PDA

Volledige versie bekijken : google opent ongewenste website


invader
31 March 2012, 14:00
Hoi,
mijn pc doet sinds een paar dagen raar als ik op google een woord opzoek zoals bv franse bulldog en ik wil een website openen dan verschijnt er een totaal andere website.
Ik heb mijn pc gescand met mallwarebytres maar deze vind niets terug.
Ik post hier voor alle zekerheid maar een hijackthis log voor eens na te kijken.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:47:52, on 31/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jerry\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5502 bytes
Juisterr
31 March 2012, 14:53
Download TDSSKStarter (http://home.kpn.nl/stefsmeenk/Tools/TDSSKStarter.exe) naar het bureaublad.

"TDSSKStarter.exe" gebruiken:


Sluit nu eerst alle nog openstaande programmavensters!


Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.


Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
invader
31 March 2012, 15:12
15:10:04.0648 3840 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:10:04.0648 3840 ================================================== ==========
15:10:04.0648 3840 Current date / time: 2012/03/31 15:10:04.0648
15:10:04.0648 3840 SystemInfo:
15:10:04.0648 3840
15:10:04.0648 3840 OS Version: 5.1.2600 ServicePack: 3.0
15:10:04.0648 3840 Product type: Workstation
15:10:04.0648 3840 ComputerName: THUIS
15:10:04.0648 3840 UserName: Jerry
15:10:04.0648 3840 Windows directory: C:\WINDOWS
15:10:04.0648 3840 System windows directory: C:\WINDOWS
15:10:04.0648 3840 Processor architecture: Intel x86
15:10:04.0648 3840 Number of processors: 2
15:10:04.0648 3840 Page size: 0x1000
15:10:04.0648 3840 Boot type: Normal boot
15:10:04.0648 3840 ================================================== ==========
15:10:06.0117 3840 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:10:06.0117 3840 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:10:06.0132 3840 Drive \Device\Harddisk2\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:10:06.0179 3840 Drive \Device\Harddisk7\DR14 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:10:06.0242 3840 \Device\Harddisk0\DR0:
15:10:06.0242 3840 MBR used
15:10:06.0242 3840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
15:10:06.0242 3840 \Device\Harddisk1\DR2:
15:10:06.0242 3840 MBR used
15:10:06.0242 3840 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:10:06.0242 3840 \Device\Harddisk2\DR3:
15:10:06.0242 3840 MBR used
15:10:06.0242 3840 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:10:06.0242 3840 \Device\Harddisk7\DR14:
15:10:06.0242 3840 MBR used
15:10:06.0242 3840 \Device\Harddisk7\DR14\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
15:10:06.0351 3840 Initialize success
15:10:06.0351 3840 ================================================== ==========
15:10:06.0382 2544 ================================================== ==========
15:10:06.0382 2544 Scan started
15:10:06.0382 2544 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
15:10:06.0382 2544 ================================================== ==========
15:10:07.0304 2544 Abiosdsk - ok
15:10:07.0320 2544 abp480n5 - ok
15:10:07.0367 2544 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:10:07.0617 2544 ACPI - ok
15:10:07.0648 2544 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:10:07.0757 2544 ACPIEC - ok
15:10:07.0757 2544 adpu160m - ok
15:10:07.0789 2544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:10:07.0898 2544 aec - ok
15:10:07.0929 2544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:10:07.0976 2544 AFD - ok
15:10:07.0992 2544 Aha154x - ok
15:10:07.0992 2544 aic78u2 - ok
15:10:07.0992 2544 aic78xx - ok
15:10:08.0039 2544 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
15:10:08.0132 2544 Alerter - ok
15:10:08.0179 2544 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
15:10:08.0289 2544 ALG - ok
15:10:08.0320 2544 AliIde - ok
15:10:08.0351 2544 amsint - ok
15:10:08.0351 2544 AppMgmt - ok
15:10:08.0367 2544 asc - ok
15:10:08.0367 2544 asc3350p - ok
15:10:08.0367 2544 asc3550 - ok
15:10:08.0414 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:10:08.0507 2544 AsyncMac - ok
15:10:08.0539 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:10:08.0632 2544 atapi - ok
15:10:08.0632 2544 Atdisk - ok
15:10:08.0648 2544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:10:08.0742 2544 Atmarpc - ok
15:10:08.0773 2544 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
15:10:08.0882 2544 AudioSrv - ok
15:10:08.0914 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:10:09.0023 2544 audstub - ok
15:10:09.0054 2544 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:10:09.0101 2544 b57w2k - ok
15:10:09.0132 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:10:09.0226 2544 Beep - ok
15:10:09.0273 2544 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
15:10:09.0398 2544 BITS - ok
15:10:09.0460 2544 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
15:10:09.0570 2544 Browser - ok
15:10:09.0648 2544 catchme - ok
15:10:09.0695 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:10:09.0804 2544 cbidf2k - ok
15:10:09.0804 2544 cd20xrnt - ok
15:10:09.0835 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:10:09.0945 2544 Cdaudio - ok
15:10:09.0976 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:10:10.0085 2544 Cdfs - ok
15:10:10.0117 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:10:10.0210 2544 Cdrom - ok
15:10:10.0210 2544 Changer - ok
15:10:10.0242 2544 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
15:10:10.0351 2544 CiSvc - ok
15:10:10.0382 2544 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
15:10:10.0492 2544 ClipSrv - ok
15:10:10.0492 2544 CmdIde - ok
15:10:10.0492 2544 COMSysApp - ok
15:10:10.0507 2544 Cpqarray - ok
15:10:10.0523 2544 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
15:10:10.0632 2544 CryptSvc - ok
15:10:10.0664 2544 dac2w2k - ok
15:10:10.0664 2544 dac960nt - ok
15:10:10.0710 2544 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
15:10:10.0773 2544 DcomLaunch - ok
15:10:10.0804 2544 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
15:10:10.0914 2544 Dhcp - ok
15:10:10.0960 2544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:10:11.0054 2544 Disk - ok
15:10:11.0054 2544 dmadmin - ok
15:10:11.0101 2544 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:10:11.0210 2544 dmboot - ok
15:10:11.0242 2544 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:10:11.0335 2544 dmio - ok
15:10:11.0351 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:10:11.0460 2544 dmload - ok
15:10:11.0492 2544 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
15:10:11.0585 2544 dmserver - ok
15:10:11.0617 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:10:11.0726 2544 DMusic - ok
15:10:11.0789 2544 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
15:10:11.0867 2544 Dnscache - ok
15:10:11.0914 2544 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
15:10:12.0007 2544 Dot3svc - ok
15:10:12.0039 2544 dpti2o - ok
15:10:12.0039 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:10:12.0132 2544 drmkaud - ok
15:10:12.0164 2544 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
15:10:12.0445 2544 EapHost - ok
15:10:12.0476 2544 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
15:10:12.0585 2544 ERSvc - ok
15:10:12.0617 2544 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:10:12.0632 2544 Eventlog - ok
15:10:12.0679 2544 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
15:10:12.0726 2544 EventSystem - ok
15:10:12.0804 2544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:10:12.0914 2544 Fastfat - ok
15:10:12.0945 2544 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:10:13.0007 2544 FastUserSwitchingCompatibility - ok
15:10:13.0023 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:10:13.0117 2544 Fdc - ok
15:10:13.0148 2544 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:10:13.0257 2544 Fips - ok
15:10:13.0289 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:10:13.0382 2544 Flpydisk - ok
15:10:13.0429 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:10:13.0523 2544 FltMgr - ok
15:10:13.0539 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:10:13.0632 2544 Fs_Rec - ok
15:10:13.0648 2544 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:10:13.0742 2544 Ftdisk - ok
15:10:13.0773 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:10:13.0882 2544 Gpc - ok
15:10:13.0914 2544 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
15:10:13.0960 2544 HdAudAddService - ok
15:10:14.0023 2544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:10:14.0117 2544 HDAudBus - ok
15:10:14.0164 2544 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:10:14.0273 2544 helpsvc - ok
15:10:14.0320 2544 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
15:10:14.0429 2544 HidServ - ok
15:10:14.0445 2544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:10:14.0570 2544 HidUsb - ok
15:10:14.0617 2544 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
15:10:14.0726 2544 hkmsvc - ok
15:10:14.0742 2544 hpn - ok
15:10:14.0773 2544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:10:14.0820 2544 HTTP - ok
15:10:14.0867 2544 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
15:10:14.0976 2544 HTTPFilter - ok
15:10:14.0992 2544 i2omgmt - ok
15:10:14.0992 2544 i2omp - ok
15:10:15.0007 2544 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:10:15.0101 2544 i8042prt - ok
15:10:15.0335 2544 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:10:15.0523 2544 ialm - ok
15:10:15.0539 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:10:15.0648 2544 Imapi - ok
15:10:15.0679 2544 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
15:10:15.0789 2544 ImapiService - ok
15:10:15.0820 2544 ini910u - ok
15:10:15.0976 2544 IntcAzAudAddService (06b0e8d608ab69643b14a1f95f7feab3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:10:16.0179 2544 IntcAzAudAddService - ok
15:10:16.0195 2544 IntelIde - ok
15:10:16.0226 2544 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:10:16.0335 2544 intelppm - ok
15:10:16.0367 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:10:16.0476 2544 Ip6Fw - ok
15:10:16.0492 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:10:16.0617 2544 IpFilterDriver - ok
15:10:16.0648 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:10:16.0742 2544 IpInIp - ok
15:10:16.0773 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:10:16.0882 2544 IpNat - ok
15:10:16.0914 2544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:10:17.0007 2544 IPSec - ok
15:10:17.0023 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:10:17.0132 2544 IRENUM - ok
15:10:17.0148 2544 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:10:17.0257 2544 isapnp - ok
15:10:17.0367 2544 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:10:17.0367 2544 JavaQuickStarterService - ok
15:10:17.0429 2544 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:10:17.0539 2544 Kbdclass - ok
15:10:17.0570 2544 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:10:17.0679 2544 kbdhid - ok
15:10:17.0695 2544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:10:17.0820 2544 kmixer - ok
15:10:17.0820 2544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:10:17.0867 2544 KSecDD - ok
15:10:17.0914 2544 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
15:10:17.0960 2544 lanmanserver - ok
15:10:17.0976 2544 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
15:10:18.0023 2544 lanmanworkstation - ok
15:10:18.0039 2544 lbrtfdc - ok
15:10:18.0070 2544 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
15:10:18.0179 2544 LmHosts - ok
15:10:18.0257 2544 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
15:10:18.0351 2544 Messenger - ok
15:10:18.0382 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:10:18.0492 2544 mnmdd - ok
15:10:18.0523 2544 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
15:10:18.0632 2544 mnmsrvc - ok
15:10:18.0664 2544 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:10:18.0773 2544 Modem - ok
15:10:18.0789 2544 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:10:18.0898 2544 Mouclass - ok
15:10:18.0929 2544 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:10:19.0023 2544 mouhid - ok
15:10:19.0039 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:10:19.0148 2544 MountMgr - ok
15:10:19.0148 2544 mraid35x - ok
15:10:19.0179 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:10:19.0289 2544 MRxDAV - ok
15:10:19.0351 2544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:10:19.0398 2544 MRxSmb - ok
15:10:19.0476 2544 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
15:10:19.0570 2544 MSDTC - ok
15:10:19.0570 2544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:10:19.0664 2544 Msfs - ok
15:10:19.0664 2544 MSIServer - ok
15:10:19.0695 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:10:19.0789 2544 MSKSSRV - ok
15:10:19.0820 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:10:19.0914 2544 MSPCLOCK - ok
15:10:19.0914 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:10:20.0023 2544 MSPQM - ok
15:10:20.0070 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:10:20.0164 2544 mssmbios - ok
15:10:20.0179 2544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:10:20.0210 2544 Mup - ok
15:10:20.0257 2544 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
15:10:20.0367 2544 napagent - ok
15:10:20.0507 2544 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:10:20.0539 2544 NBService - ok
15:10:20.0601 2544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:10:20.0710 2544 NDIS - ok
15:10:20.0789 2544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:10:20.0835 2544 NdisTapi - ok
15:10:20.0851 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:10:20.0960 2544 Ndisuio - ok
15:10:20.0992 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:10:21.0101 2544 NdisWan - ok
15:10:21.0132 2544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:10:21.0148 2544 NDProxy - ok
15:10:21.0195 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:10:21.0273 2544 NetBIOS - ok
15:10:21.0289 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:10:21.0398 2544 NetBT - ok
15:10:21.0429 2544 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:10:21.0523 2544 NetDDE - ok
15:10:21.0523 2544 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
15:10:21.0617 2544 NetDDEdsdm - ok
15:10:21.0648 2544 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:10:21.0757 2544 Netlogon - ok
15:10:21.0789 2544 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
15:10:21.0898 2544 Netman - ok
15:10:21.0992 2544 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
15:10:22.0023 2544 Nla - ok
15:10:22.0132 2544 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:10:22.0148 2544 NMIndexingService - ok
15:10:22.0179 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:10:22.0273 2544 Npfs - ok
15:10:22.0304 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:10:22.0429 2544 Ntfs - ok
15:10:22.0429 2544 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:10:22.0523 2544 NtLmSsp - ok
15:10:22.0554 2544 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
15:10:22.0648 2544 NtmsSvc - ok
15:10:22.0695 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:10:22.0789 2544 Null - ok
15:10:22.0820 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:10:22.0929 2544 NwlnkFlt - ok
15:10:22.0992 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:10:23.0101 2544 NwlnkFwd - ok
15:10:23.0148 2544 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
15:10:23.0226 2544 Parport - ok
15:10:23.0257 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:10:23.0335 2544 PartMgr - ok
15:10:23.0367 2544 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:10:23.0492 2544 ParVdm - ok
15:10:23.0570 2544 PBProcessMonitor232 (cadf8920ffa84e8a09cac81ac886d69f) C:\Program Files\PolderbitS\Video Recorder\PBProcessMonitor232.sys
15:10:23.0664 2544 PBProcessMonitor232 - ok
15:10:23.0726 2544 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:10:23.0835 2544 PCI - ok
15:10:23.0835 2544 PCIDump - ok
15:10:23.0851 2544 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:10:23.0960 2544 PCIIde - ok
15:10:23.0992 2544 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:10:24.0101 2544 Pcmcia - ok
15:10:24.0132 2544 PDCOMP - ok
15:10:24.0132 2544 PDFRAME - ok
15:10:24.0148 2544 PDRELI - ok
15:10:24.0148 2544 PDRFRAME - ok
15:10:24.0164 2544 perc2 - ok
15:10:24.0164 2544 perc2hib - ok
15:10:24.0210 2544 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
15:10:24.0210 2544 PlugPlay - ok
15:10:24.0257 2544 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:10:24.0335 2544 PolicyAgent - ok
15:10:24.0367 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:10:24.0460 2544 PptpMiniport - ok
15:10:24.0476 2544 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:10:24.0570 2544 ProtectedStorage - ok
15:10:24.0570 2544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:10:24.0679 2544 PSched - ok
15:10:24.0679 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:10:24.0789 2544 Ptilink - ok
15:10:24.0789 2544 ql1080 - ok
15:10:24.0789 2544 Ql10wnt - ok
15:10:24.0804 2544 ql12160 - ok
15:10:24.0804 2544 ql1240 - ok
15:10:24.0820 2544 ql1280 - ok
15:10:24.0835 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:10:24.0960 2544 RasAcd - ok
15:10:24.0976 2544 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
15:10:25.0085 2544 RasAuto - ok
15:10:25.0117 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:10:25.0226 2544 Rasl2tp - ok
15:10:25.0257 2544 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
15:10:25.0367 2544 RasMan - ok
15:10:25.0367 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:10:25.0476 2544 RasPppoe - ok
15:10:25.0523 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:10:25.0632 2544 Raspti - ok
15:10:25.0648 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:10:25.0742 2544 Rdbss - ok
15:10:25.0757 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:10:25.0851 2544 RDPCDD - ok
15:10:25.0898 2544 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:10:25.0945 2544 RDPWD - ok
15:10:25.0976 2544 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
15:10:26.0070 2544 RDSessMgr - ok
15:10:26.0101 2544 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:10:26.0195 2544 redbook - ok
15:10:26.0226 2544 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
15:10:26.0320 2544 RemoteAccess - ok
15:10:26.0429 2544 RichVideo (1d4061cc5bc8e823d05e1e6e6c1224e3) C:\Program Files\CyberLink\Shared files\RichVideo.exe
15:10:26.0445 2544 RichVideo - ok
15:10:26.0664 2544 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
15:10:26.0742 2544 RpcLocator - ok
15:10:26.0804 2544 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll
15:10:26.0820 2544 RpcSs - ok
15:10:26.0867 2544 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
15:10:26.0992 2544 RSVP - ok
15:10:27.0007 2544 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
15:10:27.0085 2544 SamSs - ok
15:10:27.0132 2544 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
15:10:27.0210 2544 SCardSvr - ok
15:10:27.0242 2544 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
15:10:27.0335 2544 Schedule - ok
15:10:27.0367 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:10:27.0476 2544 Secdrv - ok
15:10:27.0539 2544 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
15:10:27.0648 2544 seclogon - ok
15:10:27.0679 2544 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
15:10:27.0773 2544 SENS - ok
15:10:27.0773 2544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:10:27.0867 2544 serenum - ok
15:10:27.0898 2544 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
15:10:27.0992 2544 Serial - ok
15:10:28.0007 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:10:28.0117 2544 Sfloppy - ok
15:10:28.0148 2544 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
15:10:28.0257 2544 SharedAccess - ok
15:10:28.0289 2544 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:10:28.0304 2544 ShellHWDetection - ok
15:10:28.0304 2544 Simbad - ok
15:10:28.0320 2544 Sparrow - ok
15:10:28.0351 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:10:28.0460 2544 splitter - ok
15:10:28.0492 2544 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:10:28.0539 2544 Spooler - ok
15:10:28.0570 2544 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:10:28.0679 2544 sr - ok
15:10:28.0742 2544 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
15:10:28.0851 2544 srservice - ok
15:10:28.0898 2544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:10:28.0945 2544 Srv - ok
15:10:28.0992 2544 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
15:10:29.0085 2544 SSDPSRV - ok
15:10:29.0132 2544 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
15:10:29.0242 2544 stisvc - ok
15:10:29.0273 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:10:29.0367 2544 swenum - ok
15:10:29.0414 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:10:29.0507 2544 swmidi - ok
15:10:29.0523 2544 SwPrv - ok
15:10:29.0523 2544 symc810 - ok
15:10:29.0539 2544 symc8xx - ok
15:10:29.0539 2544 sym_hi - ok
15:10:29.0539 2544 sym_u3 - ok
15:10:29.0570 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:10:29.0664 2544 sysaudio - ok
15:10:29.0695 2544 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
15:10:29.0773 2544 SysmonLog - ok
15:10:29.0804 2544 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
15:10:29.0914 2544 TapiSrv - ok
15:10:29.0976 2544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:10:30.0039 2544 Tcpip - ok
15:10:30.0070 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:10:30.0148 2544 TDPIPE - ok
15:10:30.0164 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:10:30.0273 2544 TDTCP - ok
15:10:30.0289 2544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:10:30.0398 2544 TermDD - ok
15:10:30.0476 2544 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
15:10:30.0570 2544 TermService - ok
15:10:30.0617 2544 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
15:10:30.0617 2544 Themes - ok
15:10:30.0648 2544 TosIde - ok
15:10:30.0695 2544 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
15:10:30.0804 2544 TrkWks - ok
15:10:30.0835 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:10:30.0929 2544 Udfs - ok
15:10:30.0945 2544 ultra - ok
15:10:30.0992 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:10:31.0101 2544 Update - ok
15:10:31.0132 2544 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
15:10:31.0242 2544 upnphost - ok
15:10:31.0273 2544 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
15:10:31.0367 2544 UPS - ok
15:10:31.0429 2544 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:10:31.0539 2544 usbaudio - ok
15:10:31.0570 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:10:31.0679 2544 usbccgp - ok
15:10:31.0695 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:31.0804 2544 usbehci - ok
15:10:31.0835 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:31.0945 2544 usbhub - ok
15:10:31.0976 2544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:10:32.0070 2544 usbscan - ok
15:10:32.0101 2544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:10:32.0195 2544 usbstor - ok
15:10:32.0226 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:10:32.0320 2544 usbuhci - ok
15:10:32.0320 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:10:32.0414 2544 VgaSave - ok
15:10:32.0414 2544 ViaIde - ok
15:10:32.0445 2544 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:10:32.0539 2544 VolSnap - ok
15:10:32.0570 2544 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
15:10:32.0679 2544 VSS - ok
15:10:32.0710 2544 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
15:10:32.0820 2544 W32Time - ok
15:10:32.0882 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:10:32.0992 2544 Wanarp - ok
15:10:33.0023 2544 WDICA - ok
15:10:33.0054 2544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:10:33.0164 2544 wdmaud - ok
15:10:33.0210 2544 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
15:10:33.0304 2544 WebClient - ok
15:10:33.0367 2544 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:10:33.0460 2544 winmgmt - ok
15:10:33.0492 2544 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
15:10:33.0585 2544 WmdmPmSN - ok
15:10:33.0617 2544 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:10:33.0695 2544 WmiAcpi - ok
15:10:33.0710 2544 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:10:33.0820 2544 WmiApSrv - ok
15:10:33.0929 2544 WMPNetworkSvc (e3f091c0f8fcf97ccd86fb6c1beef185) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:10:33.0976 2544 WMPNetworkSvc - ok
15:10:34.0039 2544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:10:34.0148 2544 WS2IFSL - ok
15:10:34.0226 2544 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
15:10:34.0335 2544 wscsvc - ok
15:10:34.0398 2544 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
15:10:34.0507 2544 wuauserv - ok
15:10:34.0554 2544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:10:34.0585 2544 WudfPf - ok
15:10:34.0632 2544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:10:34.0648 2544 WudfRd - ok
15:10:34.0679 2544 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:10:34.0679 2544 WudfSvc - ok
15:10:34.0726 2544 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
15:10:34.0851 2544 WZCSVC - ok
15:10:34.0898 2544 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
15:10:34.0992 2544 xmlprov - ok
15:10:35.0085 2544 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
15:10:35.0085 2544 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
15:10:35.0101 2544 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
15:10:35.0289 2544 \Device\Harddisk0\DR0 - ok
15:10:35.0289 2544 MBR (0x1B8) (4fb6d97ec0b31d52e7c46eb8aec4798b) \Device\Harddisk1\DR2
15:10:35.0398 2544 \Device\Harddisk1\DR2 - ok
15:10:35.0414 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3
15:10:35.0601 2544 \Device\Harddisk2\DR3 - ok
15:10:35.0617 2544 MBR (0x1B8) (4e109e088ef4f29892fb4b77ab48296c) \Device\Harddisk7\DR14
15:10:35.0789 2544 \Device\Harddisk7\DR14 - ok
15:10:35.0789 2544 Boot (0x1200) (899e176e1f61b412d39afdb748078679) \Device\Harddisk0\DR0\Partition0
15:10:35.0789 2544 \Device\Harddisk0\DR0\Partition0 - ok
15:10:35.0789 2544 Boot (0x1200) (66f4ca809c8f1ae591764d1689bfd7ba) \Device\Harddisk1\DR2\Partition0
15:10:35.0789 2544 \Device\Harddisk1\DR2\Partition0 - ok
15:10:35.0789 2544 Boot (0x1200) (6d59022140ece81f0a2977c4cfe6a270) \Device\Harddisk2\DR3\Partition0
15:10:35.0789 2544 \Device\Harddisk2\DR3\Partition0 - ok
15:10:35.0789 2544 Boot (0x1200) (4f739d7da506aceb73b0a0c699e9b662) \Device\Harddisk7\DR14\Partition0
15:10:35.0789 2544 \Device\Harddisk7\DR14\Partition0 - ok
15:10:35.0804 2544 ================================================== ==========
15:10:35.0804 2544 Scan finished
15:10:35.0804 2544 ================================================== ==========
15:10:36.0679 3616 Deinitialize success

==============================================
System Restore Point Check:
No Restore Point Created
==============================================
EOF
Juisterr
31 March 2012, 15:27
Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.



http://www.imgdumper.nl/uploads4/4de6eab686b90/4de6eab6867f3-Combofix.JPG

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608) of hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607) 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
invader
31 March 2012, 15:43
ComboFix 12-03-31.02 - Jerry 31/03/2012 15:31:28.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3063.2437 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Jerry\Bureaublad\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jerry\Application Data\ACD Systems\ACDSee\ImageDB.ddf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-31 ))))))))))))))))))))))))))))))
.
.
2012-03-30 13:44 . 2012-03-31 12:43 -------- d--h--r- c:\documents and settings\Jerry\Onlangs geopend
2012-03-26 14:33 . 2012-03-26 14:33 102912 --sha-r- c:\windows\system32\SP32395H.dll
2012-03-26 13:31 . 2012-03-26 13:31 -------- d-----w- c:\program files\Common Files\Java
2012-03-26 13:31 . 2012-03-26 13:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-26 13:31 . 2012-03-26 13:30 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-26 13:30 . 2012-03-26 13:30 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-26 13:30 . 2011-12-25 18:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 12:25 . 2011-12-23 17:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2006-03-02 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-12-23 16:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmpD37BF.FOT
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmpC67BF.FOT
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmpAB7BF.FOT
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmp9E7BF.FOT
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmp728BF.FOT
2012-01-15 04:51 . 2012-01-15 04:51 1409 ----a-w- c:\windows\system32\tmp648BF.FOT
2012-01-11 19:07 . 2012-02-25 04:28 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-12-23 14:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 01:36 . 2012-01-09 01:36 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2012-03-21 15:39 . 2011-12-24 19:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-03-02 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 17:02 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 17:02 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413696 --sh--w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 17:03 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
S3 PBProcessMonitor232;PolderbitS Process Monitor Driver 2;c:\program files\PolderbitS\Video Recorder\PBProcessMonitor232.sys [23/12/2011 17:35 16880]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 83482224
*Deregistered* - 83482224
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-31 c:\windows\Tasks\holvkmjduc.job
- c:\windows\system32\SP32395H.dll [2012-03-26 14:33]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jerry\Application Data\Mozilla\Firefox\Profiles\coclmcr8.default\
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 15:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Voltooingstijd: 2012-03-31 15:36:39
ComboFix-quarantined-files.txt 2012-03-31 13:36
ComboFix2.txt 2012-03-30 16:17
.
Pre-Run: 64.044.892.160 bytes beschikbaar
Post-Run: 65.687.891.968 bytes beschikbaar
.
- - End Of File - - A048B85C3867681CEB809038E6A3733F
Juisterr
31 March 2012, 20:26
Wil je deze stappen eens doen?
http://www.java.com/nl/download/help/plugin_cache.xml

Laat even weten of het gelukt is.