Ga naar inhoud

Trojaanse Paard.PWS.AGENT.AUES

Clautje
 Delen

Aanbevolen berichten

Clautje Leerling

Clautje

Geplaatst:
Geplaatst: (aangepast)

Hallo,

Ongeveer een week geleden heb ik mijn computer laten scannen door AVG.

AVG heeft twee virussen gedetecteerd namelijk:

C:\WINDOWS\system32\services.exe (980)";"Trojaans paard PSW.Agent.AUES";"Verwijderd"

C:\WINDOWS\system32\services.exe (980):\memory_01020000";"Trojaans paard PSW.Agent.AUES";"Geïnfecteerd"

Ze komen helaas telkens weer terug tijdens het scannen.

Ik heb verder nog Malwarebytes, Comodo en SUPERAntiSpyware laten scannen, maar die vinden niks.

Mijn computer doet alleen raar als het verbinding met internet heeft, sites laden sloom of helemaal niet.

En soms heeft de computer (met internet) moeite om simple taken als bestanden te openen of die lopen vast.

Misschien ligt dit niet aan de virus, maar het zou fijn zijn als het virus gewoon weg is.

Alvast bedankt voor de tijd en de moeite!:-)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:14:48, on 13-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Comodo\Dragon\dragon_updater.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=Userinit.exe,

O2 - BHO: Windows Live ID Sign-in Helper - {2E3D1754-3855-6CA2-141B-31AE3B884EA8} - C:\WINDOWS\system32\ieakuii.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe

O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 9569 bytes

aangepast door Clautje
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop Giraffic

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete Giraffic

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Windows Live ID Sign-in Helper - {2E3D1754-3855-6CA2-141B-31AE3B884EA8} - C:\WINDOWS\system32\ieakuii.dll (file missing)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (file missing)

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Clautje Leerling

Clautje

Geplaatst:
  • Auteur
Geplaatst:

Met wat moeite heb ikMalwarebytes laten updaten, het heeft weer niks gevonden.

Voor de zekerheid heb ik mijn computer opnieuw laten opstarten.

Weer laten scannen met AVG, maar helaas worden de 2 virussen weer gevonden.

Hier de twee logjes:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.06.14.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

P. van Damm :: ROSALIEN [administrator]

14-6-2012 9:46:22

mbam-log-2012-06-14 (09-46-22).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 201078

Verstreken tijd: 16 minuut/minuten,

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:47:09, on 14-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Comodo\Dragon\dragon_updater.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Program Files\AVG\AVG2012\avgscanx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=Userinit.exe,

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 8809 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Clautje Leerling

Clautje

Geplaatst:
  • Auteur
Geplaatst:

Na heel wat moeite is Microsoft Windows Recovery Console eindelijk geïstalleerd (met het "geweldige" internet), en heb ik Combifix kunnen runnen.

Hier het logje:

ComboFix 12-06-14.01 - P. van Damm 14-06-2012 16:13:11.1.2 - x86

Gestart vanuit: c:\documents and settings\P. van Damm\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\P. van Damm\Application Data\facemoods.com

c:\documents and settings\P. van Damm\Mijn documenten\~WRL0004.tmp

C:\prefs.js

c:\program files\Mozilla Maintenance Service

c:\program files\Mozilla Maintenance Service\maintenanceservice.exe

c:\program files\Mozilla Maintenance Service\Uninstall.exe

c:\program files\Mozilla Maintenance Service\updater.ini

c:\windows\dasetup.log

c:\windows\system32\30763077

c:\windows\system32\c_0037.nls

c:\windows\system32\c_8755.nls

c:\windows\system32\dllcache\avicap32.dll.new

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\taskman.exe.new

c:\windows\system32\geeo.nls

c:\windows\system32\SET45.tmp

c:\windows\wiaservim.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.afd

-------\Service_xcpip

-------\Service_MozillaMaintenance

-------\Service_MozillaMaintenance

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))

.

.

2012-06-14 08:23 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-13 19:14 . 2012-06-13 19:14 388096 ----a-r- c:\documents and settings\P. van Damm\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-13 19:14 . 2012-06-13 19:14 -------- d-----w- c:\program files\Trend Micro

2012-06-12 19:38 . 2012-06-12 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-06-12 19:36 . 2012-06-12 21:57 807920 ----a-w- c:\windows\system32\drivers\sfi.dat

2012-06-12 19:34 . 2012-06-12 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2012-06-12 19:33 . 2012-06-14 12:56 -------- d-----w- c:\program files\Comodo

2012-06-12 19:33 . 2012-06-12 19:33 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-06-11 07:46 . 2012-06-11 07:46 -------- d-----w- c:\documents and settings\P. van Damm\Application Data\Malwarebytes

2012-06-11 07:46 . 2012-06-11 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-06-11 07:46 . 2012-06-11 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-11 07:46 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 18:29 . 2012-06-09 18:29 -------- d-----w- C:\$AVG

2012-06-09 18:16 . 2012-06-09 18:16 -------- d-----w- c:\documents and settings\P. van Damm\Application Data\AVG2012

2012-06-09 18:15 . 2012-06-12 07:06 -------- d-----w- c:\windows\system32\drivers\AVG

2012-06-09 18:15 . 2012-06-09 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-06-09 18:14 . 2012-06-09 18:14 -------- d-----w- c:\program files\AVG

2012-06-07 22:15 . 2012-06-07 22:16 -------- dc-h--w- c:\windows\ie8

2012-06-07 19:53 . 2011-04-30 03:00 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll

2012-05-22 22:44 . 2012-05-22 22:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-05-22 22:44 . 2012-06-09 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-02 13:47 . 2008-07-07 12:13 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-11 13:55 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2006-03-02 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-06-01 15:38 . 2012-06-11 20:32 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"nwiz"="nwiz.exe" [2007-04-20 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Giraffic\\Veoh_Giraffic.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13701:TCP"= 13701:TCP:BitComet 13701 TCP

"13701:UDP"= 13701:UDP:BitComet 13701 UDP

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 6:23 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11-3-2012 21:13 18056]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11-3-2012 21:13 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11-3-2012 21:13 31704]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]

R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7-7-2008 15:12 26272]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S0 ntfrvxo;ntfrvxo;c:\windows\system32\drivers\guen.sys --> c:\windows\system32\drivers\guen.sys [?]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [2-3-2006 14:00 14336]

S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4-10-2011 6:21 16720]

S3 bp5uann.sys;bp5uann.sys;\??\c:\windows\system32\drivers\bp5uann.sys --> c:\windows\system32\drivers\bp5uann.sys [?]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [2-3-2006 14:00 14336]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

.

------- Bijkomende Scan -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

HKCU-Run-ares - c:\program files\Ares\Ares.exe

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-14 16:39

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(992)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(1592)

c:\windows\system32\guard32.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'csrss.exe'(900)

c:\windows\system32\cmdcsr.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-14 16:42:39 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-14 14:42

.

Pre-Run: 20.525.985.792 bytes beschikbaar

Post-Run: 21.133.496.320 bytes beschikbaar

.

- - End Of File - - 763E75AEBDF6FA7E07ABC0DFC17A7909

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Link naar reactie
Delen op andere sites
Clautje Leerling

Clautje

Geplaatst:
  • Auteur
Geplaatst:

Na TDSSKiller de computer te laten scannen heeft AVG geen virussen meer kunnen vinden.

Internet doet weer geheel normaal.

Harstikke bedankt voor de tijd en moeite! Ik zal zeker een bijdrage leveren voor deze top forum:top:

Welke virus scanner kan ik beter gebruiken Avira, Avast of Avg als ik een licentie wil aanvragen?

20:38:22.0890 3892 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46

20:38:22.0937 3892 ============================================================

20:38:22.0937 3892 Current date / time: 2012/06/14 20:38:22.0937

20:38:22.0937 3892 SystemInfo:

20:38:22.0937 3892

20:38:22.0937 3892 OS Version: 5.1.2600 ServicePack: 3.0

20:38:22.0937 3892 Product type: Workstation

20:38:22.0937 3892 ComputerName: ROSALIEN

20:38:22.0937 3892 UserName: P. van Damm

20:38:22.0937 3892 Windows directory: C:\WINDOWS

20:38:22.0937 3892 System windows directory: C:\WINDOWS

20:38:22.0937 3892 Processor architecture: Intel x86

20:38:22.0937 3892 Number of processors: 2

20:38:22.0937 3892 Page size: 0x1000

20:38:22.0937 3892 Boot type: Normal boot

20:38:22.0937 3892 ============================================================

20:38:24.0953 3892 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:38:24.0953 3892 Drive \Device\Harddisk1\DR3 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:38:24.0953 3892 ============================================================

20:38:24.0953 3892 \Device\Harddisk0\DR0:

20:38:24.0953 3892 MBR partitions:

20:38:24.0953 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5EA6D63

20:38:24.0968 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5EA6DE1, BlocksNum 0x173198DF

20:38:24.0968 3892 \Device\Harddisk1\DR3:

20:38:24.0968 3892 MBR partitions:

20:38:24.0968 3892 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080

20:38:24.0968 3892 ============================================================

20:38:25.0000 3892 C: <-> \Device\Harddisk0\DR0\Partition0

20:38:25.0062 3892 D: <-> \Device\Harddisk0\DR0\Partition1

20:38:25.0062 3892 ============================================================

20:38:25.0062 3892 Initialize success

20:38:25.0062 3892 ============================================================

20:38:41.0218 1000 ============================================================

20:38:41.0218 1000 Scan started

20:38:41.0218 1000 Mode: Manual;

20:38:41.0218 1000 ============================================================

20:38:41.0406 1000 Abiosdsk - ok

20:38:41.0421 1000 abp480n5 - ok

20:38:41.0453 1000 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:38:41.0453 1000 ACPI - ok

20:38:41.0484 1000 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:38:41.0515 1000 ACPIEC - ok

20:38:41.0515 1000 adpu160m - ok

20:38:41.0546 1000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:38:41.0546 1000 aec - ok

20:38:41.0578 1000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:38:41.0640 1000 AFD - ok

20:38:41.0656 1000 Aha154x - ok

20:38:41.0656 1000 aic78u2 - ok

20:38:41.0656 1000 aic78xx - ok

20:38:41.0687 1000 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll

20:38:41.0718 1000 Alerter - ok

20:38:41.0734 1000 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe

20:38:41.0734 1000 ALG - ok

20:38:41.0734 1000 AliIde - ok

20:38:41.0734 1000 amsint - ok

20:38:41.0750 1000 AppMgmt - ok

20:38:41.0750 1000 asc - ok

20:38:41.0765 1000 asc3350p - ok

20:38:41.0765 1000 asc3550 - ok

20:38:41.0828 1000 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:38:41.0859 1000 aspnet_state - ok

20:38:41.0875 1000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:38:41.0906 1000 AsyncMac - ok

20:38:41.0921 1000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:38:41.0921 1000 atapi - ok

20:38:41.0921 1000 Atdisk - ok

20:38:41.0953 1000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:38:41.0984 1000 Atmarpc - ok

20:38:42.0000 1000 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll

20:38:42.0015 1000 AudioSrv - ok

20:38:42.0031 1000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:38:42.0062 1000 audstub - ok

20:38:42.0250 1000 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

20:38:42.0281 1000 AVGIDSAgent - ok

20:38:42.0390 1000 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

20:38:42.0406 1000 AVGIDSDriver - ok

20:38:42.0421 1000 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

20:38:42.0421 1000 AVGIDSEH - ok

20:38:42.0437 1000 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

20:38:42.0437 1000 AVGIDSFilter - ok

20:38:42.0437 1000 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

20:38:42.0437 1000 AVGIDSShim - ok

20:38:42.0484 1000 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

20:38:42.0515 1000 Avgldx86 - ok

20:38:42.0546 1000 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

20:38:42.0546 1000 Avgmfx86 - ok

20:38:42.0562 1000 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

20:38:42.0562 1000 Avgrkx86 - ok

20:38:42.0593 1000 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

20:38:42.0609 1000 Avgtdix - ok

20:38:42.0671 1000 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:38:42.0671 1000 avgwd - ok

20:38:42.0703 1000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:38:42.0734 1000 Beep - ok

20:38:42.0765 1000 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe

20:38:42.0765 1000 bgsvcgen - ok

20:38:42.0812 1000 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll

20:38:42.0875 1000 BITS - ok

20:38:42.0875 1000 bp5uann.sys - ok

20:38:42.0890 1000 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

20:38:42.0953 1000 BridgeMP - ok

20:38:42.0984 1000 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll

20:38:43.0000 1000 Browser - ok

20:38:43.0015 1000 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

20:38:43.0046 1000 BrScnUsb - ok

20:38:43.0046 1000 catchme - ok

20:38:43.0078 1000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:38:43.0125 1000 cbidf2k - ok

20:38:43.0156 1000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:38:43.0187 1000 CCDECODE - ok

20:38:43.0203 1000 cd20xrnt - ok

20:38:43.0218 1000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:38:43.0250 1000 Cdaudio - ok

20:38:43.0265 1000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:38:43.0312 1000 Cdfs - ok

20:38:43.0343 1000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:38:43.0375 1000 Cdrom - ok

20:38:43.0375 1000 Changer - ok

20:38:43.0406 1000 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe

20:38:43.0437 1000 CiSvc - ok

20:38:43.0453 1000 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe

20:38:43.0500 1000 ClipSrv - ok

20:38:43.0546 1000 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:38:43.0578 1000 clr_optimization_v2.0.50727_32 - ok

20:38:43.0750 1000 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

20:38:43.0750 1000 cmdAgent - ok

20:38:43.0859 1000 cmderd (0ec8d44534d96776b04c6908e0b5f4b3) C:\WINDOWS\system32\DRIVERS\cmderd.sys

20:38:43.0859 1000 cmderd - ok

20:38:43.0875 1000 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

20:38:43.0890 1000 cmdGuard - ok

20:38:43.0906 1000 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

20:38:43.0906 1000 cmdHlp - ok

20:38:43.0906 1000 CmdIde - ok

20:38:43.0921 1000 COMSysApp - ok

20:38:43.0921 1000 Cpqarray - ok

20:38:43.0968 1000 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll

20:38:43.0968 1000 CryptSvc - ok

20:38:43.0968 1000 dac2w2k - ok

20:38:43.0968 1000 dac960nt - ok

20:38:44.0015 1000 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll

20:38:44.0015 1000 DcomLaunch - ok

20:38:44.0046 1000 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll

20:38:44.0046 1000 Dhcp - ok

20:38:44.0062 1000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:38:44.0093 1000 Disk - ok

20:38:44.0093 1000 dmadmin - ok

20:38:44.0140 1000 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

20:38:44.0218 1000 dmboot - ok

20:38:44.0250 1000 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

20:38:44.0281 1000 dmio - ok

20:38:44.0296 1000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:38:44.0312 1000 dmload - ok

20:38:44.0343 1000 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll

20:38:44.0390 1000 dmserver - ok

20:38:44.0406 1000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:38:44.0406 1000 DMusic - ok

20:38:44.0453 1000 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll

20:38:44.0453 1000 Dnscache - ok

20:38:44.0468 1000 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll

20:38:44.0531 1000 Dot3svc - ok

20:38:44.0531 1000 dpti2o - ok

20:38:44.0562 1000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:38:44.0562 1000 drmkaud - ok

20:38:44.0593 1000 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll

20:38:44.0625 1000 EapHost - ok

20:38:44.0656 1000 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll

20:38:44.0656 1000 ERSvc - ok

20:38:44.0687 1000 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

20:38:44.0687 1000 Eventlog - ok

20:38:44.0718 1000 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll

20:38:44.0734 1000 EventSystem - ok

20:38:44.0765 1000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:38:44.0812 1000 Fastfat - ok

20:38:44.0843 1000 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

20:38:44.0843 1000 FastUserSwitchingCompatibility - ok

20:38:44.0859 1000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:38:44.0921 1000 Fdc - ok

20:38:44.0953 1000 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

20:38:44.0984 1000 Fips - ok

20:38:45.0000 1000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:38:45.0031 1000 Flpydisk - ok

20:38:45.0062 1000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:38:45.0125 1000 FltMgr - ok

20:38:45.0203 1000 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:38:45.0203 1000 FontCache3.0.0.0 - ok

20:38:45.0218 1000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:38:45.0250 1000 Fs_Rec - ok

20:38:45.0265 1000 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:38:45.0328 1000 Ftdisk - ok

20:38:45.0359 1000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:38:45.0390 1000 Gpc - ok

20:38:45.0421 1000 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

20:38:45.0453 1000 GTNDIS5 - ok

20:38:45.0500 1000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:38:45.0500 1000 HDAudBus - ok

20:38:45.0546 1000 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:38:45.0546 1000 helpsvc - ok

20:38:45.0562 1000 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll

20:38:45.0562 1000 HidServ - ok

20:38:45.0609 1000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:38:45.0671 1000 HidUsb - ok

20:38:45.0703 1000 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll

20:38:45.0734 1000 hkmsvc - ok

20:38:45.0734 1000 hpn - ok

20:38:45.0781 1000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:38:45.0796 1000 HTTP - ok

20:38:45.0812 1000 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll

20:38:45.0843 1000 HTTPFilter - ok

20:38:45.0843 1000 i2omgmt - ok

20:38:45.0859 1000 i2omp - ok

20:38:45.0890 1000 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:38:45.0921 1000 i8042prt - ok

20:38:46.0000 1000 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:38:46.0015 1000 idsvc - ok

20:38:46.0031 1000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:38:46.0062 1000 Imapi - ok

20:38:46.0093 1000 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe

20:38:46.0125 1000 ImapiService - ok

20:38:46.0140 1000 ini910u - ok

20:38:46.0171 1000 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys

20:38:46.0187 1000 Inspect - ok

20:38:46.0343 1000 IntcAzAudAddService (74b482f8b2a9ebe8473381a7a58f801d) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:38:46.0437 1000 IntcAzAudAddService - ok

20:38:46.0515 1000 IntelIde - ok

20:38:46.0546 1000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:38:46.0593 1000 Ip6Fw - ok

20:38:46.0593 1000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:38:46.0625 1000 IpFilterDriver - ok

20:38:46.0625 1000 iphlpsvc - ok

20:38:46.0656 1000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:38:46.0671 1000 IpInIp - ok

20:38:46.0687 1000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:38:46.0703 1000 IpNat - ok

20:38:46.0734 1000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:38:46.0734 1000 IPSec - ok

20:38:46.0750 1000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:38:46.0781 1000 IRENUM - ok

20:38:46.0812 1000 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:38:46.0843 1000 isapnp - ok

20:38:46.0953 1000 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe

20:38:46.0953 1000 JavaQuickStarterService - ok

20:38:46.0968 1000 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:38:47.0015 1000 Kbdclass - ok

20:38:47.0046 1000 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:38:47.0078 1000 kbdhid - ok

20:38:47.0109 1000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:38:47.0109 1000 kmixer - ok

20:38:47.0140 1000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:38:47.0234 1000 KSecDD - ok

20:38:47.0265 1000 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll

20:38:47.0281 1000 lanmanserver - ok

20:38:47.0312 1000 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll

20:38:47.0312 1000 lanmanworkstation - ok

20:38:47.0312 1000 lbrtfdc - ok

20:38:47.0359 1000 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll

20:38:47.0359 1000 LmHosts - ok

20:38:47.0359 1000 LVUSBSta - ok

20:38:47.0390 1000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:38:47.0406 1000 mnmdd - ok

20:38:47.0437 1000 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe

20:38:47.0468 1000 mnmsrvc - ok

20:38:47.0500 1000 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

20:38:47.0531 1000 Modem - ok

20:38:47.0546 1000 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:38:47.0578 1000 Mouclass - ok

20:38:47.0625 1000 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:38:47.0640 1000 mouhid - ok

20:38:47.0656 1000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:38:47.0687 1000 MountMgr - ok

20:38:47.0687 1000 mraid35x - ok

20:38:47.0718 1000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:38:47.0718 1000 MRxDAV - ok

20:38:47.0765 1000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:38:47.0875 1000 MRxSmb - ok

20:38:47.0953 1000 MSCSPTISRV (b490bd0678cb6a4890a86020ed106c75) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

20:38:48.0000 1000 MSCSPTISRV - ok

20:38:48.0015 1000 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe

20:38:48.0046 1000 MSDTC - ok

20:38:48.0062 1000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:38:48.0093 1000 Msfs - ok

20:38:48.0093 1000 MSIServer - ok

20:38:48.0125 1000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:38:48.0140 1000 MSKSSRV - ok

20:38:48.0156 1000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:38:48.0156 1000 MSPCLOCK - ok

20:38:48.0171 1000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:38:48.0187 1000 MSPQM - ok

20:38:48.0218 1000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:38:48.0218 1000 mssmbios - ok

20:38:48.0250 1000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:38:48.0281 1000 MSTEE - ok

20:38:48.0312 1000 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

20:38:48.0359 1000 MTsensor - ok

20:38:48.0390 1000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:38:48.0437 1000 Mup - ok

20:38:48.0468 1000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:38:48.0515 1000 NABTSFEC - ok

20:38:48.0546 1000 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll

20:38:48.0593 1000 napagent - ok

20:38:48.0625 1000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:38:48.0640 1000 NDIS - ok

20:38:48.0656 1000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:38:48.0687 1000 NdisIP - ok

20:38:48.0703 1000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:38:48.0750 1000 NdisTapi - ok

20:38:48.0765 1000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:38:48.0765 1000 Ndisuio - ok

20:38:48.0781 1000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:38:48.0843 1000 NdisWan - ok

20:38:48.0875 1000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:38:48.0921 1000 NDProxy - ok

20:38:48.0937 1000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:38:48.0968 1000 NetBIOS - ok

20:38:49.0000 1000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:38:49.0031 1000 NetBT - ok

20:38:49.0062 1000 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

20:38:49.0093 1000 NetDDE - ok

20:38:49.0109 1000 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe

20:38:49.0109 1000 NetDDEdsdm - ok

20:38:49.0140 1000 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:38:49.0140 1000 Netlogon - ok

20:38:49.0171 1000 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll

20:38:49.0187 1000 Netman - ok

20:38:49.0250 1000 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:38:49.0265 1000 NetTcpPortSharing - ok

20:38:49.0296 1000 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll

20:38:49.0312 1000 Nla - ok

20:38:49.0343 1000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:38:49.0390 1000 Npfs - ok

20:38:49.0406 1000 ntfrvxo - ok

20:38:49.0453 1000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:38:49.0515 1000 Ntfs - ok

20:38:49.0515 1000 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:38:49.0531 1000 NtLmSsp - ok

20:38:49.0562 1000 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll

20:38:49.0609 1000 NtmsSvc - ok

20:38:49.0640 1000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:38:49.0687 1000 Null - ok

20:38:49.0906 1000 nv (f43b110e1e97eb5606ab51aea2a26247) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

20:38:50.0156 1000 nv - ok

20:38:50.0250 1000 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

20:38:50.0281 1000 NVENETFD - ok

20:38:50.0296 1000 NVHDA (1959518e151eb5d48e87a96b9828c026) C:\WINDOWS\system32\drivers\nvhda32.sys

20:38:50.0296 1000 NVHDA - ok

20:38:50.0312 1000 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

20:38:50.0343 1000 nvnetbus - ok

20:38:50.0359 1000 NVSvc (0cc37b67a9f4f0f0507d534eeae9c030) C:\WINDOWS\system32\nvsvc32.exe

20:38:50.0359 1000 NVSvc - ok

20:38:50.0390 1000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:38:50.0421 1000 NwlnkFlt - ok

20:38:50.0437 1000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:38:50.0468 1000 NwlnkFwd - ok

20:38:50.0562 1000 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:38:50.0578 1000 odserv - ok

20:38:50.0625 1000 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:38:50.0640 1000 ose - ok

20:38:50.0687 1000 PACSPTISVR (dcacc2fc7dc0a3d7a60beb81fa233822) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

20:38:50.0718 1000 PACSPTISVR - ok

20:38:50.0843 1000 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

20:38:50.0843 1000 Parport - ok

20:38:50.0843 1000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:38:50.0890 1000 PartMgr - ok

20:38:50.0906 1000 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

20:38:50.0937 1000 ParVdm - ok

20:38:50.0937 1000 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

20:38:50.0984 1000 PCI - ok

20:38:50.0984 1000 PCIDump - ok

20:38:50.0984 1000 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:38:51.0046 1000 PCIIde - ok

20:38:51.0062 1000 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:38:51.0109 1000 Pcmcia - ok

20:38:51.0125 1000 PDCOMP - ok

20:38:51.0125 1000 PDFRAME - ok

20:38:51.0125 1000 PDRELI - ok

20:38:51.0140 1000 PDRFRAME - ok

20:38:51.0140 1000 pepifilter - ok

20:38:51.0156 1000 perc2 - ok

20:38:51.0156 1000 perc2hib - ok

20:38:51.0171 1000 PID_PEPI - ok

20:38:51.0203 1000 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe

20:38:51.0218 1000 PlugPlay - ok

20:38:51.0234 1000 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:38:51.0234 1000 PolicyAgent - ok

20:38:51.0265 1000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:38:51.0312 1000 PptpMiniport - ok

20:38:51.0328 1000 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

20:38:51.0343 1000 Processor - ok

20:38:51.0343 1000 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:38:51.0343 1000 ProtectedStorage - ok

20:38:51.0359 1000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:38:51.0390 1000 PSched - ok

20:38:51.0406 1000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:38:51.0453 1000 Ptilink - ok

20:38:51.0484 1000 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:38:51.0515 1000 PxHelp20 - ok

20:38:51.0515 1000 ql1080 - ok

20:38:51.0531 1000 Ql10wnt - ok

20:38:51.0531 1000 ql12160 - ok

20:38:51.0531 1000 ql1240 - ok

20:38:51.0546 1000 ql1280 - ok

20:38:51.0578 1000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:38:51.0609 1000 RasAcd - ok

20:38:51.0625 1000 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll

20:38:51.0656 1000 RasAuto - ok

20:38:51.0687 1000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:38:51.0718 1000 Rasl2tp - ok

20:38:51.0750 1000 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll

20:38:51.0765 1000 RasMan - ok

20:38:51.0765 1000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:38:51.0812 1000 RasPppoe - ok

20:38:51.0812 1000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:38:51.0843 1000 Raspti - ok

20:38:51.0875 1000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:38:51.0921 1000 Rdbss - ok

20:38:51.0937 1000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:38:51.0968 1000 RDPCDD - ok

20:38:52.0000 1000 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

20:38:52.0015 1000 RDPWD - ok

20:38:52.0031 1000 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe

20:38:52.0125 1000 RDSessMgr - ok

20:38:52.0156 1000 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:38:52.0187 1000 redbook - ok

20:38:52.0218 1000 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll

20:38:52.0250 1000 RemoteAccess - ok

20:38:52.0265 1000 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe

20:38:52.0281 1000 RpcLocator - ok

20:38:52.0328 1000 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll

20:38:52.0328 1000 RpcSs - ok

20:38:52.0359 1000 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe

20:38:52.0406 1000 RSVP - ok

20:38:52.0453 1000 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys

20:38:52.0484 1000 RT73 - ok

20:38:52.0515 1000 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe

20:38:52.0515 1000 SamSs - ok

20:38:52.0531 1000 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe

20:38:52.0578 1000 SCardSvr - ok

20:38:52.0625 1000 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll

20:38:52.0640 1000 Schedule - ok

20:38:52.0656 1000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:38:52.0656 1000 Secdrv - ok

20:38:52.0687 1000 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll

20:38:52.0687 1000 seclogon - ok

20:38:52.0703 1000 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll

20:38:52.0703 1000 SENS - ok

20:38:52.0718 1000 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

20:38:52.0718 1000 Serial - ok

20:38:52.0734 1000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:38:52.0796 1000 Sfloppy - ok

20:38:52.0828 1000 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll

20:38:52.0843 1000 SharedAccess - ok

20:38:52.0875 1000 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

20:38:52.0875 1000 ShellHWDetection - ok

20:38:52.0875 1000 Simbad - ok

20:38:52.0906 1000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:38:52.0921 1000 SLIP - ok

20:38:52.0921 1000 Sparrow - ok

20:38:52.0953 1000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:38:52.0953 1000 splitter - ok

20:38:52.0984 1000 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:38:52.0984 1000 Spooler - ok

20:38:53.0062 1000 SPTISRV (1b7447278005e38e464b34a7e841d628) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

20:38:53.0109 1000 SPTISRV - ok

20:38:53.0140 1000 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

20:38:53.0203 1000 sr - ok

20:38:53.0250 1000 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll

20:38:53.0250 1000 srservice - ok

20:38:53.0296 1000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:38:53.0312 1000 Srv - ok

20:38:53.0328 1000 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll

20:38:53.0328 1000 SSDPSRV - ok

20:38:53.0359 1000 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

20:38:53.0359 1000 ssmdrv - ok

20:38:53.0390 1000 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll

20:38:53.0406 1000 stisvc - ok

20:38:53.0437 1000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:38:53.0468 1000 streamip - ok

20:38:53.0484 1000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:38:53.0515 1000 swenum - ok

20:38:53.0546 1000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:38:53.0546 1000 swmidi - ok

20:38:53.0562 1000 SwPrv - ok

20:38:53.0562 1000 symc810 - ok

20:38:53.0578 1000 symc8xx - ok

20:38:53.0578 1000 sym_hi - ok

20:38:53.0578 1000 sym_u3 - ok

20:38:53.0609 1000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:38:53.0609 1000 sysaudio - ok

20:38:53.0640 1000 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe

20:38:53.0687 1000 SysmonLog - ok

20:38:53.0734 1000 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll

20:38:53.0750 1000 TapiSrv - ok

20:38:53.0796 1000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:38:53.0796 1000 Tcpip - ok

20:38:53.0812 1000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:38:53.0859 1000 TDPIPE - ok

20:38:53.0875 1000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:38:53.0875 1000 TDTCP - ok

20:38:53.0875 1000 tdx - ok

20:38:53.0906 1000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:38:54.0000 1000 TermDD - ok

20:38:54.0031 1000 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll

20:38:54.0046 1000 TermService - ok

20:38:54.0078 1000 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll

20:38:54.0078 1000 Themes - ok

20:38:54.0093 1000 TosIde - ok

20:38:54.0109 1000 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll

20:38:54.0109 1000 TrkWks - ok

20:38:54.0140 1000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:38:54.0187 1000 Udfs - ok

20:38:54.0187 1000 ultra - ok

20:38:54.0234 1000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:38:54.0296 1000 Update - ok

20:38:54.0328 1000 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll

20:38:54.0375 1000 upnphost - ok

20:38:54.0390 1000 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe

20:38:54.0421 1000 UPS - ok

20:38:54.0437 1000 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:38:54.0468 1000 usbaudio - ok

20:38:54.0484 1000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:38:54.0531 1000 usbccgp - ok

20:38:54.0546 1000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:38:54.0578 1000 usbehci - ok

20:38:54.0609 1000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:38:54.0671 1000 usbhub - ok

20:38:54.0687 1000 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

20:38:54.0734 1000 usbohci - ok

20:38:54.0765 1000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:38:54.0812 1000 usbprint - ok

20:38:54.0828 1000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:38:54.0890 1000 usbscan - ok

20:38:54.0921 1000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:38:54.0984 1000 USBSTOR - ok

20:38:55.0000 1000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:38:55.0062 1000 VgaSave - ok

20:38:55.0062 1000 ViaIde - ok

20:38:55.0078 1000 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

20:38:55.0109 1000 VolSnap - ok

20:38:55.0156 1000 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe

20:38:55.0203 1000 VSS - ok

20:38:55.0234 1000 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll

20:38:55.0250 1000 W32Time - ok

20:38:55.0281 1000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:38:55.0312 1000 Wanarp - ok

20:38:55.0312 1000 WDICA - ok

20:38:55.0343 1000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:38:55.0359 1000 wdmaud - ok

20:38:55.0359 1000 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll

20:38:55.0375 1000 WebClient - ok

20:38:55.0406 1000 WinDefend - ok

20:38:55.0406 1000 WinHttpAutoProxySvc - ok

20:38:55.0484 1000 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:38:55.0484 1000 winmgmt - ok

20:38:55.0515 1000 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

20:38:55.0546 1000 WmdmPmSN - ok

20:38:55.0578 1000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:38:55.0578 1000 WmiAcpi - ok

20:38:55.0625 1000 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:38:55.0671 1000 WmiApSrv - ok

20:38:55.0703 1000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:38:55.0750 1000 WpdUsb - ok

20:38:55.0765 1000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:38:55.0812 1000 WS2IFSL - ok

20:38:55.0843 1000 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll

20:38:55.0859 1000 wscsvc - ok

20:38:55.0875 1000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:38:55.0921 1000 WSTCODEC - ok

20:38:55.0937 1000 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll

20:38:55.0953 1000 wuauserv - ok

20:38:55.0984 1000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:38:56.0031 1000 WudfPf - ok

20:38:56.0046 1000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:38:56.0093 1000 WudfRd - ok

20:38:56.0125 1000 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

20:38:56.0156 1000 WudfSvc - ok

20:38:56.0203 1000 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll

20:38:56.0218 1000 WZCSVC - ok

20:38:56.0234 1000 xcpip - ok

20:38:56.0265 1000 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll

20:38:56.0359 1000 xmlprov - ok

20:38:56.0359 1000 xpsec - ok

20:38:56.0390 1000 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0

20:38:56.0390 1000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected

20:38:56.0390 1000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)

20:38:56.0390 1000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

20:38:56.0406 1000 \Device\Harddisk1\DR3 - ok

20:38:56.0406 1000 Boot (0x1200) (a766ff3ea9a4e555dbb0b07d32881ca3) \Device\Harddisk0\DR0\Partition0

20:38:56.0406 1000 \Device\Harddisk0\DR0\Partition0 - ok

20:38:56.0421 1000 Boot (0x1200) (3230b8b123bd2e20651950165716c0d5) \Device\Harddisk0\DR0\Partition1

20:38:56.0421 1000 \Device\Harddisk0\DR0\Partition1 - ok

20:38:56.0421 1000 Boot (0x1200) (17c7219c8b9cb612008a812c4a54b1d2) \Device\Harddisk1\DR3\Partition0

20:38:56.0421 1000 \Device\Harddisk1\DR3\Partition0 - ok

20:38:56.0421 1000 ============================================================

20:38:56.0421 1000 Scan finished

20:38:56.0421 1000 ============================================================

20:38:56.0437 0264 Detected object count: 1

20:38:56.0437 0264 Actual detected object count: 1

20:39:15.0625 0264 \Device\Harddisk0\DR0\# - copied to quarantine

20:39:15.0625 0264 \Device\Harddisk0\DR0 - copied to quarantine

20:39:15.0625 0264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot

20:39:15.0640 0264 \Device\Harddisk0\DR0 - ok

20:39:15.0640 0264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

20:39:19.0078 3456 Deinitialize success

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

Mooi zo. Wat je antivirus betreft : de 3 genoemde programma's zijn ook in een gratis versie beschikbaar (en zijn ook dan voldoende betrouwbaar). Mijn persoonlijke - lichte - voorkeur gaat naar AVAST, maar ook je huidige AVG is best doenbaar. Dat heeft hij trouwens bewezen door nu de juiste analyse te stellen over je besmetting. Indien je liever voor een betalende versie gaat, is de keuze natuurlijk meer uitgebreid dan deze 3 programma's.

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder TDSS Killer manueel.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In XP doe je dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

aangepast door kape
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.