Trace.Registry.SEO Toolbar!A2

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> MenuText Ontdekt: Trace.Registry.SEO Toolbar!A2

Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.dl.tvunetworks.com!A2

C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\download.zip/Tibia.exe Ontdekt: Virus.Win32.Virut!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\Tibia.exe Ontdekt: Virus.Win32.Virut!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.rar/1.da_ Ontdekt: Trojan.Agent!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.zip/1.da_ Ontdekt: Trojan.Agent!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\Tibia Loader.rar/loader\updater.exe Ontdekt: Trojan-Dropper.Agent!IK

C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\cnet2_RegpairSetup_exe.exe Ontdekt: Riskware.Win32.InstallCore.AMN!A2

C:\Documents and Settings\Gebruiker\Mijn documenten\ipchanger\2.da_ Ontdekt: Trojan.Win32.Spy.45056.Y!A2

C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\loader(1).exe Ontdekt: Trojan-Dropper.Delf!IK

C:\Muziek\bestanden 2 november 2007\Dries Heringa\DRIES HERINGA\Mijn afbeeldingen\Neverland.exe Ontdekt: Trojan.Win32.GameServer.AMN!A2

C:\Muziek\My downloads\BSINSTALLNL.exe Ontdekt: Riskware.AdWare.Win32.SaveNow!IK

C:\Muziek\White Stars Universe Twisters Full.wma Ontdekt: Trojan-Downloader.ASX.Wimad!IK

C:\Program Files\TibiaBot NG\loader\apps\hook.dll Ontdekt: Trojan.ATRAPS!IK

C:\Program Files\TibiaBot NG\loader\apps\tibia831\download.zip/Tibia.exe Ontdekt: Virus.Win32.Virut!IK

C:\Program Files\TibiaBot NG\loader\apps\tibia831\Tibia.exe Ontdekt: Virus.Win32.Virut!IK

C:\Program Files\TibiaBot NG\loader\ipchanger.rar/1.da_ Ontdekt: Trojan.Agent!IK

C:\Program Files\TibiaBot NG\loader\ipchanger.zip/1.da_ Ontdekt: Trojan.Agent!IK

C:\Program Files\TibiaBot NG\loader\loader.exe Ontdekt: Trojan-Dropper.Win32.VB!IK

C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader\updater.exe Ontdekt: Trojan-Dropper.Agent!IK

C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader.exe Ontdekt: Trojan-Dropper.Win32.VB!IK

C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\59AA.A05.vir Ontdekt: Backdoor.Conf!IK

C:\System Volume Information\_restore{090D9B8E-3167-4E9B-B6C4-7EE725F9A4D5}\RP1187\A0288320.exe Ontdekt: Riskware.Hacktool.Nokia!IK

C:\TDSSKiller_Quarantine\23.05.2012_22.16.50\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK

Gescand

Bestanden: 158197

Sporen: 431845

Cookies: 64

Processen: 41

Gevonden

Bestanden: 22

Sporen: 14

Cookies: 0

Processen: 0

Registersleutels: 0

Scan Geëindigd: 24-5-2012 20:10:39

Scantijd: 5:02:03

C:\TDSSKiller_Quarantine\23.05.2012_22.16.50\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK

C:\System Volume Information\_restore{090D9B8E-3167-4E9B-B6C4-7EE725F9A4D5}\RP1187\A0288320.exe Verwijderd Riskware.Hacktool.Nokia!IK

C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\59AA.A05.vir Verwijderd Backdoor.Conf!IK

C:\Program Files\TibiaBot NG\loader\loader.exe Verwijderd Trojan-Dropper.Win32.VB!IK

C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader.exe Verwijderd Trojan-Dropper.Win32.VB!IK

C:\Program Files\TibiaBot NG\loader\apps\hook.dll Verwijderd Trojan.ATRAPS!IK

C:\Muziek\White Stars Universe Twisters Full.wma Verwijderd Trojan-Downloader.ASX.Wimad!IK

C:\Muziek\My downloads\BSINSTALLNL.exe Verwijderd Riskware.AdWare.Win32.SaveNow!IK

C:\Muziek\bestanden 2 november 2007\Dries Heringa\DRIES HERINGA\Mijn afbeeldingen\Neverland.exe Verwijderd Trojan.Win32.GameServer.AMN!A2

C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn ontvangen bestanden\loader(1).exe Verwijderd Trojan-Dropper.Delf!IK

C:\Documents and Settings\Gebruiker\Mijn documenten\ipchanger\2.da_ Verwijderd Trojan.Win32.Spy.45056.Y!A2

C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\cnet2_RegpairSetup_exe.exe Verwijderd Riskware.Win32.InstallCore.AMN!A2

C:\Documents and Settings\Gebruiker\Bureaublad\loader\Tibia Loader.rar/loader\updater.exe Verwijderd Trojan-Dropper.Agent!IK

C:\Program Files\TibiaBot NG\loader\Tibia Loader.rar/loader\updater.exe Verwijderd Trojan-Dropper.Agent!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.rar/1.da_ Verwijderd Trojan.Agent!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\ipchanger.zip/1.da_ Verwijderd Trojan.Agent!IK

C:\Program Files\TibiaBot NG\loader\ipchanger.rar/1.da_ Verwijderd Trojan.Agent!IK

C:\Program Files\TibiaBot NG\loader\ipchanger.zip/1.da_ Verwijderd Trojan.Agent!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\download.zip/Tibia.exe Verwijderd Virus.Win32.Virut!IK

C:\Documents and Settings\Gebruiker\Bureaublad\loader\apps\tibia831\Tibia.exe Verwijderd Virus.Win32.Virut!IK

C:\Program Files\TibiaBot NG\loader\apps\tibia831\download.zip/Tibia.exe Verwijderd Virus.Win32.Virut!IK

C:\Program Files\TibiaBot NG\loader\apps\tibia831\Tibia.exe Verwijderd Virus.Win32.Virut!IK

Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.dl.tvunetworks.com!A2

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> HelpText Verwijderd Trace.Registry.SEO Toolbar!A2

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} --> MenuText Verwijderd Trace.Registry.SEO Toolbar!A2

c:\windows\system32\TVUAx\libcurl.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\libeay32.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\libexpatw.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\npTVUAx.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\ssleay32.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

c:\windows\system32\TVUAx\zlib1.dll Verwijderd Trace.File.dl.tvunetworks.com!A2

Verwijderd

Bestanden: 22

Sporen: 14

Cookies: 0

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dan heb ik - helaas - héél slecht nieuws. Op basis van je logs en je opmerkingen is het duidelijk dat je met een Virut-infectie worstelt. Het infecteert legitieme exe-bestanden, dus ook al je programma's, enz ...

Het slechte nieuws is dat bij een Virut enkel een format en herinstallatie een goede oplossing is, alle andere pogingen zijn een verloren zaak. Lees hierover even dit verhaal :

Spyware

Kortom 80% van de exe-bestanden zijn geïnfecteerd hier. Dus, indien je een backup neemt van je bestanden vooraleer een format en herinstallatie te doen, zorg ervoor dat je geen backup neemt van exe, scr, html, htm, asp, php bestanden, want ook deze zijn allemaal geïnfecteerd.

Succes ermee.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.