Mijn pc is erg traag, ook is regelmatig de systeemdatum en tijd aangepast.
Heb des ondanks geen virussen of malware aangetroffen.
Internet duurt ooklang om op te starten.

Hieronder de logs:

MBAM
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.04.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob :: BOB-A601S66XUVI [administrator]

30-4-2012 18:19:48
mbam-log-2012-04-30 (18-19-48).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 226648
Verstreken tijd: 8 minuut/minuten, 10 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)


ARK.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-30 18:18:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2000JB-55GVA0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\BOB~1.BOB\LOCALS~1\Temp\uxlyqfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF65FD610]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF865A028]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF8659FE0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF864DB00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF65FDC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF65FD730]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF864E5DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF865A120]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF864DB40]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF8659FA4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF65FD4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF65FD570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF65FD6D0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF864E5FC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF865A076]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF65FD790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF65FD690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF65FD650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF65FD7D0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF8659550]
SSDT sptd.sys ZwSetValueKey [0xF8692226]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF65FD510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF65FD590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF65FD4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF65FD5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF65FD750]

INT 0x2D \??\C:\WINDOWS\System32\Drivers\DbgMsg.sys (Driver for Compuware Driver Monitor application/Compuware Corporation - NuMega Lab) F501EC90

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
? C:\WINDOWS\System32\Drivers\SPTDDRV1.SYS Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
.text USBPORT.SYS!DllUnload F78CC8AC 5 Bytes JMP 82C8B1B8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[288] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FD61D8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{95AACC41-EBE8-4406-B34E-F8CED91E3C6C} 829CB990
Device \Driver\usbohci \Device\USBPDO-0 82D5E1D8
Device \Driver\usbohci \Device\USBPDO-1 82D5E1D8
Device \Driver\usbohci \Device\USBPDO-2 82D5E1D8
Device \Driver\usbehci \Device\USBPDO-3 82C7C610
Device \Driver\NetBT \Device\NetBT_Tcpip_{4F5FCA33-E399-454B-AD06-9B0F30ECA6C2} 829CB990

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82FD81D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FD81D8
Device \Driver\Cdrom \Device\CdRom0 82C56730
Device \FileSystem\Rdbss \Device\FsWrap 825364F0
Device \Driver\atapi \Device\Ide\IdePort0 82BE0210
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82BE0210
Device \Driver\atapi \Device\Ide\IdePort1 82BE0210
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82BE0210
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 82BE0210
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 82BE0210
Device \Driver\Cdrom \Device\CdRom1 82C56730
Device \Driver\Ftdisk \Device\HarddiskVolume3 82FD81D8
Device \Driver\Cdrom \Device\CdRom2 82C56730
Device \Driver\NetBT \Device\NetBt_Wins_Export 829CB990
Device \Driver\NetBT \Device\NetbiosSmb 829CB990
Device \FileSystem\Srv \Device\LanmanServer 82AF77E0
Device \Driver\usbohci \Device\USBFDO-0 82D5E1D8
Device \Driver\usbohci \Device\USBFDO-1 82D5E1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 825371D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82AED280
Device \Driver\usbohci \Device\USBFDO-2 82D5E1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 825371D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82AED280
Device \Driver\usbehci \Device\USBFDO-3 82C7C610
Device \FileSystem\Npfs \Device\NamedPipe 82E1F030
Device \Driver\Ftdisk \Device\FtControl 82FD81D8
Device \FileSystem\Msfs \Device\Mailslot 82C11E90
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 82271AF8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 82271AF8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82E15E90
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 82E15E90
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82E15E90
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82E15E90
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82E15E90
Device \FileSystem\Cdfs \Cdfs 82BF0898
Device \FileSystem\Cdfs \Cdfs 82CF4908

---- Modules - GMER 1.0.15 ----

Module _________ F85D5000-F85ED000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94100a3b
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1895082592
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -321843149
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xA6 0xF1 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a94100a3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xA6 0xF1 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0xA6 0xF1 0x59 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58DCB4E8-DEB6-64F7-3118-B1B9CBC0408A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEC65B83-D72A-B5E5-C1EC-D0B5B0224AA3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEC65B83-D72A-B5E5-C1EC-D0B5B0224AA3}@iagcbhjdbinmcggjmh 0x6A 0x61 0x6A 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEC65B83-D72A-B5E5-C1EC-D0B5B0224AA3}@hamdhfpmnpmhojag 0x6A 0x61 0x6A 0x70 ...

---- EOF - GMER 1.0.15 ----


DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bob at 18:36:22 on 2012-04-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.512.76 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uSearch Page = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
uSearch Bar = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [timesync.exe] c:\windows\system32\timesync.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 3735728015
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMe ... loader.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://asp03.photoprintit.de/microsite/ ... Upload.ocx
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{4F5FCA33-E399-454B-AD06-9B0F30ECA6C2} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{95AACC41-EBE8-4406-B34E-F8CED91E3C6C} : DhcpNameServer = 212.54.40.25 212.54.35.25
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2005-1-2 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2005-1-2 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2006-7-29 18240]
R2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [2005-11-27 7072]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-30 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RGFILERW;RGFILERW;\??\c:\windows\system32\drivers\rgfilerw.sys --> c:\windows\system32\drivers\RGFILERW.SYS [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-3-25 16512]
S3 MLFILEM;MLFILEM;\??\c:\windows\system32\drivers\mlfilem.sys --> c:\windows\system32\drivers\MLFILEM.SYS [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [2004-6-24 7552]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe --> c:\program files\navnt\rtvscan.exe [?]
.
=============== Created Last 30 ================
.
2012-04-30 16:19:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-03 03:39:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-09 18:21:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:17:44 96384 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2012-03-22 18:51:10 87608 -c--a-w- c:\documents and settings\bob.bob-a601s66xuvi\application data\inst.exe
2012-03-22 18:51:10 47360 -c--a-w- c:\documents and settings\bob.bob-a601s66xuvi\application data\pcouffin.sys
2012-03-01 11:00:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:27 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:53 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57:36 1860224 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:37:25,83 ===============

Hallo bobke,

Ik zal je log bekijken.
Ik ben echter "begeleid helper" dit betekend dat ik mijn advies eerst moet laten keuren door een gekwalificeerd helper, hierdoor kan het iets langer duren voordat ik je verder kan helpen.
Alvast bedankt voor je begrip.

Met vriendelijke groet,

Abbs

_________________

Hallo bobke,


Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.


Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* ( hier of hier staat een handleiding over hoe je deze kan uitschakelen)

• Dubbelklik op "ComboFix.exe en ga "Akkoord" met de 'Disclaimer'
• Als er een melding komt dat er "Een nieuwere versie van ComboFix" beschikbaar is klik dan op "Ja" om te updaten.




• Klik na het update nogmaals op "Akkoord" en ComboFix zal nu starten.
• Als de "Recovery Console" nog niet aanwezig is zal ComboFix deze installeren indien er een actieve internet verbinding nodig.



• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok"
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bij bijvoorbeeld een aanwezige rootkit, dit is normaal.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.


Groeten abbs.

_________________

Ok, hier de logfile can combofix:

ComboFix 12-05-01.02 - Bob 30-04-2012 19:03:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.512.117 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Bob.BOB-A601S66XUVI\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Bob.BOB-A601S66XUVI\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Bob.BOB-A601S66XUVI\Mijn documenten\DPE.DUS
c:\documents and settings\Bob.BOB-A601S66XUVI\WINDOWS
c:\windows\desktop
c:\windows\desktop\NeuroTran 2000.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
c:\windows\IsUn0413.exe
c:\windows\system32\SET104.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-30 ))))))))))))))))))))))))))))))
.
.
2012-04-09 18:21 . 2012-04-09 18:21 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-03 03:39 . 2012-04-09 18:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 18:21 . 2011-05-27 21:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-08-10 13:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:17 . 2003-04-08 12:00 96384 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2012-03-22 18:51 . 2009-06-12 19:49 87608 -c--a-w- c:\documents and settings\Bob.BOB-A601S66XUVI\Application Data\inst.exe
2012-03-22 18:51 . 2009-06-12 19:49 47360 -c--a-w- c:\documents and settings\Bob.BOB-A601S66XUVI\Application Data\pcouffin.sys
2012-03-01 11:00 . 2003-04-08 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2003-04-08 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-04-08 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-04-08 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-10-11 20:43 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2003-04-08 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"timesync.exe"="c:\windows\system32\timesync.exe" [2010-05-04 32768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep fast
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton AntiVirus Server"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2-1-2005 14:34 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2-1-2005 14:34 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-11-2006 13:16 611064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21-12-2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21-12-2010 13:47 94872]
R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [29-7-2006 13:59 18240]
R2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [27-11-2005 18:56 7072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 16:41 810144]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [28-11-2008 14:34 35840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
S2 RGFILERW;RGFILERW;\??\c:\windows\system32\Drivers\RGFILERW.SYS --> c:\windows\system32\Drivers\RGFILERW.SYS [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 5:39 253088]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [25-3-2006 12:41 16512]
S3 MLFILEM;MLFILEM;\??\c:\windows\system32\drivers\MLFILEM.SYS --> c:\windows\system32\drivers\MLFILEM.SYS [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-1-2007 19:31 42000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12-6-2009 21:49 47360]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [24-6-2004 6:52 7552]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:21]
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-FreeRAM XP - c:\program files\FreeRAM XP Pro\FreeRAM XP Pro.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Zinio DLM - c:\program files\Zinio\ZinioDeliveryManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1965331169-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58DCB4E8-DEB6-64F7-3118-B1B9CBC0408A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1004336348-1965331169-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEC65B83-D72A-B5E5-C1EC-D0B5B0224AA3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagcbhjdbinmcggjmh"=hex:6a,61,6a,70,6e,6e,70,69,6a,6c,65,6b,65,6d,6e,61,69,6a,
6c,69,00,e9
"hamdhfpmnpmhojag"=hex:6a,61,6a,70,6e,6e,70,69,6a,6c,65,6b,65,6d,6e,61,69,6a,
6c,69,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aif\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aif\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aifc\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aifc\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aiff\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .aiff\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .au\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .au\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .dat\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .dat\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .m1v\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .m1v\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .m2v\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .m2v\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mid\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mid\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .midi\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .midi\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mov\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mov\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mp3\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mp3\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpeg\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpeg\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpg\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpg\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpv\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .mpv\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .qt\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .qt\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .rmm\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .rmm\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .rt\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .rt\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .smi\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .smi\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .smil\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .smil\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .snd\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .snd\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .swf \shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .swf \shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .vob\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .vob\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wav\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wav\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wma\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wma\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wmv\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\ .wmv\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.ac3\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.ac3\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.avi\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.avi\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.mpg\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.mpg\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.plf\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.plf\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.ram\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.ram\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.rm\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.rm\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\.rmvb\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\.rmvb\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\BlazeDVD.Media\shell\X* :*]
@="X’:"
.
[HKEY_LOCAL_MACHINE\software\Classes\BlazeDVD.Media\shell\X* :*\command]
@="\"\\\\server\\ShareRW\\R&D\\BlazeDVD 3.0 release Setup\\BlazeDVD.exe\" \"%1\""
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\System32\NavLogon.dll
.
Voltooingstijd: 2012-04-30 19:17:51
ComboFix-quarantined-files.txt 2012-04-30 17:17
.
Pre-Run: 8.526.594.048 bytes beschikbaar
Post-Run: 8.881.131.520 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2956CAE5E895AE0F0105F518FA189031

Hallo bobke,


Is dit een bedrijfs computer?
Zo ja, vraag voordat wij doorgaan met fixen eerst toestemming aan de beheerder of je veranderingen aan mag brengen of dat hij dat zelf doet.

Groeten abbs.

_________________

Nee is geen bedrijfs pc.
Ben zelf de beheerder

Hallo bobke,

Weet jij waar dit van is:
c:\documents and settings\Bob.BOB-A601S66XUVI\Application Data\inst.exe

Wil je nog even voor de zekerheid laten controleren:

Ga hiervoor naar de site Virustotal


Wacht het resultaat af, sla dit op en plak dit in je volgende post.

Klik op re-analyse als het bestand al eens eerder gescand werd.


Groeten abbs

_________________

Ik weet ook niet waar dat inst.exe bestand van is.
Hier de log van VirusTotal:

SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
SHA1: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
MD5: 254fbca565e049648b0cce2ceadf05d2
File size: 85.6 KB ( 87608 bytes )
File name: C:\Documents and Settings\Bob.BOB-A601S66XUVI\Application Data\inst.exe
File type: Win32 EXE
Tags: signed
Detection ratio: 0 / 42
Analysis date: 2012-05-03 15:22:14 UTC ( 5 minuten ago )
More details
Antivirus Result Update
nProtect - 20120503
CAT-QuickHeal - 20120503
McAfee - 20120503
K7AntiVirus - 20120502
TheHacker - 20120502
VirusBuster - 20120502
NOD32 - 20120503
F-Prot - 20120503
Symantec - 20120503
Norman - 20120503
ByteHero - 20120502
TrendMicro-HouseCall - 20120503
Avast - 20120503
eSafe - 20120502
ClamAV - 20120503
Kaspersky - 20120503
BitDefender - 20120503
ViRobot - 20120503
Sophos - 20120503
Comodo - 20120503
F-Secure - 20120503
DrWeb - 20120503
VIPRE - 20120503
AntiVir - 20120503
TrendMicro - 20120503
McAfee-GW-Edition - 20120503
Emsisoft - 20120503
eTrust-Vet - 20120503
Jiangmin - 20120503
Antiy-AVL - 20120503
Microsoft - 20120503
SUPERAntiSpyware - 20120411
GData - 20120503
Commtouch - 20120503
AhnLab-V3 - 20120503
VBA32 - 20120502
PCTools - 20120503
Rising - 20120502
Ikarus - 20120503
Fortinet - 20120503
AVG - 20120503
Panda - 20120503

Hallo bobke,



1. Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:

• Sluit nu eerst alle nog openstaande programmavensters!
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
  • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
  • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
• Vervolgens zal er na een tijdje een venster geopend worden.
• Met je muis selecteer je nu de volgende keuze "Delete by CLSID"(midden onderaan)
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  Code:
  {2318C2B1-4965-11D4-9B18-009027A5CD4F};
  {47833539-D0C5-4125-9FA8-0819E2EAAC93};
  {21FA44EF-376D-4D53-9B0F-8A89D3229068};
  {32683183-48a0-441b-a342-7c2a440a9478};
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent.
• Post nu de inhoud van het geopende logje in het volgende bericht.

2. Download TDSSKiller en sla het op je Bureaublad op.
• Pak de bestanden in tdsskiller.zip uit.
• Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.


• Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op je Bureaublad op.
• Start TDSSkiller opnieuw.
• Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.



• Klik op de knop "Start Scan" en volg de instructies.

Note!
Als er "Threats" gevonden worden volgt er automatisch een vervolgscherm na de scan.

Bij een "Fail signature" melding hoef je geen actie te ondernemen.( Gebruik Skip.)
Standaard wordt bij een "Suspicious object" Skip ingevuld. Laat deze actie zo staan. Eventueel zeggen we later wat je hiermee moet doen.

Bij een "Malicious object" wordt er automatisch de actie Cure of Delete ingevuld.
Kies hierbij altijd voor Cure. Wanneer dit niet mogelijk is, selecteer dan Skip.
Alleen bij een "TDSS File System" kies je voor Delete als Cure niet mogelijk is.

Als je niet weet wat in te vullen, gebruik dan Skip en wacht even op wat we adviseren, voordat je iets Delete.
Klik nu op Continue om verder te gaan.
• Wanneer de scan klaar is klik je op de knop "Report".
• Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.


3. Plaats hierna de gemaakte logjes van:
zoek.txt
TDSSKiller


Groeten abbs.

_________________

Ok, hier de logbestanden.


Zoek.exe Version 3.0.0.2 Updated 04-May-2012
Tool run by Bob on vr 04-05-2012 at 19:29:29,20.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running from: C:\Documents and Settings\Bob.BOB-A601S66XUVI\Bureaublad\zoek.exe

==== Deleting CLSID Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully


en van TDSSKILLER:

19:34:44.0812 3804 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:34:45.0093 3804 ============================================================
19:34:45.0093 3804 Current date / time: 2012/05/04 19:34:45.0093
19:34:45.0093 3804 SystemInfo:
19:34:45.0093 3804
19:34:45.0093 3804 OS Version: 5.1.2600 ServicePack: 3.0
19:34:45.0093 3804 Product type: Workstation
19:34:45.0093 3804 ComputerName: BOB-A601S66XUVI
19:34:45.0093 3804 UserName: Bob
19:34:45.0093 3804 Windows directory: C:\WINDOWS
19:34:45.0093 3804 System windows directory: C:\WINDOWS
19:34:45.0093 3804 Processor architecture: Intel x86
19:34:45.0093 3804 Number of processors: 1
19:34:45.0093 3804 Page size: 0x1000
19:34:45.0093 3804 Boot type: Normal boot
19:34:45.0093 3804 ============================================================
19:34:48.0171 3804 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:48.0187 3804 Drive \Device\Harddisk1\DR1 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:48.0187 3804 ============================================================
19:34:48.0187 3804 \Device\Harddisk0\DR0:
19:34:48.0187 3804 MBR partitions:
19:34:48.0187 3804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
19:34:48.0187 3804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x14D8C74B
19:34:48.0187 3804 \Device\Harddisk1\DR1:
19:34:48.0187 3804 MBR partitions:
19:34:48.0187 3804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4CAE30E
19:34:48.0187 3804 ============================================================
19:34:48.0203 3804 C: <-> \Device\Harddisk0\DR0\Partition0
19:34:48.0234 3804 D: <-> \Device\Harddisk1\DR1\Partition0
19:34:48.0281 3804 E: <-> \Device\Harddisk0\DR0\Partition1
19:34:48.0296 3804 ============================================================
19:34:48.0296 3804 Initialize success
19:34:48.0296 3804 ============================================================
19:35:33.0109 2948 ============================================================
19:35:33.0109 2948 Scan started
19:35:33.0109 2948 Mode: Manual; SigCheck; TDLFS;
19:35:33.0109 2948 ============================================================
19:35:33.0484 2948 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
19:35:34.0453 2948 a347bus ( UnsignedFile.Multi.Generic ) - warning
19:35:34.0453 2948 a347bus - detected UnsignedFile.Multi.Generic (1)
19:35:34.0484 2948 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
19:35:34.0531 2948 a347scsi ( UnsignedFile.Multi.Generic ) - warning
19:35:34.0531 2948 a347scsi - detected UnsignedFile.Multi.Generic (1)
19:35:34.0562 2948 Abiosdsk - ok
19:35:34.0578 2948 abp480n5 - ok
19:35:34.0640 2948 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:36.0234 2948 ACPI - ok
19:35:36.0281 2948 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:36.0578 2948 ACPIEC - ok
19:35:36.0718 2948 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:36.0812 2948 AdobeFlashPlayerUpdateSvc - ok
19:35:36.0828 2948 adpu160m - ok
19:35:36.0875 2948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:35:37.0171 2948 aec - ok
19:35:37.0218 2948 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:35:37.0265 2948 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:35:37.0265 2948 AegisP - detected UnsignedFile.Multi.Generic (1)
19:35:37.0312 2948 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:35:37.0421 2948 AFD - ok
19:35:37.0484 2948 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
19:35:37.0531 2948 AFS2K ( UnsignedFile.Multi.Generic ) - warning
19:35:37.0531 2948 AFS2K - detected UnsignedFile.Multi.Generic (1)
19:35:37.0562 2948 Aha154x - ok
19:35:37.0593 2948 aic78u2 - ok
19:35:37.0625 2948 aic78xx - ok
19:35:37.0671 2948 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
19:35:37.0937 2948 Alerter - ok
19:35:37.0953 2948 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
19:35:38.0218 2948 ALG - ok
19:35:38.0234 2948 AliIde - ok
19:35:38.0265 2948 amsint - ok
19:35:38.0406 2948 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:38.0437 2948 Apple Mobile Device - ok
19:35:38.0468 2948 AppMgmt - ok
19:35:38.0484 2948 asc - ok
19:35:38.0515 2948 asc3350p - ok
19:35:38.0546 2948 asc3550 - ok
19:35:38.0625 2948 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
19:35:38.0671 2948 ASPI ( UnsignedFile.Multi.Generic ) - warning
19:35:38.0671 2948 ASPI - detected UnsignedFile.Multi.Generic (1)
19:35:38.0703 2948 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
19:35:38.0718 2948 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
19:35:38.0718 2948 Aspi32 - detected UnsignedFile.Multi.Generic (1)
19:35:38.0828 2948 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:35:38.0890 2948 aspnet_state - ok
19:35:38.0921 2948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:39.0218 2948 AsyncMac - ok
19:35:39.0265 2948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:39.0265 2948 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
19:35:39.0281 2948 atapi ( LockedFile.Multi.Generic ) - warning
19:35:39.0281 2948 atapi - detected LockedFile.Multi.Generic (1)
19:35:39.0296 2948 Atdisk - ok
19:35:39.0343 2948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:39.0656 2948 Atmarpc - ok
19:35:39.0734 2948 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
19:35:40.0015 2948 AudioSrv - ok
19:35:40.0078 2948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:40.0359 2948 audstub - ok
19:35:40.0406 2948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:35:40.0718 2948 Beep - ok
19:35:40.0781 2948 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
19:35:41.0093 2948 BITS - ok
19:35:41.0125 2948 BlueletAudio - ok
19:35:41.0218 2948 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:35:41.0281 2948 Bonjour Service - ok
19:35:41.0328 2948 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
19:35:41.0609 2948 Browser - ok
19:35:41.0625 2948 BT - ok
19:35:41.0656 2948 btaudio - ok
19:35:41.0687 2948 Btcsrusb - ok
19:35:41.0703 2948 BTDriver - ok
19:35:41.0750 2948 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:35:42.0046 2948 BthEnum - ok
19:35:42.0062 2948 BTHidEnum - ok
19:35:42.0093 2948 BTHidMgr - ok
19:35:42.0140 2948 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:35:42.0437 2948 BTHMODEM - ok
19:35:42.0468 2948 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:35:42.0796 2948 BthPan - ok
19:35:42.0843 2948 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys
19:35:42.0921 2948 BTHPORT - ok
19:35:42.0984 2948 BthServ (530494ef38b7eea798fac9b87ecd5284) C:\WINDOWS\System32\bthserv.dll
19:35:43.0250 2948 BthServ - ok
19:35:43.0281 2948 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:35:43.0578 2948 BTHUSB - ok
19:35:43.0593 2948 BTKRNL - ok
19:35:43.0625 2948 BTWDNDIS - ok
19:35:43.0656 2948 BTWUSB - ok
19:35:43.0765 2948 catchme - ok
19:35:43.0828 2948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:44.0125 2948 cbidf2k - ok
19:35:44.0171 2948 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:35:44.0453 2948 CCDECODE - ok
19:35:44.0468 2948 cd20xrnt - ok
19:35:44.0531 2948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:44.0843 2948 Cdaudio - ok
19:35:44.0890 2948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:45.0187 2948 Cdfs - ok
19:35:45.0250 2948 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
19:35:45.0875 2948 cdrbsdrv - ok
19:35:45.0921 2948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:46.0218 2948 Cdrom - ok
19:35:46.0234 2948 Changer - ok
19:35:46.0281 2948 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
19:35:46.0562 2948 CiSvc - ok
19:35:46.0609 2948 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
19:35:46.0875 2948 ClipSrv - ok
19:35:46.0968 2948 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:47.0062 2948 clr_optimization_v2.0.50727_32 - ok
19:35:47.0187 2948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:47.0234 2948 clr_optimization_v4.0.30319_32 - ok
19:35:47.0250 2948 CmdIde - ok
19:35:47.0375 2948 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
19:35:47.0640 2948 cmuda - ok
19:35:47.0734 2948 COMSysApp - ok
19:35:47.0796 2948 Cpqarray - ok
19:35:47.0843 2948 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTSvcCDA.EXE
19:35:47.0875 2948 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
19:35:47.0875 2948 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
19:35:47.0921 2948 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
19:35:48.0187 2948 CryptSvc - ok
19:35:48.0203 2948 dac2w2k - ok
19:35:48.0234 2948 dac960nt - ok
19:35:48.0281 2948 DbgMsg (5d69c704a11a037f05270ee98106e12f) C:\WINDOWS\System32\Drivers\DbgMsg.sys
19:35:48.0312 2948 DbgMsg ( UnsignedFile.Multi.Generic ) - warning
19:35:48.0312 2948 DbgMsg - detected UnsignedFile.Multi.Generic (1)
19:35:48.0375 2948 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
19:35:48.0484 2948 DcomLaunch - ok
19:35:48.0546 2948 ddnt (874152d9c956adff05839b2c967f6cf8) C:\WINDOWS\system32\drivers\ddnt.sys
19:35:48.0562 2948 ddnt ( UnsignedFile.Multi.Generic ) - warning
19:35:48.0562 2948 ddnt - detected UnsignedFile.Multi.Generic (1)
19:35:48.0609 2948 DefWatch - ok
19:35:48.0671 2948 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
19:35:48.0953 2948 Dhcp - ok
19:35:49.0000 2948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:49.0281 2948 Disk - ok
19:35:49.0312 2948 dmadmin - ok
19:35:49.0406 2948 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
19:35:49.0765 2948 dmboot - ok
19:35:49.0812 2948 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
19:35:50.0093 2948 dmio - ok
19:35:50.0125 2948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:35:50.0437 2948 dmload - ok
19:35:50.0484 2948 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
19:35:50.0734 2948 dmserver - ok
19:35:50.0765 2948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:35:51.0031 2948 DMusic - ok
19:35:51.0078 2948 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
19:35:51.0187 2948 Dnscache - ok
19:35:51.0234 2948 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
19:35:51.0484 2948 Dot3svc - ok
19:35:51.0515 2948 dpti2o - ok
19:35:51.0546 2948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:51.0828 2948 drmkaud - ok
19:35:51.0906 2948 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:35:51.0984 2948 eamon - ok
19:35:52.0031 2948 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
19:35:52.0281 2948 EapHost - ok
19:35:52.0312 2948 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:35:52.0375 2948 ehdrv - ok
19:35:52.0531 2948 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19:35:52.0562 2948 EhttpSrv - ok
19:35:52.0687 2948 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
19:35:52.0781 2948 ekrn - ok
19:35:52.0828 2948 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
19:35:52.0890 2948 epfwtdir - ok
19:35:52.0953 2948 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
19:35:53.0203 2948 ERSvc - ok
19:35:53.0265 2948 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
19:35:53.0312 2948 Eventlog - ok
19:35:53.0359 2948 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\System32\es.dll
19:35:53.0437 2948 EventSystem - ok
19:35:53.0515 2948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:53.0796 2948 Fastfat - ok
19:35:53.0843 2948 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
19:35:53.0953 2948 FastUserSwitchingCompatibility - ok
19:35:54.0000 2948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:54.0281 2948 Fdc - ok
19:35:54.0312 2948 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
19:35:54.0609 2948 Fips - ok
19:35:54.0640 2948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:54.0906 2948 Flpydisk - ok
19:35:54.0937 2948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:35:55.0218 2948 FltMgr - ok
19:35:55.0343 2948 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:55.0375 2948 FontCache3.0.0.0 - ok
19:35:55.0437 2948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:55.0734 2948 Fs_Rec - ok
19:35:55.0781 2948 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:56.0093 2948 Ftdisk - ok
19:35:56.0140 2948 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:35:56.0375 2948 gameenum - ok
19:35:56.0406 2948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:35:56.0453 2948 GEARAspiWDM - ok
19:35:56.0515 2948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:56.0781 2948 Gpc - ok
19:35:56.0843 2948 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:35:57.0093 2948 helpsvc - ok
19:35:57.0156 2948 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
19:35:57.0406 2948 HidServ - ok
19:35:57.0437 2948 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:35:57.0718 2948 HidUsb - ok
19:35:57.0765 2948 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
19:35:58.0031 2948 hkmsvc - ok
19:35:58.0046 2948 hpn - ok
19:35:58.0109 2948 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:35:58.0234 2948 HPZid412 - ok
19:35:58.0281 2948 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:35:58.0359 2948 HPZipr12 - ok
19:35:58.0390 2948 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:35:58.0500 2948 HPZius12 - ok
19:35:58.0562 2948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:58.0703 2948 HTTP - ok
19:35:58.0750 2948 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
19:35:59.0000 2948 HTTPFilter - ok
19:35:59.0015 2948 i2omgmt - ok
19:35:59.0046 2948 i2omp - ok
19:35:59.0078 2948 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:35:59.0375 2948 i8042prt - ok
19:35:59.0515 2948 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:35:59.0546 2948 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:35:59.0546 2948 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:35:59.0656 2948 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:59.0796 2948 idsvc - ok
19:35:59.0859 2948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:00.0125 2948 Imapi - ok
19:36:00.0187 2948 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
19:36:00.0437 2948 ImapiService - ok
19:36:00.0468 2948 ini910u - ok
19:36:00.0515 2948 IntelIde - ok
19:36:00.0562 2948 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:00.0828 2948 intelppm - ok
19:36:00.0875 2948 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:01.0171 2948 ip6fw - ok
19:36:01.0218 2948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:01.0546 2948 IpFilterDriver - ok
19:36:01.0593 2948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:01.0843 2948 IpInIp - ok
19:36:01.0906 2948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:02.0171 2948 IpNat - ok
19:36:02.0312 2948 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
19:36:02.0406 2948 iPod Service - ok
19:36:02.0453 2948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:02.0718 2948 IPSec - ok
19:36:02.0765 2948 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:36:03.0046 2948 irda - ok
19:36:03.0078 2948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:03.0343 2948 IRENUM - ok
19:36:03.0375 2948 Irmon (44b0d4c4a7696b901ebcb50e67ec2489) C:\WINDOWS\System32\irmon.dll
19:36:03.0625 2948 Irmon - ok
19:36:03.0671 2948 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
19:36:03.0843 2948 irsir - ok
19:36:03.0906 2948 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:04.0203 2948 isapnp - ok
19:36:04.0250 2948 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:04.0515 2948 Kbdclass - ok
19:36:04.0578 2948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:36:04.0812 2948 kmixer - ok
19:36:04.0875 2948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:04.0984 2948 KSecDD - ok
19:36:05.0031 2948 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
19:36:05.0093 2948 lanmanserver - ok
19:36:05.0125 2948 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
19:36:05.0203 2948 lanmanworkstation - ok
19:36:05.0218 2948 lbrtfdc - ok
19:36:05.0281 2948 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
19:36:05.0531 2948 LmHosts - ok
19:36:05.0578 2948 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
19:36:05.0828 2948 Messenger - ok
19:36:05.0859 2948 MLFILEM - ok
19:36:05.0921 2948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:06.0218 2948 mnmdd - ok
19:36:06.0281 2948 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\System32\mnmsrvc.exe
19:36:06.0531 2948 mnmsrvc - ok
19:36:06.0562 2948 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
19:36:06.0843 2948 Modem - ok
19:36:06.0875 2948 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:07.0140 2948 Mouclass - ok
19:36:07.0187 2948 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:07.0484 2948 mouhid - ok
19:36:07.0531 2948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:07.0796 2948 MountMgr - ok
19:36:07.0812 2948 mraid35x - ok
19:36:07.0859 2948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:08.0156 2948 MRxDAV - ok
19:36:08.0265 2948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:08.0375 2948 MRxSmb - ok
19:36:08.0421 2948 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\System32\msdtc.exe
19:36:08.0671 2948 MSDTC - ok
19:36:08.0734 2948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:36:08.0984 2948 Msfs - ok
19:36:09.0015 2948 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
19:36:09.0281 2948 MSIRCOMM - ok
19:36:09.0296 2948 MSIServer - ok
19:36:09.0328 2948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:09.0609 2948 MSKSSRV - ok
19:36:09.0640 2948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:09.0906 2948 MSPCLOCK - ok
19:36:09.0953 2948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:10.0218 2948 MSPQM - ok
19:36:10.0265 2948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:10.0531 2948 mssmbios - ok
19:36:10.0562 2948 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:10.0843 2948 MSTEE - ok
19:36:10.0906 2948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:36:11.0000 2948 Mup - ok
19:36:11.0046 2948 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:11.0328 2948 NABTSFEC - ok
19:36:11.0390 2948 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
19:36:11.0656 2948 napagent - ok
19:36:11.0703 2948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:36:11.0953 2948 NDIS - ok
19:36:11.0984 2948 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:12.0250 2948 NdisIP - ok
19:36:12.0281 2948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:12.0359 2948 NdisTapi - ok
19:36:12.0390 2948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:12.0656 2948 Ndisuio - ok
19:36:12.0703 2948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:12.0968 2948 NdisWan - ok
19:36:13.0015 2948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:13.0109 2948 NDProxy - ok
19:36:13.0171 2948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:13.0437 2948 NetBIOS - ok
19:36:13.0484 2948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:13.0796 2948 NetBT - ok
19:36:13.0843 2948 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
19:36:14.0093 2948 NetDDE - ok
19:36:14.0109 2948 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
19:36:14.0343 2948 NetDDEdsdm - ok
19:36:14.0390 2948 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
19:36:14.0656 2948 Netlogon - ok
19:36:14.0703 2948 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
19:36:14.0968 2948 Netman - ok
19:36:15.0046 2948 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:15.0093 2948 NetTcpPortSharing - ok
19:36:15.0156 2948 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
19:36:15.0218 2948 Nla - ok
19:36:15.0265 2948 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:36:15.0531 2948 nm - ok
19:36:15.0609 2948 Norton AntiVirus Server - ok
19:36:15.0656 2948 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers\npf.sys
19:36:15.0703 2948 NPF - ok
19:36:15.0734 2948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:36:16.0000 2948 Npfs - ok
19:36:16.0046 2948 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
19:36:16.0093 2948 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
19:36:16.0093 2948 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
19:36:16.0125 2948 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
19:36:16.0421 2948 NSCIRDA - ok
19:36:16.0500 2948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:16.0812 2948 Ntfs - ok
19:36:16.0843 2948 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\System32\lsass.exe
19:36:17.0078 2948 NtLmSsp - ok
19:36:17.0156 2948 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
19:36:17.0437 2948 NtmsSvc - ok
19:36:17.0484 2948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:36:17.0796 2948 Null - ok
19:36:18.0093 2948 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:36:18.0515 2948 nv - ok
19:36:18.0625 2948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:18.0953 2948 NwlnkFlt - ok
19:36:19.0000 2948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:19.0296 2948 NwlnkFwd - ok
19:36:19.0343 2948 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:36:19.0656 2948 NwlnkIpx - ok
19:36:19.0687 2948 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:36:20.0015 2948 NwlnkNb - ok
19:36:20.0046 2948 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:36:20.0343 2948 NwlnkSpx - ok
19:36:20.0406 2948 NwSapAgent (8a06a02dff39934228f3fb44c87898d3) C:\WINDOWS\System32\ipxsap.dll
19:36:20.0671 2948 NwSapAgent - ok
19:36:20.0765 2948 P17 (f262047eb4603bf38d57818cc91aaf2e) C:\WINDOWS\system32\drivers\P17.sys
19:36:20.0875 2948 P17 - ok
19:36:20.0921 2948 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:21.0203 2948 Parport - ok
19:36:21.0234 2948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:21.0500 2948 PartMgr - ok
19:36:21.0546 2948 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:21.0828 2948 ParVdm - ok
19:36:21.0875 2948 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:22.0156 2948 PCI - ok
19:36:22.0171 2948 PCIDump - ok
19:36:22.0218 2948 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:22.0531 2948 PCIIde - ok
19:36:22.0578 2948 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:22.0875 2948 Pcmcia - ok
19:36:22.0921 2948 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:36:23.0000 2948 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:36:23.0000 2948 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:36:23.0015 2948 PDCOMP - ok
19:36:23.0046 2948 PDFRAME - ok
19:36:23.0078 2948 PDRELI - ok
19:36:23.0109 2948 PDRFRAME - ok
19:36:23.0140 2948 perc2 - ok
19:36:23.0171 2948 perc2hib - ok
19:36:23.0281 2948 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
19:36:23.0312 2948 PfModNT - ok
19:36:23.0375 2948 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
19:36:23.0406 2948 PlugPlay - ok
19:36:23.0453 2948 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
19:36:23.0515 2948 Pml Driver HPZ12 - ok
19:36:23.0562 2948 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
19:36:23.0796 2948 PolicyAgent - ok
19:36:23.0843 2948 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
19:36:23.0937 2948 PortlUSB - ok
19:36:23.0984 2948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:24.0250 2948 PptpMiniport - ok
19:36:24.0281 2948 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
19:36:24.0546 2948 Processor - ok
19:36:24.0578 2948 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
19:36:24.0812 2948 ProtectedStorage - ok
19:36:24.0890 2948 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\WINDOWS\system32\PSIService.exe
19:36:24.0921 2948 ProtexisLicensing - ok
19:36:24.0953 2948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:25.0250 2948 PSched - ok
19:36:25.0312 2948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:25.0625 2948 Ptilink - ok
19:36:25.0656 2948 ql1080 - ok
19:36:25.0687 2948 Ql10wnt - ok
19:36:25.0718 2948 ql12160 - ok
19:36:25.0750 2948 ql1240 - ok
19:36:25.0781 2948 ql1280 - ok
19:36:25.0812 2948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:26.0109 2948 RasAcd - ok
19:36:26.0140 2948 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
19:36:26.0390 2948 RasAuto - ok
19:36:26.0421 2948 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:36:26.0593 2948 Rasirda - ok
19:36:26.0625 2948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:26.0906 2948 Rasl2tp - ok
19:36:26.0953 2948 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
19:36:27.0203 2948 RasMan - ok
19:36:27.0234 2948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:27.0500 2948 RasPppoe - ok
19:36:27.0531 2948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:27.0843 2948 Raspti - ok
19:36:27.0890 2948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:28.0234 2948 Rdbss - ok
19:36:28.0281 2948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:28.0578 2948 RDPCDD - ok
19:36:28.0671 2948 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:28.0765 2948 RDPWD - ok
19:36:28.0812 2948 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
19:36:29.0062 2948 RDSessMgr - ok
19:36:29.0093 2948 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:29.0359 2948 redbook - ok
19:36:29.0406 2948 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
19:36:29.0656 2948 RemoteAccess - ok
19:36:29.0718 2948 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:36:29.0984 2948 RFCOMM - ok
19:36:30.0015 2948 RGFILERW - ok
19:36:30.0062 2948 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:36:30.0375 2948 ROOTMODEM - ok
19:36:30.0453 2948 rpcapd (9ed13880478f14900a5840ff048d174c) C:\Program Files\WinPcap\rpcapd.exe
19:36:30.0484 2948 rpcapd - ok
19:36:30.0546 2948 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\System32\locator.exe
19:36:30.0781 2948 RpcLocator - ok
19:36:30.0843 2948 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll
19:36:30.0906 2948 RpcSs - ok
19:36:30.0953 2948 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\System32\rsvp.exe
19:36:31.0250 2948 RSVP - ok
19:36:31.0312 2948 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:36:31.0562 2948 rtl8139 - ok
19:36:31.0578 2948 RTLWUSB - ok
19:36:31.0656 2948 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
19:36:31.0890 2948 SamSs - ok
19:36:31.0921 2948 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
19:36:32.0171 2948 SCardSvr - ok
19:36:32.0218 2948 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
19:36:32.0484 2948 Schedule - ok
19:36:32.0578 2948 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:36:32.0625 2948 SeaPort - ok
19:36:32.0671 2948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:32.0937 2948 Secdrv - ok
19:36:32.0968 2948 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
19:36:33.0218 2948 seclogon - ok
19:36:33.0250 2948 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
19:36:33.0484 2948 SENS - ok
19:36:33.0531 2948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:33.0812 2948 serenum - ok
19:36:33.0843 2948 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:34.0171 2948 Serial - ok
19:36:34.0265 2948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:34.0531 2948 Sfloppy - ok
19:36:34.0625 2948 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
19:36:34.0890 2948 SharedAccess - ok
19:36:34.0937 2948 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
19:36:35.0015 2948 ShellHWDetection - ok
19:36:35.0031 2948 Simbad - ok
19:36:35.0062 2948 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:36:35.0328 2948 sisagp - ok
19:36:35.0375 2948 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
19:36:35.0625 2948 SISNIC - ok
19:36:35.0671 2948 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:35.0953 2948 SLIP - ok
19:36:36.0000 2948 Sparrow - ok
19:36:36.0046 2948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:36:36.0312 2948 splitter - ok
19:36:36.0375 2948 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:36:36.0453 2948 Spooler - ok
19:36:36.0546 2948 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
19:36:36.0546 2948 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
19:36:36.0562 2948 sptd ( LockedFile.Multi.Generic ) - warning
19:36:36.0562 2948 sptd - detected LockedFile.Multi.Generic (1)
19:36:36.0609 2948 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:36.0890 2948 sr - ok
19:36:36.0921 2948 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
19:36:37.0171 2948 srservice - ok
19:36:37.0250 2948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:37.0375 2948 Srv - ok
19:36:37.0406 2948 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
19:36:37.0656 2948 SSDPSRV - ok
19:36:37.0687 2948 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
19:36:37.0859 2948 STIrUsb - ok
19:36:37.0921 2948 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
19:36:38.0203 2948 stisvc - ok
19:36:38.0250 2948 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:38.0515 2948 streamip - ok
19:36:38.0546 2948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:38.0828 2948 swenum - ok
19:36:38.0843 2948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:36:39.0140 2948 swmidi - ok
19:36:39.0171 2948 SwPrv - ok
19:36:39.0218 2948 symc810 - ok
19:36:39.0234 2948 symc8xx - ok
19:36:39.0265 2948 sym_hi - ok
19:36:39.0296 2948 sym_u3 - ok
19:36:39.0328 2948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:39.0578 2948 sysaudio - ok
19:36:39.0640 2948 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
19:36:39.0875 2948 SysmonLog - ok
19:36:39.0921 2948 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
19:36:40.0187 2948 TapiSrv - ok
19:36:40.0265 2948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:40.0359 2948 Tcpip - ok
19:36:40.0406 2948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:40.0687 2948 TDPIPE - ok
19:36:40.0734 2948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:40.0984 2948 TDTCP - ok
19:36:41.0015 2948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:41.0359 2948 TermDD - ok
19:36:41.0421 2948 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
19:36:41.0687 2948 TermService - ok
19:36:41.0734 2948 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
19:36:41.0765 2948 Themes - ok
19:36:41.0828 2948 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
19:36:41.0875 2948 tmcomm - ok
19:36:41.0890 2948 TosIde - ok
19:36:41.0921 2948 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
19:36:42.0187 2948 TrkWks - ok
19:36:42.0234 2948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:36:42.0500 2948 Udfs - ok
19:36:42.0531 2948 ultra - ok
19:36:42.0609 2948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:36:42.0937 2948 Update - ok
19:36:42.0984 2948 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
19:36:43.0250 2948 upnphost - ok
19:36:43.0281 2948 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
19:36:43.0531 2948 UPS - ok
19:36:43.0578 2948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:36:43.0687 2948 USBAAPL - ok
19:36:43.0734 2948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:36:44.0000 2948 usbaudio - ok
19:36:44.0062 2948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:44.0312 2948 usbccgp - ok
19:36:44.0375 2948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:44.0656 2948 usbehci - ok
19:36:44.0703 2948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:44.0968 2948 usbhub - ok
19:36:45.0000 2948 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:36:45.0265 2948 usbohci - ok
19:36:45.0312 2948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:45.0593 2948 usbprint - ok
19:36:45.0640 2948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:45.0906 2948 usbscan - ok
19:36:45.0953 2948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:46.0218 2948 USBSTOR - ok
19:36:46.0281 2948 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:36:46.0515 2948 usbvideo - ok
19:36:46.0578 2948 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:36:46.0875 2948 usb_rndisx - ok
19:36:46.0906 2948 VComm - ok
19:36:46.0937 2948 VcommMgr - ok
19:36:46.0968 2948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:36:47.0234 2948 VgaSave - ok
19:36:47.0265 2948 ViaIde - ok
19:36:47.0312 2948 VIAIRDA (d683e3dafae4ed45b338d4a52edcf3d0) C:\WINDOWS\system32\DRIVERS\viairda.sys
19:36:47.0484 2948 VIAIRDA - ok
19:36:47.0531 2948 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:47.0812 2948 VolSnap - ok
19:36:47.0890 2948 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
19:36:48.0156 2948 VSS - ok
19:36:48.0203 2948 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
19:36:48.0453 2948 W32Time - ok
19:36:48.0484 2948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:48.0765 2948 Wanarp - ok
19:36:48.0812 2948 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:36:48.0906 2948 wceusbsh - ok
19:36:48.0937 2948 WDICA - ok
19:36:48.0968 2948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:49.0250 2948 wdmaud - ok
19:36:49.0296 2948 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
19:36:49.0531 2948 WebClient - ok
19:36:49.0625 2948 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:49.0875 2948 winmgmt - ok
19:36:49.0937 2948 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
19:36:49.0968 2948 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
19:36:49.0968 2948 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
19:36:50.0046 2948 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:36:50.0156 2948 WmdmPmSN - ok
19:36:50.0234 2948 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:50.0484 2948 WmiApSrv - ok
19:36:50.0640 2948 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:36:50.0750 2948 WMPNetworkSvc - ok
19:36:50.0828 2948 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:36:50.0890 2948 WpdUsb - ok
19:36:51.0078 2948 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:36:51.0171 2948 WPFFontCache_v0400 - ok
19:36:51.0218 2948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:51.0546 2948 WS2IFSL - ok
19:36:51.0609 2948 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
19:36:51.0859 2948 wscsvc - ok
19:36:51.0906 2948 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:52.0171 2948 WSTCODEC - ok
19:36:52.0203 2948 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
19:36:52.0484 2948 wuauserv - ok
19:36:52.0562 2948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:52.0656 2948 WudfPf - ok
19:36:52.0718 2948 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:36:52.0750 2948 WudfSvc - ok
19:36:52.0828 2948 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
19:36:53.0109 2948 WZCSVC - ok
19:36:53.0187 2948 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
19:36:53.0468 2948 xmlprov - ok
19:36:53.0625 2948 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
19:36:53.0937 2948 \Device\Harddisk0\DR0 - ok
19:36:53.0968 2948 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
19:36:54.0031 2948 \Device\Harddisk1\DR1 - ok
19:36:54.0062 2948 Boot (0x1200) (1a8a20230e3c5787ea4b1ec5970d95e7) \Device\Harddisk0\DR0\Partition0
19:36:54.0062 2948 \Device\Harddisk0\DR0\Partition0 - ok
19:36:54.0125 2948 Boot (0x1200) (396be5f416c5de9110f593d44d1cdd3a) \Device\Harddisk0\DR0\Partition1
19:36:54.0125 2948 \Device\Harddisk0\DR0\Partition1 - ok
19:36:54.0140 2948 Boot (0x1200) (d3142743e4cb3cd3c45857dca64bab07) \Device\Harddisk1\DR1\Partition0
19:36:54.0156 2948 \Device\Harddisk1\DR1\Partition0 - ok
19:36:54.0156 2948 ============================================================
19:36:54.0156 2948 Scan finished
19:36:54.0156 2948 ============================================================
19:36:54.0296 0588 Detected object count: 15
19:36:54.0296 0588 Actual detected object count: 15
19:38:08.0421 0588 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0421 0588 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0421 0588 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0421 0588 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0421 0588 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0421 0588 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0421 0588 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0421 0588 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0437 0588 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0437 0588 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0437 0588 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0437 0588 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0453 0588 atapi ( LockedFile.Multi.Generic ) - skipped by user
19:38:08.0453 0588 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
19:38:08.0453 0588 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0453 0588 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0453 0588 DbgMsg ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0453 0588 DbgMsg ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0453 0588 ddnt ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0453 0588 ddnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0468 0588 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0468 0588 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0468 0588 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0468 0588 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0468 0588 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0468 0588 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:08.0468 0588 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:38:08.0468 0588 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:38:08.0484 0588 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:08.0484 0588 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Hallo bobke,


Dat ziet er allemaal netjes uit.
Ondervind je nog problemen?

Groeten abbs.

_________________

Eerlijk gezegd is de pc nog steeds even traag, heb nu niet de indruk dat deze sneller is geworden.
Ook de systeemdatum en tijd verspringt nog steeds...

Groeten, Bob

Hallo bobke,



Mogelijke oorzaken:
- BIOS batterij moet vernieuwen worden.
- Verkeerde instelling van de tijdzone Klik.



Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
• Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
• Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"


• Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

Opmerking:
Als u deze melding ziet.
C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".

• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"


• Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
• Herstart nu de computer.


Groeten abbs.

_________________

Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 9-5-2012 4:05:11

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 14-5-2012 21:17:30

Key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Nwsapagent Ontdekt: Trace.Registry.Agent!A2
c:\windows\gvcasinos.ini Ontdekt: Trace.File.Grace Casino!A2
c:\windows\exeshl.dll Ontdekt: Trace.File.WebSnitch v3.0!A2
c:\windows\netctrl.ini Ontdekt: Trace.File.WebSnitch v3.0!A2
c:\documents and settings\bob.bob-a601s66xuvi\application data\Microsoft\Internet Explorer\Quick Launch\Emule.lnk Ontdekt: Trace.File.Emule 5.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{E5B91392-1DD4-4B12-8D8D-87577377F432}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.DDominator!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5B91392-1DD4-4B12-8D8D-87577377F432}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.DDominator!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A25E2A7C-2EB6-447A-B9A8-074FD2DE6BA8}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Net Spy Pro 4.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A25E2A7C-2EB6-447A-B9A8-074FD2DE6BA8}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Net Spy Pro 4.0!A2
C:\Documents and Settings\Bob.BOB-A601S66XUVI\timeset.exe Ontdekt: Trojan.SuspectCRC!IK
C:\WINDOWS\system32\drivers\ddnt.sys Ontdekt: Rootkit.Win32.Agent.ec!A2
C:\WINDOWS\system32\timeset.exe Ontdekt: Trojan.SuspectCRC!IK

Gescand

Bestanden: 168394
Sporen: 447056
Cookies: 29
Processen: 35

Gevonden

Bestanden: 3
Sporen: 9
Cookies: 0
Processen: 0
Registersleutels: 0

Scan Geëindigd: 15-5-2012 1:39:12
Scantijd: 4:21:42

C:\WINDOWS\system32\drivers\ddnt.sys Verwijderd Rootkit.Win32.Agent.ec!A2
C:\Documents and Settings\Bob.BOB-A601S66XUVI\timeset.exe Verwijderd Trojan.SuspectCRC!IK
C:\WINDOWS\system32\timeset.exe Verwijderd Trojan.SuspectCRC!IK
Value: HKEY_CLASSES_ROOT\CLSID\{A25E2A7C-2EB6-447A-B9A8-074FD2DE6BA8}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.Net Spy Pro 4.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A25E2A7C-2EB6-447A-B9A8-074FD2DE6BA8}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.Net Spy Pro 4.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{E5B91392-1DD4-4B12-8D8D-87577377F432}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.DDominator!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5B91392-1DD4-4B12-8D8D-87577377F432}\InprocServer32 --> ThreadingModel Verwijderd Trace.Registry.DDominator!A2
c:\documents and settings\bob.bob-a601s66xuvi\application data\Microsoft\Internet Explorer\Quick Launch\Emule.lnk Verwijderd Trace.File.Emule 5.0!A2
c:\windows\exeshl.dll Verwijderd Trace.File.WebSnitch v3.0!A2
c:\windows\netctrl.ini Verwijderd Trace.File.WebSnitch v3.0!A2
c:\windows\gvcasinos.ini Verwijderd Trace.File.Grace Casino!A2
Key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Nwsapagent Verwijderd Trace.Registry.Agent!A2

Verwijderd

Bestanden: 3
Sporen: 9
Cookies: 0

Hallo bobke,


Doe het volgende om een nieuw DDS logje temaken:
(DDS staat nog op je Bureaublad zo nee, download hem opnieuw)


Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.



DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"

DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt

Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.


Post hierna het DDS.txt logje en vertel erbij hoe het gaat.


Groeten abbs.

_________________