Vraag & Antwoord
log na combofix (na TDSS ivm MEbroot.A)
31 antwoorden
- Hoi Allemaal,
Door een melding bij Avira antivirus en het niet verwijdert krijgen van het probleem ben ik op deze site terecht gekomen en een topic gevonden waarin hetzelfde verhaal speelde.
Om dat topic niet te vervuilen ben ik een nieuw topic gestart.
Mijn naam is Angelique en werk dagelijks op mijn werk als CAD-tekenaar. Maar tot zover reikt dan ook mijn computerkennis. Via Google al een boel zaken opgelost gekregen, maar dit lijkt me toch een vrij hardnekkig iets.
Als tip in het andere topic en de daar voorgestelde stappen heb ik bovengenoemde programma' s (zoals genoemd in het onderwerp)laten lopen.
Wat ieder geval al opvalt is, dat de window start en afsluitgeluidjes weer aanwezig zijn. Deze heb ik maanden niet meer gehoord. Er zijn echter niet maanden problemen geweest. In feite waren er (met internet en outlook) pas de laatste paar dagen problemen.
na de combofix is dit de logfile;
Kan iemand mij vertellen of er nog iets dreigends op mijn pc zit?
Alvast bedankt
ComboFix 12-05-23.05 - Angelique 23-05-2012 18:42:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1505 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marc\ntuser.tmp
c:\documents and settings\Marc\WINDOWS
c:\recycle.bin\B6232F3AE5B.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_xcpip
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))
.
.
2012-05-23 16:49 . 2012-05-23 16:49 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-05-23 16:27 . 2012-05-23 16:27 ——– d—–w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 16:23 ——– d—–w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 16:23 ——– d—–w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 06:06 . 2012-05-23 06:06 ——– d—–w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 05:38 . 2012-05-23 05:38 ——– d—–w- c:\documents and settings\Angelique\Application Data\Avira
2012-05-23 05:32 . 2012-02-03 13:28 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-23 05:32 . 2012-02-03 13:28 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 05:24 . 2012-05-23 05:24 ——– d—–w- c:\windows\system32\Adobe
2012-05-23 05:23 . 2012-05-23 05:23 ——– d—–w- c:\program files\Avira
2012-05-23 05:23 . 2012-05-23 05:23 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
2012-05-23 05:19 . 2012-05-23 05:22 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 05:47 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 16:47 ——– d—–w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:55 . 2004-08-03 23:58 2031104 —-a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 —-a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 —-a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ——w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ——w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-09-13 12:52 177664 —-a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-09-13 12:52 148480 —-a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-09-13 12:52 385024 ——w- c:\windows\system32\html.iec
2010-03-31 08:09 . 2010-03-31 08:09 10437264 —-a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 —-a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 —-a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R?2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [23-5-2012 7:32 86224]
R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23-5-2012 7:32 36000]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run –> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S?2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
2012-05-23 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-4Y3Y0C3AUF7W0E6DHHTVE - c:\recycle.bin\B6232F3AE5B.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3324)
c:\docume~1\ANGELI~1\LOCALS~1\Temp\catchme.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\program files\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-23 18:53:08 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-23 16:52
.
Pre-Run: 102.380.843.008 bytes beschikbaar
Post-Run: 103.763.951.616 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5844918FFC6920616484C4A5C4CBC699
[i:df90b591c3][/i:df90b591c3] - Hallo Angelique, ik zie dat jij TDSSKiller ook gebruikt hebt.
Het gebruik zonder aanwijzingen van dit soort sterke tools is af te raden.
Kijk nu of jij een op dit [b:c534974da3]C:\TDSSKiller.2.5.12.0_23.05.2012_10.45.13_log.txt[/b:c534974da3] lijkend bestand vindt.
Zoja dan graag de inhoud van dat log in je volgende bericht posten. - oh… :o
Ik zag dat wel staan bij de combofix in de (in de link te vinden) handleiding, maar niet bij de tdsskiller. En omdat in de combofix een herstelpunt werd aangemaakt leek het mij niet zo heel veek kwaad te kunnen.
Aangezien het exact hetzelfde probleem leek te zijn, dacht ik dat het geen kwaad kon.
Wil zo min mogelijk zelfde vragen stellen, vandaar…………
Maar de volgende keer toch maar direct een post starten, of beter nog…………..voorkomen dat het nog eens voorkomt
Bijgaand de gevraagde log
18:25:56.0265 2244 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:25:56.0656 2244 ============================================================
18:25:56.0656 2244 Current date / time: 2012/05/23 18:25:56.0656
18:25:56.0656 2244 SystemInfo:
18:25:56.0656 2244
18:25:56.0656 2244 OS Version: 5.1.2600 ServicePack: 3.0
18:25:56.0656 2244 Product type: Workstation
18:25:56.0656 2244 ComputerName: CP-597526-A
18:25:56.0656 2244 UserName: Angelique
18:25:56.0656 2244 Windows directory: C:\WINDOWS
18:25:56.0656 2244 System windows directory: C:\WINDOWS
18:25:56.0656 2244 Processor architecture: Intel x86
18:25:56.0656 2244 Number of processors: 2
18:25:56.0656 2244 Page size: 0x1000
18:25:56.0656 2244 Boot type: Normal boot
18:25:56.0656 2244 ============================================================
18:25:57.0328 2244 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:25:57.0375 2244 Drive \Device\Harddisk5\DR11 - Size: 0x1DD200000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:25:57.0375 2244 ============================================================
18:25:57.0375 2244 \Device\Harddisk0\DR0:
18:25:57.0375 2244 MBR partitions:
18:25:57.0375 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129D9EB1
18:25:57.0375 2244 \Device\Harddisk5\DR11:
18:25:57.0375 2244 MBR partitions:
18:25:57.0375 2244 \Device\Harddisk5\DR11\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE7080
18:25:57.0375 2244 ============================================================
18:25:57.0421 2244 C: <-> \Device\Harddisk0\DR0\Partition0
18:25:57.0421 2244 ============================================================
18:25:57.0421 2244 Initialize success
18:25:57.0421 2244 ============================================================
18:26:21.0515 3284 ============================================================
18:26:21.0515 3284 Scan started
18:26:21.0515 3284 Mode: Manual; SigCheck; TDLFS;
18:26:21.0515 3284 ============================================================
18:26:22.0046 3284 Abiosdsk - ok
18:26:22.0062 3284 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:26:22.0218 3284 abp480n5 - ok
18:26:22.0265 3284 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:22.0343 3284 ACPI - ok
18:26:22.0375 3284 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:22.0468 3284 ACPIEC - ok
18:26:22.0515 3284 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:26:22.0531 3284 ADIHdAudAddService - ok
18:26:22.0562 3284 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:26:22.0656 3284 adpu160m - ok
18:26:22.0703 3284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:22.0781 3284 aec - ok
18:26:22.0828 3284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:26:22.0906 3284 AFD - ok
18:26:22.0937 3284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:23.0031 3284 agp440 - ok
18:26:23.0031 3284 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:26:23.0125 3284 agpCPQ - ok
18:26:23.0140 3284 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:26:23.0218 3284 Aha154x - ok
18:26:23.0218 3284 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:26:23.0312 3284 aic78u2 - ok
18:26:23.0312 3284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:26:23.0406 3284 aic78xx - ok
18:26:23.0453 3284 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
18:26:23.0578 3284 aksfridge - ok
18:26:23.0640 3284 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
18:26:23.0656 3284 akshasp - ok
18:26:23.0671 3284 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
18:26:23.0671 3284 aksusb - ok
18:26:23.0718 3284 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
18:26:23.0796 3284 Alerter - ok
18:26:23.0828 3284 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
18:26:23.0875 3284 ALG - ok
18:26:23.0906 3284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:26:24.0015 3284 AliIde - ok
18:26:24.0031 3284 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:26:24.0109 3284 alim1541 - ok
18:26:24.0156 3284 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:26:24.0234 3284 amdagp - ok
18:26:24.0281 3284 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:26:24.0343 3284 amsint - ok
18:26:24.0546 3284 AntiVirSchedulerService (280c41d70b16dc6af4235ff7000e5cd3) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:26:24.0562 3284 AntiVirSchedulerService - ok
18:26:24.0578 3284 AntiVirService (e545beff703229a10b56026b83add8b4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:26:24.0593 3284 AntiVirService - ok
18:26:24.0625 3284 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll
18:26:24.0671 3284 AppMgmt - ok
18:26:24.0718 3284 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:26:24.0796 3284 asc - ok
18:26:24.0812 3284 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:26:24.0859 3284 asc3350p - ok
18:26:24.0875 3284 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:26:25.0000 3284 asc3550 - ok
18:26:25.0046 3284 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
18:26:25.0046 3284 ASFIPmon - ok
18:26:25.0109 3284 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
18:26:25.0125 3284 ASPI ( UnsignedFile.Multi.Generic ) - warning
18:26:25.0125 3284 ASPI - detected UnsignedFile.Multi.Generic (1)
18:26:25.0265 3284 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:26:25.0281 3284 aspnet_state - ok
18:26:25.0328 3284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:25.0406 3284 AsyncMac - ok
18:26:25.0437 3284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:25.0531 3284 atapi - ok
18:26:25.0546 3284 Atdisk - ok
18:26:25.0546 3284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:25.0640 3284 Atmarpc - ok
18:26:25.0687 3284 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
18:26:25.0781 3284 AudioSrv - ok
18:26:25.0828 3284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:25.0906 3284 audstub - ok
18:26:25.0953 3284 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:26:26.0000 3284 avgntflt - ok
18:26:26.0031 3284 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:26:26.0046 3284 avipbb - ok
18:26:26.0078 3284 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:26:26.0078 3284 avkmgr - ok
18:26:26.0125 3284 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:26:26.0125 3284 b57w2k - ok
18:26:26.0187 3284 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
18:26:26.0187 3284 BASFND ( UnsignedFile.Multi.Generic ) - warning
18:26:26.0187 3284 BASFND - detected UnsignedFile.Multi.Generic (1)
18:26:26.0296 3284 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:26:26.0312 3284 BBSvc - ok
18:26:26.0375 3284 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:26:26.0390 3284 BBUpdate - ok
18:26:26.0421 3284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:26.0515 3284 Beep - ok
18:26:26.0578 3284 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
18:26:26.0671 3284 BITS - ok
18:26:26.0718 3284 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
18:26:26.0812 3284 Browser - ok
18:26:26.0843 3284 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:26:26.0937 3284 cbidf - ok
18:26:26.0937 3284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:27.0015 3284 cbidf2k - ok
18:26:27.0031 3284 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:26:27.0109 3284 cd20xrnt - ok
18:26:27.0140 3284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:27.0234 3284 Cdaudio - ok
18:26:27.0296 3284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:27.0390 3284 Cdfs - ok
18:26:27.0406 3284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:27.0484 3284 Cdrom - ok
18:26:27.0484 3284 Changer - ok
18:26:27.0546 3284 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
18:26:27.0625 3284 CiSvc - ok
18:26:27.0656 3284 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
18:26:27.0750 3284 ClipSrv - ok
18:26:27.0890 3284 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:26:27.0906 3284 clr_optimization_v2.0.50727_32 - ok
18:26:27.0984 3284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:26:28.0000 3284 clr_optimization_v4.0.30319_32 - ok
18:26:28.0031 3284 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:26:28.0140 3284 CmdIde - ok
18:26:28.0140 3284 COMSysApp - ok
18:26:28.0171 3284 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:26:28.0281 3284 Cpqarray - ok
18:26:28.0328 3284 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
18:26:28.0406 3284 CryptSvc - ok
18:26:28.0468 3284 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:26:28.0578 3284 dac2w2k - ok
18:26:28.0609 3284 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:26:28.0703 3284 dac960nt - ok
18:26:28.0765 3284 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
18:26:28.0781 3284 DcomLaunch - ok
18:26:28.0843 3284 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
18:26:28.0921 3284 Dhcp - ok
18:26:28.0953 3284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:29.0031 3284 Disk - ok
18:26:29.0031 3284 dmadmin - ok
18:26:29.0093 3284 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:29.0234 3284 dmboot - ok
18:26:29.0234 3284 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
18:26:29.0328 3284 dmio - ok
18:26:29.0343 3284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:29.0453 3284 dmload - ok
18:26:29.0500 3284 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
18:26:29.0593 3284 dmserver - ok
18:26:29.0609 3284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:29.0703 3284 DMusic - ok
18:26:29.0750 3284 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
18:26:29.0765 3284 Dnscache - ok
18:26:29.0828 3284 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
18:26:29.0906 3284 Dot3svc - ok
18:26:29.0953 3284 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:26:30.0031 3284 dpti2o - ok
18:26:30.0078 3284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:30.0156 3284 drmkaud - ok
18:26:30.0218 3284 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:26:30.0296 3284 E100B - ok
18:26:30.0359 3284 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
18:26:30.0437 3284 EapHost - ok
18:26:30.0500 3284 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
18:26:30.0593 3284 ERSvc - ok
18:26:30.0656 3284 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
18:26:30.0656 3284 Eventlog - ok
18:26:30.0718 3284 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
18:26:30.0734 3284 EventSystem - ok
18:26:30.0750 3284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:30.0828 3284 Fastfat - ok
18:26:30.0890 3284 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:30.0906 3284 FastUserSwitchingCompatibility - ok
18:26:30.0968 3284 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe
18:26:31.0062 3284 Fax - ok
18:26:31.0125 3284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:31.0203 3284 Fdc - ok
18:26:31.0218 3284 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
18:26:31.0328 3284 Fips - ok
18:26:31.0343 3284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:26:31.0421 3284 Flpydisk - ok
18:26:31.0484 3284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:31.0562 3284 FltMgr - ok
18:26:31.0718 3284 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:26:31.0734 3284 FontCache3.0.0.0 - ok
18:26:31.0781 3284 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:26:31.0796 3284 fssfltr - ok
18:26:32.0000 3284 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:26:32.0031 3284 fsssvc - ok
18:26:32.0078 3284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:32.0171 3284 Fs_Rec - ok
18:26:32.0250 3284 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:32.0343 3284 Ftdisk - ok
18:26:32.0390 3284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:32.0484 3284 Gpc - ok
18:26:32.0640 3284 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:32.0640 3284 gupdate - ok
18:26:32.0656 3284 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:32.0656 3284 gupdatem - ok
18:26:32.0734 3284 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
18:26:32.0843 3284 Hardlock - ok
18:26:32.0843 3284 hasplms - ok
18:26:32.0906 3284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:26:33.0000 3284 HDAudBus - ok
18:26:33.0109 3284 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:26:33.0187 3284 helpsvc - ok
18:26:33.0234 3284 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
18:26:33.0312 3284 HidServ - ok
18:26:33.0359 3284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:26:33.0453 3284 HidUsb - ok
18:26:33.0515 3284 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
18:26:33.0609 3284 hkmsvc - ok
18:26:33.0671 3284 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:26:33.0750 3284 hpn - ok
18:26:33.0812 3284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:33.0828 3284 HTTP - ok
18:26:33.0890 3284 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
18:26:33.0984 3284 HTTPFilter - ok
18:26:34.0046 3284 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:26:34.0140 3284 i2omgmt - ok
18:26:34.0156 3284 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:26:34.0265 3284 i2omp - ok
18:26:34.0281 3284 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:34.0375 3284 i8042prt - ok
18:26:34.0531 3284 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:26:34.0546 3284 IAANTMON - ok
18:26:34.0625 3284 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
18:26:34.0640 3284 iaStor - ok
18:26:34.0718 3284 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:26:34.0718 3284 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:26:34.0718 3284 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:26:34.0906 3284 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:26:34.0937 3284 idsvc - ok
18:26:35.0046 3284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:35.0140 3284 Imapi - ok
18:26:35.0203 3284 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
18:26:35.0296 3284 ImapiService - ok
18:26:35.0343 3284 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:26:35.0453 3284 ini910u - ok
18:26:35.0500 3284 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:26:35.0578 3284 IntelIde - ok
18:26:35.0640 3284 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:35.0718 3284 intelppm - ok
18:26:35.0734 3284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:26:35.0812 3284 Ip6Fw - ok
18:26:35.0875 3284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:35.0953 3284 IpFilterDriver - ok
18:26:35.0968 3284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:36.0046 3284 IpInIp - ok
18:26:36.0078 3284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:36.0156 3284 IpNat - ok
18:26:36.0187 3284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:36.0265 3284 IPSec - ok
18:26:36.0312 3284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:36.0359 3284 IRENUM - ok
18:26:36.0421 3284 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:36.0515 3284 isapnp - ok
18:26:36.0703 3284 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
18:26:36.0718 3284 JavaQuickStarterService - ok
18:26:36.0734 3284 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:36.0812 3284 Kbdclass - ok
18:26:36.0843 3284 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:26:36.0921 3284 kbdhid - ok
18:26:36.0984 3284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:37.0078 3284 kmixer - ok
18:26:37.0125 3284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:37.0156 3284 KSecDD - ok
18:26:37.0203 3284 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
18:26:37.0218 3284 lanmanserver - ok
18:26:37.0265 3284 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
18:26:37.0281 3284 lanmanworkstation - ok
18:26:37.0312 3284 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:26:37.0328 3284 Lbd - ok
18:26:37.0328 3284 lbrtfdc - ok
18:26:37.0406 3284 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
18:26:37.0484 3284 LmHosts - ok
18:26:37.0593 3284 LMIGuardianSvc (c6a4fa0beed6e4198ddd8b8ee136cf80) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:26:37.0609 3284 LMIGuardianSvc - ok
18:26:37.0656 3284 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:26:37.0671 3284 LMIInfo - ok
18:26:37.0718 3284 LMIMaint (6295a19e8a6486ff8a13a1b2f4e461e0) C:\Program Files\LogMeIn\x86\RaMaint.exe
18:26:37.0734 3284 LMIMaint - ok
18:26:37.0781 3284 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:26:37.0781 3284 lmimirr - ok
18:26:37.0796 3284 LMIRfsClientNP - ok
18:26:37.0812 3284 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:26:37.0828 3284 LMIRfsDriver - ok
18:26:37.0890 3284 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:26:37.0906 3284 LogMeIn - ok
18:26:37.0984 3284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:26:38.0000 3284 MBAMProtector - ok
18:26:38.0109 3284 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:26:38.0125 3284 MBAMService - ok
18:26:38.0187 3284 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
18:26:38.0265 3284 Messenger - ok
18:26:38.0312 3284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:38.0421 3284 mnmdd - ok
18:26:38.0468 3284 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
18:26:38.0546 3284 mnmsrvc - ok
18:26:38.0578 3284 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
18:26:38.0656 3284 Modem - ok
18:26:38.0687 3284 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:38.0781 3284 Mouclass - ok
18:26:38.0828 3284 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:26:38.0906 3284 mouhid - ok
18:26:38.0953 3284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:39.0046 3284 MountMgr - ok
18:26:39.0078 3284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:26:39.0171 3284 mraid35x - ok
18:26:39.0203 3284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:39.0281 3284 MRxDAV - ok
18:26:39.0328 3284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:39.0375 3284 MRxSmb - ok
18:26:39.0531 3284 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:26:39.0531 3284 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:26:39.0531 3284 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:26:39.0578 3284 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
18:26:39.0671 3284 MSDTC - ok
18:26:39.0687 3284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:39.0765 3284 Msfs - ok
18:26:39.0781 3284 MSIServer - ok
18:26:39.0812 3284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:39.0921 3284 MSKSSRV - ok
18:26:39.0953 3284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:40.0046 3284 MSPCLOCK - ok
18:26:40.0093 3284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:40.0171 3284 MSPQM - ok
18:26:40.0234 3284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:40.0312 3284 mssmbios - ok
18:26:40.0359 3284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:26:40.0437 3284 Mup - ok
18:26:40.0515 3284 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
18:26:40.0609 3284 napagent - ok
18:26:40.0671 3284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:40.0750 3284 NDIS - ok
18:26:40.0796 3284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:40.0828 3284 NdisTapi - ok
18:26:40.0875 3284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:40.0953 3284 Ndisuio - ok
18:26:41.0000 3284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:41.0078 3284 NdisWan - ok
18:26:41.0109 3284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:41.0218 3284 NDProxy - ok
18:26:41.0265 3284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:41.0359 3284 NetBIOS - ok
18:26:41.0406 3284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:41.0484 3284 NetBT - ok
18:26:41.0546 3284 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
18:26:41.0640 3284 NetDDE - ok
18:26:41.0640 3284 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
18:26:41.0734 3284 NetDDEdsdm - ok
18:26:41.0765 3284 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:41.0843 3284 Netlogon - ok
18:26:41.0875 3284 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
18:26:41.0968 3284 Netman - ok
18:26:42.0125 3284 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:26:42.0140 3284 NetTcpPortSharing - ok
18:26:42.0203 3284 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
18:26:42.0218 3284 Nla - ok
18:26:42.0234 3284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:42.0328 3284 Npfs - ok
18:26:42.0406 3284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:42.0531 3284 Ntfs - ok
18:26:42.0546 3284 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:42.0640 3284 NtLmSsp - ok
18:26:42.0687 3284 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
18:26:42.0781 3284 NtmsSvc - ok
18:26:42.0890 3284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:42.0984 3284 Null - ok
18:26:43.0343 3284 nv (11d00ba58270a128354f3ea2262587cc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:26:43.0640 3284 nv - ok
18:26:43.0781 3284 NVSvc (6a5560227f7a7597829c8073b5dc704e) C:\WINDOWS\system32\nvsvc32.exe
18:26:43.0796 3284 NVSvc - ok
18:26:43.0843 3284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:43.0921 3284 NwlnkFlt - ok
18:26:43.0937 3284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:44.0031 3284 NwlnkFwd - ok
18:26:44.0125 3284 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:44.0125 3284 ose - ok
18:26:44.0234 3284 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:26:44.0250 3284 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0250 3284 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:26:44.0296 3284 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys
18:26:44.0312 3284 papycpu2 ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0312 3284 papycpu2 - detected UnsignedFile.Multi.Generic (1)
18:26:44.0312 3284 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys
18:26:44.0328 3284 papyjoy ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0328 3284 papyjoy - detected UnsignedFile.Multi.Generic (1)
18:26:44.0390 3284 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:44.0468 3284 Parport - ok
18:26:44.0531 3284 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
18:26:44.0546 3284 Partizan - ok
18:26:44.0593 3284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:44.0671 3284 PartMgr - ok
18:26:44.0718 3284 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:44.0796 3284 ParVdm - ok
18:26:44.0812 3284 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:44.0906 3284 PCI - ok
18:26:44.0921 3284 PCIDump - ok
18:26:44.0953 3284 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:45.0062 3284 PCIIde - ok
18:26:45.0109 3284 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:45.0187 3284 Pcmcia - ok
18:26:45.0203 3284 PDCOMP - ok
18:26:45.0218 3284 PDFRAME - ok
18:26:45.0218 3284 PDRELI - ok
18:26:45.0234 3284 PDRFRAME - ok
18:26:45.0265 3284 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:26:45.0359 3284 perc2 - ok
18:26:45.0375 3284 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:26:45.0500 3284 perc2hib - ok
18:26:45.0578 3284 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
18:26:45.0593 3284 PlugPlay - ok
18:26:45.0609 3284 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:45.0687 3284 PolicyAgent - ok
18:26:45.0750 3284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:45.0843 3284 PptpMiniport - ok
18:26:45.0843 3284 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:45.0937 3284 ProtectedStorage - ok
18:26:45.0937 3284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:46.0046 3284 PSched - ok
18:26:46.0078 3284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:46.0187 3284 Ptilink - ok
18:26:46.0234 3284 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:26:46.0250 3284 PxHelp20 - ok
18:26:46.0281 3284 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:26:46.0375 3284 ql1080 - ok
18:26:46.0375 3284 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:26:46.0500 3284 Ql10wnt - ok
18:26:46.0531 3284 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:26:46.0609 3284 ql12160 - ok
18:26:46.0656 3284 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:26:46.0750 3284 ql1240 - ok
18:26:46.0796 3284 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:26:46.0906 3284 ql1280 - ok
18:26:46.0953 3284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:47.0031 3284 RasAcd - ok
18:26:47.0093 3284 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
18:26:47.0171 3284 RasAuto - ok
18:26:47.0187 3284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:47.0281 3284 Rasl2tp - ok
18:26:47.0343 3284 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
18:26:47.0421 3284 RasMan - ok
18:26:47.0453 3284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:47.0531 3284 RasPppoe - ok
18:26:47.0562 3284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:47.0656 3284 Raspti - ok
18:26:47.0703 3284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:47.0796 3284 Rdbss - ok
18:26:47.0812 3284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:47.0890 3284 RDPCDD - ok
18:26:47.0953 3284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:48.0031 3284 rdpdr - ok
18:26:48.0093 3284 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:48.0171 3284 RDPWD - ok
18:26:48.0203 3284 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
18:26:48.0296 3284 RDSessMgr - ok
18:26:48.0328 3284 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:48.0406 3284 redbook - ok
18:26:48.0468 3284 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
18:26:48.0562 3284 RemoteAccess - ok
18:26:48.0609 3284 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll
18:26:48.0750 3284 RemoteRegistry - ok
18:26:48.0812 3284 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
18:26:48.0890 3284 RpcLocator - ok
18:26:48.0953 3284 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
18:26:48.0968 3284 RpcSs - ok
18:26:49.0046 3284 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
18:26:49.0140 3284 RSVP - ok
18:26:49.0187 3284 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:49.0265 3284 SamSs - ok
18:26:49.0312 3284 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
18:26:49.0406 3284 SCardSvr - ok
18:26:49.0453 3284 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
18:26:49.0546 3284 Schedule - ok
18:26:49.0593 3284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:49.0640 3284 Secdrv - ok
18:26:49.0687 3284 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
18:26:49.0781 3284 seclogon - ok
18:26:49.0843 3284 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
18:26:49.0859 3284 SenFiltService - ok
18:26:49.0921 3284 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
18:26:50.0015 3284 SENS - ok
18:26:50.0062 3284 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:26:50.0078 3284 Sentinel - ok
18:26:50.0187 3284 SentinelKeysServer (731d9b3de4bc0a3e0830b9bf9dbce2a5) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
18:26:50.0203 3284 SentinelKeysServer - ok
18:26:50.0218 3284 SentinelProtectionServer (925e88d7c5a51e25769d9ceb4f7f2e85) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
18:26:50.0234 3284 SentinelProtectionServer - ok
18:26:50.0296 3284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:50.0375 3284 serenum - ok
18:26:50.0375 3284 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:50.0468 3284 Serial - ok
18:26:50.0515 3284 sermouse (e45e17f93a7692a040c7bcd63907d505) C:\WINDOWS\system32\DRIVERS\sermouse.sys
18:26:50.0609 3284 sermouse - ok
18:26:50.0687 3284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:50.0781 3284 Sfloppy - ok
18:26:50.0843 3284 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
18:26:50.0937 3284 SharedAccess - ok
18:26:51.0000 3284 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:51.0015 3284 ShellHWDetection - ok
18:26:51.0015 3284 Simbad - ok
18:26:51.0062 3284 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:26:51.0140 3284 sisagp - ok
18:26:51.0203 3284 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:26:51.0218 3284 SNTNLUSB - ok
18:26:51.0328 3284 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
18:26:51.0328 3284 SonicStage Back-End Service - ok
18:26:51.0375 3284 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:26:51.0453 3284 Sparrow - ok
18:26:51.0484 3284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:51.0578 3284 splitter - ok
18:26:51.0625 3284 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:26:51.0656 3284 Spooler - ok
18:26:51.0703 3284 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:26:51.0703 3284 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:26:51.0703 3284 SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:26:51.0765 3284 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:51.0812 3284 sr - ok
18:26:51.0859 3284 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
18:26:51.0906 3284 srservice - ok
18:26:51.0937 3284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:51.0984 3284 Srv - ok
18:26:52.0000 3284 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
18:26:52.0046 3284 SSDPSRV - ok
18:26:52.0093 3284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:26:52.0109 3284 ssmdrv - ok
18:26:52.0140 3284 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
18:26:52.0140 3284 SSScsiSV - ok
18:26:52.0187 3284 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
18:26:52.0281 3284 stisvc - ok
18:26:52.0296 3284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:52.0390 3284 swenum - ok
18:26:52.0437 3284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:52.0531 3284 swmidi - ok
18:26:52.0546 3284 SwPrv - ok
18:26:52.0593 3284 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:26:52.0687 3284 symc810 - ok
18:26:52.0734 3284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:26:52.0812 3284 symc8xx - ok
18:26:52.0828 3284 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:26:52.0953 3284 sym_hi - ok
18:26:52.0953 3284 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:26:53.0046 3284 sym_u3 - ok
18:26:53.0078 3284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:53.0156 3284 sysaudio - ok
18:26:53.0187 3284 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
18:26:53.0265 3284 SysmonLog - ok
18:26:53.0312 3284 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
18:26:53.0406 3284 TapiSrv - ok
18:26:53.0468 3284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:53.0500 3284 Tcpip - ok
18:26:53.0546 3284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:53.0625 3284 TDPIPE - ok
18:26:53.0640 3284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:53.0734 3284 TDTCP - ok
18:26:53.0781 3284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:53.0875 3284 TermDD - ok
18:26:53.0937 3284 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
18:26:54.0046 3284 TermService - ok
18:26:54.0109 3284 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:54.0125 3284 Themes - ok
18:26:54.0171 3284 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe
18:26:54.0218 3284 TlntSvr - ok
18:26:54.0250 3284 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
18:26:54.0359 3284 TosIde - ok
18:26:54.0421 3284 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
18:26:54.0500 3284 TrkWks - ok
18:26:54.0640 3284 TrueSwordSchedulerService (29d085fdca4734c4dda1db5448c1ab6a) C:\Program Files\True Sword 5\TrueSwordSchedule.exe
18:26:54.0656 3284 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - warning
18:26:54.0656 3284 TrueSwordSchedulerService - detected UnsignedFile.Multi.Generic (1)
18:26:54.0718 3284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:54.0812 3284 Udfs - ok
18:26:54.0859 3284 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:26:54.0921 3284 ultra - ok
18:26:54.0984 3284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:55.0078 3284 Update - ok
18:26:55.0125 3284 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
18:26:55.0171 3284 upnphost - ok
18:26:55.0218 3284 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
18:26:55.0296 3284 UPS - ok
18:26:55.0343 3284 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
18:26:55.0359 3284 usbbus - ok
18:26:55.0390 3284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:26:55.0468 3284 usbccgp - ok
18:26:55.0515 3284 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
18:26:55.0546 3284 UsbDiag - ok
18:26:55.0609 3284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:55.0687 3284 usbehci - ok
18:26:55.0734 3284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:55.0812 3284 usbhub - ok
18:26:55.0875 3284 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
18:26:55.0890 3284 USBModem - ok
18:26:55.0937 3284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:56.0031 3284 usbscan - ok
18:26:56.0078 3284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:26:56.0156 3284 USBSTOR - ok
18:26:56.0187 3284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:26:56.0281 3284 usbuhci - ok
18:26:56.0328 3284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:56.0437 3284 VgaSave - ok
18:26:56.0453 3284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:26:56.0531 3284 viaagp - ok
18:26:56.0562 3284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:26:56.0671 3284 ViaIde - ok
18:26:56.0718 3284 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:56.0796 3284 VolSnap - ok
18:26:56.0859 3284 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
18:26:56.0906 3284 VSS - ok
18:26:56.0937 3284 w32time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
18:26:57.0015 3284 w32time - ok
18:26:57.0046 3284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:57.0125 3284 Wanarp - ok
18:26:57.0125 3284 WDICA - ok
18:26:57.0171 3284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:57.0265 3284 wdmaud - ok
18:26:57.0312 3284 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
18:26:57.0406 3284 WebClient - ok
18:26:57.0484 3284 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:26:57.0578 3284 winmgmt - ok
18:26:57.0640 3284 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
18:26:57.0640 3284 WmBEnum - ok
18:26:57.0703 3284 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:26:57.0734 3284 WmdmPmSN - ok
18:26:57.0750 3284 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
18:26:57.0750 3284 WmFilter - ok
18:26:57.0765 3284 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys
18:26:57.0781 3284 WmHidLo - ok
18:26:57.0843 3284 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll
18:26:57.0875 3284 Wmi - ok
18:26:57.0921 3284 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:26:58.0015 3284 WmiApSrv - ok
18:26:58.0187 3284 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:26:58.0203 3284 WMPNetworkSvc - ok
18:26:58.0296 3284 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
18:26:58.0312 3284 WmVirHid - ok
18:26:58.0359 3284 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
18:26:58.0359 3284 WmXlCore - ok
18:26:58.0593 3284 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:58.0625 3284 WPFFontCache_v0400 - ok
18:26:58.0671 3284 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
18:26:58.0765 3284 wscsvc - ok
18:26:58.0781 3284 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
18:26:58.0875 3284 wuauserv - ok
18:26:58.0937 3284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:26:58.0968 3284 WudfPf - ok
18:26:58.0984 3284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:26:59.0000 3284 WudfRd - ok
18:26:59.0015 3284 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:26:59.0031 3284 WudfSvc - ok
18:26:59.0093 3284 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
18:26:59.0203 3284 WZCSVC - ok
18:26:59.0203 3284 xcpip - ok
18:26:59.0265 3284 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
18:26:59.0359 3284 xmlprov - ok
18:26:59.0359 3284 xpsec - ok
18:26:59.0406 3284 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
18:26:59.0406 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:26:59.0406 3284 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:26:59.0484 3284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR11
18:26:59.0609 3284 \Device\Harddisk5\DR11 - ok
18:26:59.0640 3284 Boot (0x1200) (d7d68ccdd29528c210a18cbf741ba615) \Device\Harddisk0\DR0\Partition0
18:26:59.0640 3284 \Device\Harddisk0\DR0\Partition0 - ok
18:26:59.0640 3284 Boot (0x1200) (938abd51bca1b2f72e10815330436741) \Device\Harddisk5\DR11\Partition0
18:26:59.0640 3284 \Device\Harddisk5\DR11\Partition0 - ok
18:26:59.0640 3284 ============================================================
18:26:59.0640 3284 Scan finished
18:26:59.0640 3284 ============================================================
18:26:59.0765 3612 Detected object count: 10
18:26:59.0765 3612 Actual detected object count: 10
18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0750 3612 \Device\Harddisk0\DR0\# - copied to quarantine
18:27:53.0750 3612 \Device\Harddisk0\DR0 - copied to quarantine
18:27:53.0750 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:27:53.0765 3612 \Device\Harddisk0\DR0 - ok
18:27:53.0765 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:28:00.0968 3524 Deinitialize success - Eerst even dit, er is geen Windows die gelijk is aan een andere Windows!
Daarom alleen al is het verstandiger je probleem in een eigen topic te posten!
Hoe lang is het geleden dat jij geïnternetbankierd hebt.
Want Mebroot/Sinowal is ook een backdoor, gespecialiseerd in identiteitsdiefstal! - die vraag zag ik in het vorige topic ook al staan en ben daar bij mezelf al even over te rade gegaan.
Ik zou het echter eerlijk gezegd niet meer precies weten, maar volgens mij vorige week zeker een keer.
Zondagavond valt mij ineens in, toen heb ik gekeken op internetbankieren. Ik heb toen geen overboekingen gedaan.
Zijn daar nog zaken die ik zou moeten regelen??
Overigens zijn de problemen die ik merkte met internet enzo, wel verholpen.
Ook heb ik ineens weer de windows opstart/afsluitgeluiden die al tijden weg waren.
Thanx voor de reacties tot dusver - Bij welke bank zit jij?
En je mag het volgende gaan doen:
[b:498d2930dd]Welk programma[/b:498d2930dd]: - bij de rabobank.
hier is de log:
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 23-5-2012 21:32:36
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 23-5-2012 21:33:00
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Ontdekt: Trace.TrackingCookie.www.etracker.de!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Ontdekt: Trace.TrackingCookie.sex!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Ontdekt: Trace.TrackingCookie.adfarm1.adition.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Ontdekt: Trace.TrackingCookie.1xxx.cqcounter.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Ontdekt: Trojan-Spy.Zbot!IK
C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Ontdekt: HTML.Crypted!IK
C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Ontdekt: Exploit.PDF!IK
C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK
Gescand
Bestanden: 414943
Sporen: 555017
Cookies: 2183
Processen: 48
Gevonden
Bestanden: 5
Sporen: 0
Cookies: 66
Processen: 0
Registersleutels: 0
Scan Geëindigd: 24-5-2012 0:35:55
Scantijd: 3:02:55
C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK
C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Verwijderd Exploit.PDF!IK
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Verwijderd HTML.Crypted!IK
C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Verwijderd Trojan-Spy.Zbot!IK
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Verwijderd Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Verwijderd Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Verwijderd Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Verwijderd Trace.TrackingCookie.1xxx.cqcounter.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Verwijderd Trace.TrackingCookie.adfarm1.adition.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Verwijderd Trace.TrackingCookie.sex!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Verwijderd Trace.TrackingCookie.www.etracker.de!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
Verwijderd
Bestanden: 5
Sporen: 0
Cookies: 57 - Hoi - gooi de oude ComboFix naar de prullenbak.
[b:6859b30cfc]Welk programma[/b:6859b30cfc]: - Bij deze de nieuwe log,
nu weer vlug avira erop zetten, die kreeg ik namelijk zo vlug niet uitgeschakeld, bij de vorige combifix had ik namelijk een waarschuwing genegeerd, maar dat wilde ik nu niet doen.
ComboFix 12-05-24.03 - Angelique 24-05-2012 22:09:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1565 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-24 to 2012-05-24 ))))))))))))))))))))))))))))))
.
.
2012-05-23 18:53 . 2012-05-23 18:53 ——– d–h–r- c:\documents and settings\LocalService\Onlangs geopend
2012-05-23 17:30 . 2012-05-23 19:29 ——– d—–w- c:\windows\system32\NtmsData
2012-05-23 16:27 . 2012-05-23 16:27 ——– d—–w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 17:18 ——– d—–w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 17:18 ——– d—–w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 06:06 . 2012-05-23 16:23 ——– d—–w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 05:24 . 2012-05-23 05:24 ——– d—–w- c:\windows\system32\Adobe
2012-05-23 05:19 . 2012-05-23 05:22 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 20:25 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 17:37 ——– d—–w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:55 . 2004-08-03 23:58 2031104 —-a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 —-a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 —-a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ——w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ——w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-09-13 12:52 177664 —-a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-09-13 12:52 148480 —-a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-09-13 12:52 385024 ——w- c:\windows\system32\html.iec
2010-03-31 08:09 . 2010-03-31 08:09 10437264 —-a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 —-a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-24 20:07 . 2012-05-24 20:07 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 —-a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run –> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3756)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-05-24 22:18:29
ComboFix-quarantined-files.txt 2012-05-24 20:18
ComboFix2.txt 2012-05-23 16:53
.
Pre-Run: 103.602.896.896 bytes beschikbaar
Post-Run: 103.591.497.728 bytes beschikbaar
.
- - End Of File - - 463F19080495CFED1066F2EB8B58E6DE - Ik breng het topic nog eens even onder de aandacht.
Is de geplaatste combofix log oke?
En is het weer veilig om thuis internetbankieren te starten?
Alvast bedankt voor reacties.
Groet
Angelique - Hallo Angelique, ik heb jou schijnbaar over het hoofd heen gezien, dus die bump van je is perfekt.
Ja, in principe mag je alweer internetbankieren hoor.
Maar er moet nog het een en ander gedaan worden - we gebruiken daarvoor ComboFix opnieuw met een script.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:6684b9c373]Kladblok (of Notepad)[/b:6684b9c373]".
Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[b:6684b9c373] - Hoi Abraham54,
Dank je alweer voor je reactie.
Ik heb geduld hoor, ik kan me ook voorstellen dat je niet iedere dag tijd hebt om anderen te helpen :roll:
goed,
daar komt de logfile weer.
Combofix had trouwens zelf de pc opnieuw opgestart.
ComboFix 12-05-29.01 - Angelique 29-05-2012 18:49:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1468 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Angelique\Bureaublad\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\program files\Ask.com\Updater\Updater.exe"
"c:\windows\system32\drivers\Partizan.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\Partizan.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_PARTIZAN
——-\Service_Partizan
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))
.
.
2012-05-25 05:37 . 2012-05-25 05:37 4126880 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-25 05:30 . 2012-05-25 05:37 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 20:28 . 2012-05-24 20:28 ——– d—–w- c:\documents and settings\Angelique\Application Data\Avira
2012-05-24 20:23 . 2012-02-03 13:28 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-24 20:23 . 2012-02-03 13:28 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-24 20:23 . 2012-02-03 13:28 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-24 20:23 . 2012-05-24 20:23 ——– d—–w- c:\program files\Avira
2012-05-24 20:23 . 2012-05-24 20:23 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
2012-05-23 18:53 . 2012-05-23 18:53 ——– d–h–r- c:\documents and settings\LocalService\Onlangs geopend
2012-05-23 17:30 . 2012-05-23 19:29 ——– d—–w- c:\windows\system32\NtmsData
2012-05-23 16:27 . 2012-05-23 16:27 ——– d—–w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 17:18 ——– d—–w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 17:18 ——– d—–w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 06:06 . 2012-05-23 16:23 ——– d—–w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 05:24 . 2012-05-23 05:24 ——– d—–w- c:\windows\system32\Adobe
2012-05-23 05:19 . 2012-05-23 05:22 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 20:25 ——– d—–w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 17:37 ——– d—–w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 05:37 . 2011-09-29 19:57 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-03 23:58 2031104 —-a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 —-a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 —-a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ——w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ——w- c:\windows\system32\inetcpl.cpl
2010-03-31 08:09 . 2010-03-31 08:09 10437264 —-a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 —-a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-29 16:57 . 2012-05-29 16:57 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2012-05-25 05:30 . 2012-05-25 05:30 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-25 05:37 . 2012-05-25 05:37 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-25 05:37 . 2012-05-25 05:37 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-25 05:30 . 2012-05-25 05:37 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-25 05:30 . 2012-05-25 05:30 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 —-a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-5-2012 22:23 36000]
R2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [24-5-2012 22:23 86224]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run –> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 7:30 257696]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 05:37]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 18:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-29 19:03:30 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-29 17:03
ComboFix2.txt 2012-05-24 20:18
ComboFix3.txt 2012-05-23 16:53
.
Pre-Run: 102.759.084.032 bytes beschikbaar
Post-Run: 102.769.627.136 bytes beschikbaar
.
- - End Of File - - 8E26DE5CB095AD7AF1CFB62737D650F0 - Hoe gaat het nu?
- De problemen die ik had met internet waren in feite al weg na de eerste combifix,.
met andere woorden, ik merk niets meer.
Ik begrijp uit jouw vraag, dat er ook niets meer in de log terug te vinden is?? - Fijn dat alles weer oké lijkt.
Als de laatste test ook schoon blijft, moet het goed zijn.
[b:56ef3731fe]Doe de ESET online scan (Klik).[/b:56ef3731fe]
[list:56ef3731fe]
[*:56ef3731fe]Klik op de knop [b:56ef3731fe]ESET Online Scanner[/b:56ef3731fe]
[*:56ef3731fe]Zet een vinkje bij [b:56ef3731fe]YES, I accept the Terms of Use[/b:56ef3731fe]
[*:56ef3731fe]Klik op [b:56ef3731fe]Start[/b:56ef3731fe]
[*:56ef3731fe]Sta het ActiveX control toe om te installeren.
[*:56ef3731fe]Zet een vinkje bij de volgende opties:
[list:56ef3731fe][*:56ef3731fe][b:56ef3731fe]Remove found threats[/b:56ef3731fe]
[*:56ef3731fe][b:56ef3731fe]Scan archives[/b:56ef3731fe][/list:u:56ef3731fe]
[*:56ef3731fe]Klik vervolgens op [b:56ef3731fe] - klaar…………
maaruh,
toch nog 6 meldingen gekregen :cry:
Maar wie weet valt het toch wel mee
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=de376b363ca46f47a4fad7305ffad576
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-29 09:26:12
# local_time=2012-05-29 11:26:12 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 428911 428911 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=158846
# found=6
# cleaned=6
# scan_time=6874
C:\Documents and Settings\Marc\Local Settings\Temp\sivSetup.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Marc\Local Settings\Temp\ICReinstall\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Marc\Mijn documenten\Downloads\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1124\A0288375.exe a variant of Win32/Kryptik.ZNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1129\A0289192.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C - Hallo, we gaan nog een keer uitgebreid kijken:
[b:fbfdae6836]Welk programma[/b:fbfdae6836]: - hoihoi,
Terug van mijn werk de scan laten lopen.
Bijgaand de logfiles
OTL logfile created on: 30-5-2012 18:44:31 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS
Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
- de extras.txt staat er dus inderdaad niet helemaal op,
dus maar even in een nieuw bericht.
OTL Extras logfile created on: 30-5-2012 18:44:31 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS
Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
- Hoi, ik wil dat je nu eerst het volgende doet:
ga naar Configuratiescherm\[b:67e0985a9b]Software[/b:67e0985a9b] en verwijder daar
a) Lavasoft AdAware
en
b) PCTools Spyware Doctor
Beide tools heb je niet meer nodig.
Daarna:
[b:67e0985a9b]sluit voordat
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.