Ga naar inhoud

Help w32/blaster.com


pvn

Aanbevolen berichten

Hierbij het log:

Mvg,

Peter

21:51:43.0609 2628 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

21:51:43.0921 2628 ============================================================

21:51:43.0921 2628 Current date / time: 2013/09/16 21:51:43.0921

21:51:43.0921 2628 SystemInfo:

21:51:43.0921 2628

21:51:43.0921 2628 OS Version: 5.1.2600 ServicePack: 3.0

21:51:43.0921 2628 Product type: Workstation

21:51:43.0921 2628 ComputerName: GX620-PC

21:51:43.0921 2628 UserName: JULIE

21:51:43.0921 2628 Windows directory: C:\WINDOWS

21:51:43.0921 2628 System windows directory: C:\WINDOWS

21:51:43.0921 2628 Processor architecture: Intel x86

21:51:43.0921 2628 Number of processors: 2

21:51:43.0921 2628 Page size: 0x1000

21:51:43.0921 2628 Boot type: Normal boot

21:51:43.0921 2628 ============================================================

21:51:45.0109 2628 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:51:45.0109 2628 ============================================================

21:51:45.0109 2628 \Device\Harddisk0\DR0:

21:51:45.0109 2628 MBR partitions:

21:51:45.0109 2628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E

21:51:45.0109 2628 ============================================================

21:51:45.0125 2628 C: <-> \Device\Harddisk0\DR0\Partition1

21:51:45.0125 2628 ============================================================

21:51:45.0125 2628 Initialize success

21:51:45.0125 2628 ============================================================

21:51:51.0234 4024 ============================================================

21:51:51.0234 4024 Scan started

21:51:51.0234 4024 Mode: Manual; SigCheck; TDLFS;

21:51:51.0234 4024 ============================================================

21:51:51.0765 4024 ================ Scan system memory ========================

21:51:51.0781 4024 System memory - ok

21:51:51.0781 4024 ================ Scan services =============================

21:51:51.0843 4024 Abiosdsk - ok

21:51:51.0859 4024 abp480n5 - ok

21:51:51.0921 4024 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:51:52.0296 4024 ACPI - ok

21:51:52.0312 4024 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

21:51:52.0468 4024 ACPIEC - ok

21:51:52.0515 4024 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:51:52.0515 4024 Suspicious file (NoAccess): C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe. md5: B2B64AF436FACCFA854DD397027C5360

21:51:52.0515 4024 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - warning

21:51:52.0515 4024 AdobeFlashPlayerUpdateSvc - detected LockedFile.Multi.Generic (1)

21:51:52.0531 4024 adpu160m - ok

21:51:52.0562 4024 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

21:51:52.0718 4024 aec - ok

21:51:52.0750 4024 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

21:51:52.0765 4024 AFD - ok

21:51:52.0781 4024 Aha154x - ok

21:51:52.0781 4024 aic78u2 - ok

21:51:52.0796 4024 aic78xx - ok

21:51:52.0828 4024 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

21:51:52.0984 4024 Alerter - ok

21:51:53.0000 4024 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

21:51:53.0062 4024 ALG - ok

21:51:53.0078 4024 AliIde - ok

21:51:53.0078 4024 amsint - ok

21:51:53.0109 4024 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

21:51:53.0203 4024 AppMgmt - ok

21:51:53.0203 4024 asc - ok

21:51:53.0203 4024 asc3350p - ok

21:51:53.0218 4024 asc3550 - ok

21:51:53.0296 4024 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:51:53.0328 4024 aspnet_state - ok

21:51:53.0359 4024 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:51:53.0500 4024 AsyncMac - ok

21:51:53.0531 4024 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

21:51:53.0671 4024 atapi - ok

21:51:53.0687 4024 Atdisk - ok

21:51:53.0703 4024 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:51:53.0843 4024 Atmarpc - ok

21:51:53.0890 4024 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

21:51:54.0046 4024 AudioSrv - ok

21:51:54.0078 4024 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

21:51:54.0218 4024 audstub - ok

21:51:54.0468 4024 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

21:51:54.0687 4024 AVGIDSAgent - ok

21:51:54.0703 4024 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

21:51:54.0765 4024 AVGIDSDriver - ok

21:51:54.0781 4024 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

21:51:54.0812 4024 AVGIDSHX - ok

21:51:54.0812 4024 [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

21:51:54.0843 4024 AVGIDSShim - ok

21:51:54.0859 4024 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:51:54.0890 4024 Avgldx86 - ok

21:51:54.0906 4024 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys

21:51:54.0937 4024 Avglogx - ok

21:51:54.0937 4024 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:51:54.0968 4024 Avgmfx86 - ok

21:51:54.0968 4024 [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:51:55.0000 4024 Avgrkx86 - ok

21:51:55.0015 4024 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:51:55.0046 4024 Avgtdix - ok

21:51:55.0078 4024 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

21:51:55.0109 4024 avgwd - ok

21:51:55.0125 4024 [ 241474D01380E9ED41D4C07F4F5FD401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:51:55.0156 4024 b57w2k - ok

21:51:55.0171 4024 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys

21:51:55.0203 4024 BANTExt ( UnsignedFile.Multi.Generic ) - warning

21:51:55.0203 4024 BANTExt - detected UnsignedFile.Multi.Generic (1)

21:51:55.0203 4024 bdfdll - ok

21:51:55.0203 4024 BDFsDrv - ok

21:51:55.0218 4024 BDRsDrv - ok

21:51:55.0250 4024 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

21:51:55.0390 4024 Beep - ok

21:51:55.0421 4024 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

21:51:55.0468 4024 Browser - ok

21:51:55.0500 4024 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

21:51:55.0656 4024 cbidf2k - ok

21:51:55.0671 4024 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:51:55.0843 4024 CCDECODE - ok

21:51:55.0843 4024 cd20xrnt - ok

21:51:55.0859 4024 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

21:51:56.0015 4024 Cdaudio - ok

21:51:56.0031 4024 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

21:51:56.0203 4024 Cdfs - ok

21:51:56.0234 4024 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:51:56.0390 4024 Cdrom - ok

21:51:56.0390 4024 cerc6 - ok

21:51:56.0406 4024 Changer - ok

21:51:56.0421 4024 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

21:51:56.0578 4024 CiSvc - ok

21:51:56.0609 4024 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

21:51:56.0750 4024 ClipSrv - ok

21:51:56.0781 4024 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:51:56.0796 4024 clr_optimization_v2.0.50727_32 - ok

21:51:56.0968 4024 [ E2D9B64BC78B01E599539C1C1193CE9B ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

21:51:57.0171 4024 cmdAgent - ok

21:51:57.0203 4024 [ 5A3B2770EB1CF642986D7886C1C037EC ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys

21:51:57.0234 4024 cmderd - ok

21:51:57.0265 4024 [ 3369A1E3A80C7A991AF0DD36251F5C34 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys

21:51:57.0328 4024 cmdGuard - ok

21:51:57.0343 4024 [ 00930989984DA7C8DA2799D0C49BCD4D ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

21:51:57.0375 4024 cmdHlp - ok

21:51:57.0375 4024 CmdIde - ok

21:51:57.0406 4024 [ 5FABA52953E40BDE1F2DBC35E549B63E ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

21:51:57.0437 4024 cmdvirth - ok

21:51:57.0437 4024 CnxEtP - ok

21:51:57.0453 4024 CnxEtU - ok

21:51:57.0453 4024 CnxTgNW - ok

21:51:57.0468 4024 COMSysApp - ok

21:51:57.0484 4024 Cpqarray - ok

21:51:57.0515 4024 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

21:51:57.0656 4024 CryptSvc - ok

21:51:57.0656 4024 dac2w2k - ok

21:51:57.0671 4024 dac960nt - ok

21:51:57.0703 4024 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

21:51:57.0765 4024 DcomLaunch - ok

21:51:57.0765 4024 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

21:51:57.0921 4024 Dhcp - ok

21:51:57.0953 4024 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

21:51:58.0109 4024 Disk - ok

21:51:58.0109 4024 dmadmin - ok

21:51:58.0156 4024 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

21:51:58.0312 4024 dmboot - ok

21:51:58.0328 4024 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

21:51:58.0468 4024 dmio - ok

21:51:58.0500 4024 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

21:51:58.0640 4024 dmload - ok

21:51:58.0656 4024 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

21:51:58.0812 4024 dmserver - ok

21:51:58.0859 4024 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

21:51:59.0015 4024 DMusic - ok

21:51:59.0031 4024 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

21:51:59.0062 4024 Dnscache - ok

21:51:59.0093 4024 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

21:51:59.0234 4024 Dot3svc - ok

21:51:59.0234 4024 dpti2o - ok

21:51:59.0265 4024 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

21:51:59.0390 4024 drmkaud - ok

21:51:59.0421 4024 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

21:51:59.0562 4024 EapHost - ok

21:51:59.0578 4024 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

21:51:59.0734 4024 ERSvc - ok

21:51:59.0765 4024 esgiguard - ok

21:51:59.0796 4024 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

21:51:59.0828 4024 Eventlog - ok

21:51:59.0859 4024 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

21:51:59.0906 4024 EventSystem - ok

21:51:59.0937 4024 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

21:52:00.0078 4024 Fastfat - ok

21:52:00.0093 4024 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

21:52:00.0125 4024 FastUserSwitchingCompatibility - ok

21:52:00.0140 4024 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

21:52:00.0296 4024 Fdc - ok

21:52:00.0328 4024 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

21:52:00.0484 4024 Fips - ok

21:52:00.0515 4024 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:52:00.0671 4024 Flpydisk - ok

21:52:00.0718 4024 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

21:52:00.0875 4024 FltMgr - ok

21:52:00.0937 4024 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:52:00.0953 4024 FontCache3.0.0.0 - ok

21:52:00.0968 4024 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:52:01.0125 4024 Fs_Rec - ok

21:52:01.0156 4024 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:52:01.0312 4024 Ftdisk - ok

21:52:01.0375 4024 [ B0C9FFF54F16DF2012F53A34736A0975 ] FTRTSVC C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

21:52:01.0390 4024 FTRTSVC ( UnsignedFile.Multi.Generic ) - warning

21:52:01.0390 4024 FTRTSVC - detected UnsignedFile.Multi.Generic (1)

21:52:01.0421 4024 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll

21:52:01.0453 4024 getPlusHelper - ok

21:52:01.0484 4024 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:52:01.0640 4024 Gpc - ok

21:52:01.0703 4024 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

21:52:01.0734 4024 gupdate - ok

21:52:01.0734 4024 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

21:52:01.0765 4024 gupdatem - ok

21:52:01.0812 4024 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:52:01.0968 4024 helpsvc - ok

21:52:02.0000 4024 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

21:52:02.0156 4024 HidServ - ok

21:52:02.0187 4024 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:52:02.0343 4024 hidusb - ok

21:52:02.0375 4024 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

21:52:02.0546 4024 hkmsvc - ok

21:52:02.0562 4024 hpn - ok

21:52:02.0609 4024 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

21:52:02.0671 4024 HTTP - ok

21:52:02.0703 4024 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

21:52:02.0859 4024 HTTPFilter - ok

21:52:02.0875 4024 i2omgmt - ok

21:52:02.0875 4024 i2omp - ok

21:52:02.0906 4024 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

21:52:03.0062 4024 i8042prt - ok

21:52:03.0234 4024 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:52:03.0437 4024 ialm - ok

21:52:03.0515 4024 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:52:03.0578 4024 idsvc - ok

21:52:03.0593 4024 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

21:52:03.0734 4024 Imapi - ok

21:52:03.0765 4024 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

21:52:03.0921 4024 ImapiService - ok

21:52:03.0937 4024 ini910u - ok

21:52:03.0968 4024 [ 8A00CB1EE39916205378EE13B797A1AF ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys

21:52:04.0000 4024 Inspect - ok

21:52:04.0000 4024 IntelIde - ok

21:52:04.0031 4024 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:52:04.0171 4024 intelppm - ok

21:52:04.0187 4024 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

21:52:04.0343 4024 Ip6Fw - ok

21:52:04.0359 4024 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:52:04.0515 4024 IpFilterDriver - ok

21:52:04.0546 4024 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:52:04.0703 4024 IpInIp - ok

21:52:04.0734 4024 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:52:04.0890 4024 IpNat - ok

21:52:04.0921 4024 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:52:05.0078 4024 IPSec - ok

21:52:05.0109 4024 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

21:52:05.0187 4024 IRENUM - ok

21:52:05.0218 4024 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:52:05.0375 4024 isapnp - ok

21:52:05.0437 4024 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

21:52:05.0468 4024 JavaQuickStarterService - ok

21:52:05.0484 4024 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:52:05.0640 4024 Kbdclass - ok

21:52:05.0656 4024 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:52:05.0796 4024 kbdhid - ok

21:52:05.0812 4024 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

21:52:05.0968 4024 kmixer - ok

21:52:05.0984 4024 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

21:52:06.0000 4024 KSecDD - ok

21:52:06.0031 4024 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

21:52:06.0078 4024 LanmanServer - ok

21:52:06.0125 4024 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

21:52:06.0156 4024 lanmanworkstation - ok

21:52:06.0171 4024 lbrtfdc - ok

21:52:06.0218 4024 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

21:52:06.0390 4024 LmHosts - ok

21:52:06.0390 4024 maqabrqg - ok

21:52:06.0421 4024 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

21:52:06.0578 4024 Messenger - ok

21:52:06.0609 4024 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

21:52:06.0734 4024 mnmdd - ok

21:52:06.0765 4024 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

21:52:06.0906 4024 mnmsrvc - ok

21:52:06.0937 4024 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

21:52:07.0078 4024 Modem - ok

21:52:07.0093 4024 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:52:07.0250 4024 Mouclass - ok

21:52:07.0250 4024 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:52:07.0390 4024 mouhid - ok

21:52:07.0421 4024 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

21:52:07.0562 4024 MountMgr - ok

21:52:07.0562 4024 mraid35x - ok

21:52:07.0593 4024 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:52:07.0984 4024 MRxDAV - ok

21:52:08.0031 4024 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:52:08.0093 4024 MRxSmb - ok

21:52:08.0125 4024 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

21:52:08.0296 4024 MSDTC - ok

21:52:08.0312 4024 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

21:52:08.0453 4024 Msfs - ok

21:52:08.0453 4024 MSIServer - ok

21:52:08.0468 4024 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:52:08.0609 4024 MSKSSRV - ok

21:52:08.0640 4024 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:52:08.0765 4024 MSPCLOCK - ok

21:52:08.0781 4024 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

21:52:08.0921 4024 MSPQM - ok

21:52:08.0953 4024 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:52:09.0078 4024 mssmbios - ok

21:52:09.0125 4024 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

21:52:09.0265 4024 MSTEE - ok

21:52:09.0281 4024 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

21:52:09.0328 4024 Mup - ok

21:52:09.0343 4024 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:52:09.0484 4024 NABTSFEC - ok

21:52:09.0531 4024 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

21:52:09.0671 4024 napagent - ok

21:52:09.0687 4024 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

21:52:09.0843 4024 NDIS - ok

21:52:09.0875 4024 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:52:10.0015 4024 NdisIP - ok

21:52:10.0046 4024 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:52:10.0093 4024 NdisTapi - ok

21:52:10.0125 4024 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:52:10.0281 4024 Ndisuio - ok

21:52:10.0296 4024 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:52:10.0437 4024 NdisWan - ok

21:52:10.0453 4024 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

21:52:10.0500 4024 NDProxy - ok

21:52:10.0500 4024 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

21:52:10.0656 4024 NetBIOS - ok

21:52:10.0687 4024 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

21:52:10.0828 4024 NetBT - ok

21:52:10.0859 4024 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

21:52:11.0000 4024 NetDDE - ok

21:52:11.0015 4024 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

21:52:11.0156 4024 NetDDEdsdm - ok

21:52:11.0171 4024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

21:52:11.0343 4024 Netlogon - ok

21:52:11.0390 4024 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

21:52:11.0546 4024 Netman - ok

21:52:11.0578 4024 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:52:11.0609 4024 NetTcpPortSharing - ok

21:52:11.0625 4024 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

21:52:11.0656 4024 Nla - ok

21:52:11.0687 4024 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

21:52:11.0812 4024 Npfs - ok

21:52:11.0843 4024 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

21:52:12.0000 4024 Ntfs - ok

21:52:12.0000 4024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

21:52:12.0140 4024 NtLmSsp - ok

21:52:12.0171 4024 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

21:52:12.0343 4024 NtmsSvc - ok

21:52:12.0359 4024 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

21:52:12.0500 4024 Null - ok

21:52:12.0515 4024 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:52:12.0671 4024 NwlnkFlt - ok

21:52:12.0687 4024 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:52:12.0828 4024 NwlnkFwd - ok

21:52:12.0906 4024 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:52:12.0937 4024 odserv - ok

21:52:12.0953 4024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:52:12.0984 4024 ose - ok

21:52:13.0046 4024 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

21:52:13.0203 4024 Parport - ok

21:52:13.0203 4024 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

21:52:13.0359 4024 PartMgr - ok

21:52:13.0390 4024 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

21:52:13.0531 4024 ParVdm - ok

21:52:13.0531 4024 pbfilter - ok

21:52:13.0562 4024 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

21:52:13.0609 4024 pccsmcfd - ok

21:52:13.0640 4024 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

21:52:13.0796 4024 PCI - ok

21:52:13.0812 4024 PCIDump - ok

21:52:13.0828 4024 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

21:52:13.0968 4024 PCIIde - ok

21:52:14.0000 4024 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

21:52:14.0156 4024 Pcmcia - ok

21:52:14.0171 4024 PDCOMP - ok

21:52:14.0171 4024 PDFRAME - ok

21:52:14.0187 4024 PDRELI - ok

21:52:14.0187 4024 PDRFRAME - ok

21:52:14.0203 4024 perc2 - ok

21:52:14.0203 4024 perc2hib - ok

21:52:14.0234 4024 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

21:52:14.0265 4024 PlugPlay - ok

21:52:14.0281 4024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

21:52:14.0421 4024 PolicyAgent - ok

21:52:14.0437 4024 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:52:14.0593 4024 PptpMiniport - ok

21:52:14.0609 4024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

21:52:14.0750 4024 ProtectedStorage - ok

21:52:14.0781 4024 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

21:52:14.0921 4024 PSched - ok

21:52:14.0953 4024 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:52:15.0109 4024 Ptilink - ok

21:52:15.0140 4024 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:52:15.0171 4024 PxHelp20 - ok

21:52:15.0171 4024 ql1080 - ok

21:52:15.0187 4024 Ql10wnt - ok

21:52:15.0187 4024 ql12160 - ok

21:52:15.0203 4024 ql1240 - ok

21:52:15.0203 4024 ql1280 - ok

21:52:15.0218 4024 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:52:15.0343 4024 RasAcd - ok

21:52:15.0359 4024 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

21:52:15.0531 4024 RasAuto - ok

21:52:15.0531 4024 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:52:15.0687 4024 Rasl2tp - ok

21:52:15.0718 4024 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

21:52:15.0843 4024 RasMan - ok

21:52:15.0859 4024 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:52:16.0015 4024 RasPppoe - ok

21:52:16.0031 4024 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

21:52:16.0156 4024 Raspti - ok

21:52:16.0171 4024 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:52:16.0312 4024 Rdbss - ok

21:52:16.0328 4024 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:52:16.0453 4024 RDPCDD - ok

21:52:16.0500 4024 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:52:16.0640 4024 rdpdr - ok

21:52:16.0687 4024 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

21:52:16.0734 4024 RDPWD - ok

21:52:16.0781 4024 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

21:52:16.0921 4024 RDSessMgr - ok

21:52:16.0953 4024 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

21:52:17.0109 4024 redbook - ok

21:52:17.0156 4024 [ C310203D2ED0CFD0AD68DB638C8DBB25 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe

21:52:17.0187 4024 ReflectService.exe - ok

21:52:17.0234 4024 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

21:52:17.0375 4024 RemoteRegistry - ok

21:52:17.0390 4024 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

21:52:17.0546 4024 RpcLocator - ok

21:52:17.0562 4024 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

21:52:17.0593 4024 RpcSs - ok

21:52:17.0609 4024 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

21:52:17.0750 4024 RSVP - ok

21:52:17.0796 4024 [ B9B17ACA28D3E60CAABD92402DE413D5 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys

21:52:17.0843 4024 rt2870 - ok

21:52:17.0859 4024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

21:52:18.0000 4024 SamSs - ok

21:52:18.0031 4024 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

21:52:18.0187 4024 SCardSvr - ok

21:52:18.0218 4024 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

21:52:18.0359 4024 Schedule - ok

21:52:18.0390 4024 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:52:18.0468 4024 Secdrv - ok

21:52:18.0484 4024 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

21:52:18.0640 4024 seclogon - ok

21:52:18.0687 4024 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

21:52:18.0734 4024 senfilt - ok

21:52:18.0734 4024 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

21:52:18.0875 4024 SENS - ok

21:52:18.0890 4024 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

21:52:19.0062 4024 serenum - ok

21:52:19.0078 4024 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

21:52:19.0234 4024 Serial - ok

21:52:19.0296 4024 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

21:52:19.0343 4024 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

21:52:19.0343 4024 ServiceLayer - detected UnsignedFile.Multi.Generic (1)

21:52:19.0375 4024 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

21:52:19.0546 4024 Sfloppy - ok

21:52:19.0578 4024 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

21:52:19.0593 4024 ShellHWDetection - ok

21:52:19.0609 4024 Simbad - ok

21:52:19.0781 4024 [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

21:52:19.0921 4024 Skype C2C Service - ok

21:52:19.0968 4024 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

21:52:20.0000 4024 SkypeUpdate - ok

21:52:20.0015 4024 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:52:20.0156 4024 SLIP - ok

21:52:20.0187 4024 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

21:52:20.0218 4024 smwdm - ok

21:52:20.0218 4024 Sparrow - ok

21:52:20.0234 4024 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

21:52:20.0390 4024 splitter - ok

21:52:20.0421 4024 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

21:52:20.0437 4024 Spooler - ok

21:52:20.0468 4024 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

21:52:20.0562 4024 sr - ok

21:52:20.0562 4024 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

21:52:20.0640 4024 srservice - ok

21:52:20.0671 4024 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

21:52:20.0703 4024 Srv - ok

21:52:20.0734 4024 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

21:52:20.0812 4024 SSDPSRV - ok

21:52:20.0828 4024 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys

21:52:20.0859 4024 StarOpen ( UnsignedFile.Multi.Generic ) - warning

21:52:20.0859 4024 StarOpen - detected UnsignedFile.Multi.Generic (1)

21:52:20.0906 4024 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

21:52:21.0062 4024 stisvc - ok

21:52:21.0093 4024 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:52:21.0234 4024 streamip - ok

21:52:21.0250 4024 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

21:52:21.0406 4024 swenum - ok

21:52:21.0437 4024 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

21:52:21.0562 4024 swmidi - ok

21:52:21.0578 4024 SwPrv - ok

21:52:21.0578 4024 symc810 - ok

21:52:21.0593 4024 symc8xx - ok

21:52:21.0593 4024 sym_hi - ok

21:52:21.0609 4024 sym_u3 - ok

21:52:21.0625 4024 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

21:52:21.0765 4024 sysaudio - ok

21:52:21.0812 4024 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

21:52:21.0937 4024 SysmonLog - ok

21:52:21.0984 4024 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

21:52:22.0125 4024 TapiSrv - ok

21:52:22.0140 4024 [ FBF5F4FAEAC6DB79C3881E1CDDA9BFAD ] tccp C:\WINDOWS\system32\DRIVERS\tccp.sys

21:52:22.0171 4024 tccp - ok

21:52:22.0203 4024 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:52:22.0250 4024 Tcpip - ok

21:52:22.0281 4024 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

21:52:22.0437 4024 TDPIPE - ok

21:52:22.0468 4024 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

21:52:22.0625 4024 TDTCP - ok

21:52:22.0656 4024 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

21:52:22.0781 4024 TermDD - ok

21:52:22.0812 4024 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

21:52:22.0968 4024 TermService - ok

21:52:22.0984 4024 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

21:52:23.0015 4024 Themes - ok

21:52:23.0046 4024 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

21:52:23.0125 4024 TlntSvr - ok

21:52:23.0125 4024 TosIde - ok

21:52:23.0171 4024 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

21:52:23.0312 4024 TrkWks - ok

21:52:23.0343 4024 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

21:52:23.0484 4024 Udfs - ok

21:52:23.0500 4024 ultra - ok

21:52:23.0531 4024 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

21:52:23.0703 4024 Update - ok

21:52:23.0718 4024 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

21:52:23.0796 4024 upnphost - ok

21:52:23.0812 4024 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

21:52:23.0968 4024 UPS - ok

21:52:24.0000 4024 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

21:52:24.0140 4024 usbaudio - ok

21:52:24.0187 4024 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:52:24.0359 4024 usbccgp - ok

21:52:24.0390 4024 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:52:24.0531 4024 usbehci - ok

21:52:24.0578 4024 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:52:24.0718 4024 usbhub - ok

21:52:24.0750 4024 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:52:24.0906 4024 usbprint - ok

21:52:24.0921 4024 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:52:25.0046 4024 usbscan - ok

21:52:25.0078 4024 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys

21:52:25.0218 4024 usbser - ok

21:52:25.0234 4024 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:52:25.0375 4024 USBSTOR - ok

21:52:25.0406 4024 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:52:25.0546 4024 usbuhci - ok

21:52:25.0578 4024 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

21:52:25.0718 4024 usbvideo - ok

21:52:25.0750 4024 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

21:52:25.0890 4024 VgaSave - ok

21:52:25.0890 4024 ViaIde - ok

21:52:25.0921 4024 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

21:52:26.0046 4024 VolSnap - ok

21:52:26.0093 4024 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

21:52:26.0171 4024 VSS - ok

21:52:26.0218 4024 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

21:52:26.0375 4024 W32Time - ok

21:52:26.0390 4024 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:52:26.0546 4024 Wanarp - ok

21:52:26.0578 4024 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

21:52:26.0625 4024 Wdf01000 - ok

21:52:26.0625 4024 WDICA - ok

21:52:26.0640 4024 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

21:52:26.0781 4024 wdmaud - ok

21:52:26.0796 4024 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

21:52:26.0937 4024 WebClient - ok

21:52:26.0984 4024 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

21:52:27.0125 4024 winmgmt - ok

21:52:27.0156 4024 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

21:52:27.0187 4024 WmdmPmSN - ok

21:52:27.0218 4024 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

21:52:27.0296 4024 Wmi - ok

21:52:27.0328 4024 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:52:27.0484 4024 WmiApSrv - ok

21:52:27.0546 4024 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

21:52:27.0625 4024 WMPNetworkSvc - ok

21:52:27.0671 4024 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:52:27.0828 4024 WS2IFSL - ok

21:52:27.0843 4024 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

21:52:27.0984 4024 wscsvc - ok

21:52:28.0015 4024 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:52:28.0140 4024 WSTCODEC - ok

21:52:28.0156 4024 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:52:28.0171 4024 WudfPf - ok

21:52:28.0203 4024 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:52:28.0234 4024 WudfRd - ok

21:52:28.0265 4024 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

21:52:28.0312 4024 WudfSvc - ok

21:52:28.0359 4024 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

21:52:28.0515 4024 WZCSVC - ok

21:52:28.0546 4024 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

21:52:28.0718 4024 xmlprov - ok

21:52:28.0750 4024 *etadpug - ok

21:52:28.0750 4024 ================ Scan global ===============================

21:52:28.0781 4024 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

21:52:28.0796 4024 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

21:52:28.0828 4024 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

21:52:28.0828 4024 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

21:52:28.0843 4024 [Global] - ok

21:52:28.0843 4024 ================ Scan MBR ==================================

21:52:28.0859 4024 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

21:52:29.0078 4024 \Device\Harddisk0\DR0 - ok

21:52:29.0078 4024 ================ Scan VBR ==================================

21:52:29.0078 4024 [ D3E063DA861FFD7FF6AA975BCE2AB005 ] \Device\Harddisk0\DR0\Partition1

21:52:29.0078 4024 \Device\Harddisk0\DR0\Partition1 - ok

21:52:29.0078 4024 ============================================================

21:52:29.0078 4024 Scan finished

21:52:29.0078 4024 ============================================================

21:52:29.0187 4028 Detected object count: 5

21:52:29.0187 4028 Actual detected object count: 5

21:53:54.0234 4028 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - skipped by user

21:53:54.0234 4028 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - User select action: Skip

21:53:54.0234 4028 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:54.0234 4028 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:53:54.0234 4028 FTRTSVC ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:54.0234 4028 FTRTSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:53:54.0234 4028 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:54.0234 4028 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:53:54.0234 4028 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

21:53:54.0234 4028 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:54:01.0156 2560 Deinitialize success

Link naar reactie
Delen op andere sites

  • Reacties 29
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Download 5217db3eb6d8b-AdwCleaner3.pngAdwCleaner by Xplode naar je bureaublad.


  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op Scan.
  • Klik vervolgens op Clean als er items zijn gevonden.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites

ADWCLEANER Log

MVG

# AdwCleaner v3.004 - Report created 17/09/2013 at 00:13:45

# Updated 15/09/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : JULIE - GX620-PC

# Running from : C:\Documents and Settings\JULIE\Desktop\VIRUS\adw.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium

Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Bcool

Folder Deleted : C:\Documents and Settings\All Users\Application Data\safe save

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Search-NewuTaba

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Searych-NiewTayB

Folder Deleted : C:\Documents and Settings\All Users\Application Data\ssafe yssaveu

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DefaultTab

Folder Deleted : C:\Program Files\Nosibay

Folder Deleted : C:\Program Files\TornTV.com

Folder Deleted : C:\Program Files\WebSearch

Folder Deleted : C:\WINDOWS\system32\ARFC

Folder Deleted : C:\WINDOWS\system32\jmdp

Folder Deleted : C:\WINDOWS\system32\WNLT

Folder Deleted : C:\Documents and Settings\GX620\Local Settings\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\GX620\Local Settings\Application Data\PackageAware

Folder Deleted : C:\Documents and Settings\GX620\Application Data\Nosibay

Folder Deleted : C:\Documents and Settings\GX620\Application Data\Systweak

Folder Deleted : C:\Documents and Settings\GX620\Application Data\Toolbar4

Folder Deleted : C:\Documents and Settings\JULIE\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\JULIE\Local Settings\Application Data\lollipop

Folder Deleted : C:\Documents and Settings\JULIE\Application Data\eIntaller

Folder Deleted : C:\Documents and Settings\JULIE\Application Data\Nosibay

Folder Deleted : C:\Documents and Settings\JULIE\Application Data\SwvUpdater

Folder Deleted : C:\Documents and Settings\JULIE\Application Data\Systweak

Folder Deleted : C:\Program Files\Software

File Deleted : C:\END

File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442C-B14C-3D1081953C94}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAB844C8-B2CC-02AF-8CD1-8CEA95D1328D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAB844C8-B2CC-02AF-8CD1-8CEA95D1328D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\lollipop

Key Deleted : HKCU\Software\Nosibay

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Web Assistant

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\Uniblue\DriverScanner

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\Software\WNLT

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{20E7BC40-33F6-4A81-9D52-B58349326206}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4183178B-4D4E-48A7-9257-454BA90A760E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\JULIE\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js ]

*************************

AdwCleaner[R0].txt - [12638 octets] - [16/09/2013 23:25:22]

AdwCleaner[R1].txt - [12692 octets] - [17/09/2013 00:11:58]

AdwCleaner[s0].txt - [12395 octets] - [17/09/2013 00:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12456 octets] ##########

Link naar reactie
Delen op andere sites

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java SE 7 en download daar de juiste Java versie naar uw bureaublad, 32 of 64 bit. Voor 32 bit download je Windows x86, voor 64 bit download je Windows x64.


  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.

Hoe gaat het nu met de problemen?

Link naar reactie
Delen op andere sites

Ja hoor, daar zit je goed mee. :-)

Tijd voor de grote schoonmaak dan:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:


  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Link naar reactie
Delen op andere sites

Jion,

OK alles is nu gefixed voor deze computer denk ik.

Ik heb ook nog een Dell Inspiron laptop die ik een paar maanden geleden met veel moeite (eerste keer) heb geformatteerd. Kan je preventief bekijken of alles up-to-date is en goed geïnstalleerd is en of er niets geïnfecteerd is of kan ik beter wachten tot er eventuele problemen opduiken? Welk logje kan ik zenden?

Mvg,

Peter

Link naar reactie
Delen op andere sites

Jion,

Na mijn laatste bericht op het forum heb ik Comodo internet security en Avast geïnstalleerd gezien Microsoft Security Essentials maar weinig bescherming gaf.

Ik merkte reeds vertraging op computer. Afzetten, een eeuwigheid.... Aanzetten nog langer.

Comodo heb er net weer afgegooid.

Opstarten duurt nu zowat 10 a 15 minuten.

Een bestand in Word krijg ik met moeite op na 5 minuten, met bericht ... belangrijke fout ivm Finereader, wens je die uit te zetten ... ja, die heb ik toen uitgezet.

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.


  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.


  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites

Dag Jion,

Hierbij het log van Combofix:

Peter

ComboFix 13-09-17.01 - Peter 18/09/2013 10:08:20.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT 2:00]

Running from: c:\documents and settings\Peter\Desktop\VIRUS\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\1371740468.1492.bin

c:\documents and settings\All Users\Application Data\1371740468.4112.bin

c:\documents and settings\All Users\Application Data\1371740468.5544.bin

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\RAIDTest

c:\windows\system32\Cache

c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK

c:\windows\system32\drivers\DELL_XPS_MM061 .MRK

.

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))

.

.

2013-09-17 18:17 . 2013-09-17 18:17 -------- d-----w- c:\documents and settings\Peter\Application Data\Avast Ad Blocker

2013-09-17 17:42 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-09-17 17:42 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-09-17 17:42 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-09-17 17:42 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-09-17 17:42 . 2013-08-30 07:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-09-17 17:42 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-09-17 17:42 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-09-17 17:42 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-09-17 17:40 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr

2013-09-17 17:39 . 2013-09-17 17:57 -------- d-----w- c:\program files\AVAST Software

2013-09-17 15:46 . 2013-09-17 15:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2013-09-17 15:43 . 2013-09-17 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO

2013-09-17 15:43 . 2013-09-17 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\windows\Sun

2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Sun

2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Common Files\Java

2013-09-17 15:21 . 2013-09-17 15:21 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-17 15:21 . 2013-09-17 15:21 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-17 15:21 . 2013-09-17 15:21 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-09-17 15:21 . 2013-09-17 15:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-17 15:21 . 2013-09-17 15:21 -------- d-----w- c:\program files\Java

2013-09-17 13:02 . 2013-09-17 13:02 -------- d-----w- c:\windows\ERUNT

2013-09-17 12:20 . 2013-09-17 12:25 -------- d-----w- C:\AdwCleaner

2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\searchplugins

2013-09-17 11:41 . 2013-09-17 11:41 -------- d-----w- c:\windows\system32\Extensions

2013-09-17 09:49 . 2013-09-17 09:50 -------- d-----w- c:\program files\trend micro

2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-14 10:18 . 2013-06-13 17:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-14 10:18 . 2013-06-13 17:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-30 07:47 . 2013-06-12 22:42 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-09 01:56 . 2008-04-13 23:00 386560 ----a-w- c:\windows\system32\themeui.dll

2013-08-08 06:05 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-08-08 06:05 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2008-04-13 23:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-08-08 01:27 . 2008-04-13 23:00 1877760 ----a-w- c:\windows\system32\win32k.sys

2013-08-08 00:02 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec

2013-08-05 13:30 . 2008-04-13 23:00 1289728 ----a-w- c:\windows\system32\ole32.dll

2013-08-03 12:18 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-07-18 23:04 . 2013-07-18 23:04 44424 ----a-w- c:\windows\system32\sbbd.exe

2013-07-18 23:04 . 2013-07-18 23:04 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-07-10 10:37 . 2008-04-13 23:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 03:03 . 2008-04-13 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]

"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"zBrowser Launcher"="c:\program files\iTouch\iTouch.exe" [2004-03-18 892928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\Peter\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk

backup=c:\windows\pss\PHOTOfunSTUDIO 6.0.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^EvernoteClipper.lnk]

path=c:\documents and settings\Peter\Start Menu\Programs\Startup\EvernoteClipper.lnk

backup=c:\windows\pss\EvernoteClipper.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]

c:\documents and settings\Peter\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-05-14 12:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]

2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WajamUpdater"=2 (0x2)

"Skype C2C Service"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"NokiaSuite.exe"=c:\program files\Nokia\Nokia Suite\NokiaSuite.exe -tray

"EPSON BX300F Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "c:\windows\TEMP\E_SD6.tmp" /EF "HKCU"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Peter\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [17/09/2013 19:42 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [17/09/2013 19:42 177864]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/02/2013 4:37 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8/02/2013 4:37 39224]

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [19/07/2013 1:04 13560]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/09/2013 19:42 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/09/2013 19:42 369584]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [19/06/2013 10:40 22560]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/09/2013 19:42 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [17/09/2013 19:42 66336]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 1:00 14336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/07/2013 17:04 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/07/2013 17:04 701512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/07/2013 17:04 22856]

S0 cerc6;cerc6; [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/02/2013 4:37 170808]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/06/2013 16:21 162408]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [?]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 10:18]

.

2013-09-18 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-17 07:47]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-26 20:59]

.

2013-09-17 c:\windows\Tasks\User_Feed_Synchronization-{2072EA55-B9B4-4954-B93F-503F9DE86B6D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

IE: Afbeelding knippen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Kopieer selectie - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Kopieer URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Pagina opemen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-09-18 10:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1960408961-2049760794-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1696)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(2596)

c:\windows\system32\WININET.dll

c:\program files\iTouch\iTchHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\ICO.EXE

c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe

.

**************************************************************************

.

Completion time: 2013-09-18 10:23:52 - machine was rebooted

ComboFix-quarantined-files.txt 2013-09-18 08:23

.

Pre-Run: 34.115.936.256 bytes free

Post-Run: 34.555.650.048 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 4198825F22FE9652381C95066276F0B3

8F558EB6672622401DA993E1E865C861

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.