Het is nu do jul 31, 2014 9:22 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 69 berichten ]  Ga naar pagina 1, 2, 3, 4, 5  Volgende
Auteur Bericht
BerichtGeplaatst: do maart 01, 2012 5:45 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Hallo, ik heb dik probleem. Ik ben bezig met mijn afstudeerscriptie en wordt nu overvallen met een trojaans paard. AVG noemt dit Trojaans paard Generic 27.PN. Ik blijf regelmatige meldingen krijgen van geinfecteerde bestanden. Een gehele AVG scan repareert die bestanden maar verwijdert het "paard" niet. Spybot werkt niet, malware werkt ook niet. Hijack geeft de volgende log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:51, on 1-3-2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\spool\drivers\w32x86\3\CMpdpsrv.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ab\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUAUCLT.EXE
C:\Windows\system32\conime.exe
C:\Users\Ab\AppData\Local\Temp\90E1.tmp
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\explorer.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F3 - REG:win.ini: load=C:\Users\Ab\AppData\Local\Temp\{71040~1.EXE
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\Windows\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-BU6B4.exe" /REG /REGSVRMODE
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [HyvesDesktop.exe] C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c983c5f5518af7) (gupdate1c983c5f5518af7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10818 bytes


Ik heb dringend hulp nodig en ik heb geen idee wat ik hieraan kan doen.
Groeten,

Jozef Hubert.


Omhoog
 Profiel  
 
BerichtGeplaatst: do maart 01, 2012 8:56 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Momentje ik ga even kijken .

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: do maart 01, 2012 9:00 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Start HijackThis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:


F3 - REG:win.ini: load=C:\Users\Ab\AppData\Local\Temp\{71040~1.EXE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab



Sluit alle vensters behalve HijackThis
Klik op 'Fix checked' om de items te verwijderen.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: do maart 01, 2012 9:01 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.



Afbeelding

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: do maart 01, 2012 11:57 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Ik heb de hijackscan gedaan, ga nu naar het combofix gedeelte toe. AVG blijft maar meldingen geven van geinfecteerde bestanden.


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 12:01 am 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Correctie, wordt morgenvroeg aangezien ik net lees dat combofix wel even gaat duren.


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 11:30 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Lukt het ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 12:04 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Ik heb de combofix gedaan. Echter, dit is niet goed gegaan. Hij doet er normaal 10 minuten over, in zware gevallen het dubbele. Bij mij was hij al bijna een uur bezig. Ik ben een half uurtje weg geweest voor werk en toen ik terug kwam was de computer uit. Enige tips om verder te gaan? Combofix opnieuw doen?


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 12:09 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Ik ben vergeten te vermelden dat ik AVG niet uit kreeg op de manier die op het forum was beschreven. Ik heb via CC cleaner, tools AVG uitgezet en de laptop herstart. Daarna gaf combofix aan dat AVG nog werkte, echter ik kreeg de virus meldingen niet meer dus heb combofix toch gedraaid.


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 12:18 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Excuses als ik teveel spam, maar ben combofix opnieuw aan het doen (ben niet erg geduldig). Hij geeft aan dat rootkit is detected and dat het even gaat duren.


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 1:31 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
Combofix heeft z'n werk gedaan. Hopelijk kun je me vertellen wat ik nu moet doen. hier is de log:

ComboFix 12-03-01.02 - Ab 02-03-2012 11:39:27.1.2 - x86
Gestart vanuit: c:\users\Ab\Desktop\ComboFix.exe
AV: AVG Internet Security SBS Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security SBS Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\vlc-1.1.2-win32.exe
c:\programdata\windows
c:\programdata\windows\msxx.dat
c:\programdata\Windows\vvve.dat
c:\users\Ab\AppData\Local\b024cd0d\U\00000001.@
c:\users\Ab\AppData\Local\b024cd0d\U\000000c0.@
c:\users\Ab\AppData\Local\b024cd0d\U\000000cb.@
c:\users\Ab\AppData\Local\b024cd0d\U\000000cf.@
c:\users\Ab\AppData\Local\b024cd0d\U\80000000.@
c:\users\Ab\AppData\Local\b024cd0d\U\800000c0.@
c:\users\Ab\AppData\Local\b024cd0d\U\800000cb.@
c:\users\Ab\AppData\Local\b024cd0d\U\800000cf.@
c:\users\Ab\AppData\Local\b024cd0d\X
c:\windows\system32\3comtftp.dll_1330640306.arl
c:\windows\system32\bridge.dll_1330640306.arl
c:\windows\system32\CX88ENC.dll_1330640306.arl
c:\windows\system32\itchfltr.dll_1330640306.arl
c:\windows\system32\konfig.dll_1330640306.arl
c:\windows\system32\lsprst7.dll
c:\windows\system32\Mtlstrm.dll_1330640306.arl
c:\windows\system32\netmnt.dll_1330640306.arl
c:\windows\system32\nm.dll_1330640306.arl
c:\windows\system32\nscservice.dll_1330640306.arl
c:\windows\system32\ps2.dll_1330640306.arl
c:\windows\system32\spsslm.dll_1330640306.arl
c:\windows\$NtUninstallKB33494$ . . . . konden niet verwijderd worden
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-01 18:12 . 2012-03-01 18:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-01 14:16 . 2012-03-01 14:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-01 14:16 . 2012-03-01 14:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-01 13:50 . 2012-03-02 07:23 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-03-01 13:48 . 2012-03-02 10:52 -------- d-sh--w- c:\users\Ab\AppData\Local\b024cd0d
2012-02-11 12:02 . 2012-02-11 12:02 -------- d-----w- c:\program files\iPod
2012-02-11 12:02 . 2012-02-11 12:04 -------- d-----w- c:\program files\iTunes
2012-02-11 11:58 . 2012-02-11 11:58 -------- d-----w- c:\program files\Apple Software Update
2012-02-11 11:54 . 2012-02-11 11:54 -------- d-----w- c:\program files\Bonjour
2012-02-10 16:54 . 2012-02-10 16:54 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 07:14 . 2011-11-27 09:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 16:46 . 2011-12-14 16:46 913168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 14:24 . 2009-08-13 10:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 18:24 . 2011-11-26 16:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 15:25 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-13 1033512]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"CMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-10-31 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-10-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-26 19:02 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
NETSVCS VEREIST REPARATIES - huidige waarden worden getoond
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
fetnd5bv
se44mdfl
bthidenum
atixsaudio
cbidf
s117bus
oracleorahomeclientcache
pdlnebas
SaiNtHid
Intel_MIPMNMP
VX3000
MSMQ
issuser
mstdc
pdagent
AsuhfivrO
MSIRCOMM
ndasscsi
AF15BDA
SE2Bobex
CTSYN
Cap7134
vserial
i2omgmt
mcdbus
amoagent
iAimTV5
hap17v2k
cpqalert
ha20x2k
s24trans
a016mdm
ZTEusbmdm6k
CAMFLT
zumbus
WavxDMgr
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
ups
NVXBAR
ppmoucls
wtwservice
CTEDSPFX.DLL
CSDriver
dladresm
elnkupdateservice
Sntnlusb
acedrv07
U81xmgmt
cercsr6
pavfnsvr
VCAM
vulfntrs
wmp54gssvc
sit_mdm
GameConsoleService
iSMBIOS
rapapp
lirsgt
se2Dnd5
roxmediadb
freebsd
Ktp
rvscc
Cam5603D
StreamDispatcher
SANDRA
venturi2
irda
MRESP50a64
lgsnd_filter
nsvclog
yats32
mcsysmon
svcwmu
rppkt
InterBaseServer
MpFilter
retrowdsvc
p2pgasvc
pavsrv
ZD1211BU(ZyDAS)
DritekPortIO
szkg
W8100PCI
win32sl
avinitnt
fix
wlidsvc
ZDPNDIS5
Slntamr
hpqcxs08
sqlserveragent
snmptrapdservice
sonypvs1
AX88772
plsremotesvc
TIEHDUSB
lexbces
slapd-data52
WIBUKEY
NxFsMon
X4HSX32
sysenforce
W700mgmt
btkrnl
nsctop
ProcObsrv
s116bus
LVRS
penclass
moufiltr
AGV
Evian
symwsc
iaimtv1
websensecamserver
cdrbsvsd
gbpoll
generichidservice
bufserv
srescan
autocomplete
GV600_4
EL2000
websenselogserver
dptrackerd
s117mgmt
elagopro
SaiMini
bh611
hnmsvc
aexnsclient
mvdcodec
s616mdfl
REVO
mbmiodrvr
s716nd5
se2Dunic
PCDCODEC
mssql$sony_mediamgr
tmxpflt
rtl8139
navapel
nvnetbus
MagicTune
btwaudio
rksample
eeyeevnt
s24eventmonitor
FsVga
hotspotshieldservice
ROCKEYNT
nv
superproserver
lxcd_device
us30sys
BrPar
smwdm
WNCPKT
wm
P17xfi
XFX_program
rrrspy
AN983
mldserv
DumaNT
ma_cmidi_installerservice
USB11LDR
Sk99202k
perc2hib
mskservice
PcdrNt
ELhid
aw_host
vpcvmm
kpfwsvc
z525mdfl
statusagent
se45obex
s716unic
carboncopy32
ntsvcmgr
mfebopk
pdcomp
s616obex
SE2Eobex
wscsvc
ARCSOFTVIRTUALCAPTURE
VSP1284D
WDM_YAMAHAAC97
netmnt
HWSCtrl
commserver
cwafadmincontroller
pshost
websenserealtimeanalyzer
MSFWDrv
backupexecjobengine
mindrepair
ispwdsvc
dlabmfsm
enxpsvr
s125bus
zpcollector
soma
keriomailserver
snapman380
sr
iaimtv4
se45mgmt
avsvcmonitor
ypcservice
belgium_id_card_service
epson_pm_rpcv2_02
As6frin
iaimfp3
dklogger
LUsbKbd
PSDFilter
awecho
trcboot
axsaki
hpzipr12
symmpi
sit_prt
iaimfp0
motmodem
upperdev
agnfilt
NMSSvc
viagfx
tsdhd
zpsc
SWUMX51
Eplpdx02
Stltrk2k
ziptoa
backuplauncher
NWDHCP
catchme
richvideo
ati2mtaa
SISNICXP
netrcacm
winpowerrmi
cwafadminmonitor
dmusic
mksupdateint
k750mdfl
HECI
zmxpzip
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-02 c:\windows\Tasks\AutoRearm.job
- c:\windows\AutoRearm\AutoRearm.exe [2011-11-19 11:09]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 17:03]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 17:03]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Ab\AppData\Roaming\Mozilla\Firefox\Profiles\3cje59o1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-HyvesDesktop.exe - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE
HKLM-Run-eRecoveryService - (no file)
SafeBoot-MCODS
AddRemove-Third Age - Total War 2.0 (Part1of2) - d:\program files\SEGA\Medieval II Total War\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 12:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-433812194-944518567-224115866-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,65,f5,a0,a9,bb,e7,d5,df,a2,fa,ed,00,04,54,f5,0b,f8,1b,cc,d8,
b9,f6,f9,c6,99,26,fa,3b,ac,84,52,32,02,7e,cb,c6,e9,08,60,b7,6a,ac,ba,c0,82,\
"rkeysecu"=hex:2b,a8,f3,7b,9b,49,82,ba,59,dc,a4,05,a3,b7,27,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5224)
c:\windows\System32\SysHook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-03-02 12:28:52 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-02 11:28
.
Pre-Run: 46.858.452.992 bytes beschikbaar
Post-Run: 46.624.047.104 bytes beschikbaar
.
- - End Of File - - DA3FD406FFFB5EF16D194ED683A23684


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 5:55 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Hoi,

1. Download link mbam-setup.exe naar je Bureaublad

Zorg ervoor dat Extensies voor bekende bestandstypen verbergen word weergegeven


Windows Vista
Ga naar Computer
Kies Organiseren>> Map- en zoekopties
Kies het tabblad WeergaveHaal het vinkje weg bij Extensies voor bekende bestandstypen verbergen
Klik Toepassen

Benoem nu mbam-setup.exe Afbeelding om naar mbam-setup.com Afbeelding

Wanneer Malwarebytes' Anti-Malware al geïnstalleerd is :
Verander ook daar mbam-setup.exe om naar mbam-setup.com

Windows XP ; Navigeer naar C:\Program Files\Malwarebytes' Anti-Malware
Vista : Navigeer naar c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware

Afbeelding Afbeelding

Dubbelklik mbam-setup.com om het programma te installeren
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Ga naar tabblad Scanner en kies voor Snelle Scan.
Klik vervolgens op Scannen om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna Bekijk Resultaten om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


2. laat Combofix nogmaals de computer scannen.

Plaats het logje van Combofix samen met het logje van MBAM in het volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 7:31 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
mbam:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.02.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Ab :: PC_VAN_AB [administrator]

2-3-2012 17:05:46
mbam-log-2012-03-02 (17-05-46).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 188928
Verstreken tijd: 6 minuut/minuten, 52 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

----------------------

combofix:

ComboFix 12-03-01.02 - Ab 02-03-2012 17:47:55.2.2 - x86
Gestart vanuit: c:\users\Ab\Desktop\ComboFix.exe
AV: AVG Internet Security SBS Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security SBS Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MSIRCOMM.dll
c:\windows\$NtUninstallKB33494$ . . . . konden niet verwijderd worden
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TIEHDUSB
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 17:01 . 2012-03-02 17:22 -------- d-----w- c:\users\Ab\AppData\Local\temp
2012-03-01 18:12 . 2012-03-01 18:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-01 14:16 . 2012-03-01 14:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-01 14:16 . 2012-03-01 14:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-01 13:50 . 2012-03-02 07:23 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-03-01 13:48 . 2012-03-02 10:52 -------- d-sh--w- c:\users\Ab\AppData\Local\b024cd0d
2012-02-11 12:02 . 2012-02-11 12:02 -------- d-----w- c:\program files\iPod
2012-02-11 12:02 . 2012-02-11 12:04 -------- d-----w- c:\program files\iTunes
2012-02-11 11:58 . 2012-02-11 11:58 -------- d-----w- c:\program files\Apple Software Update
2012-02-11 11:54 . 2012-02-11 11:54 -------- d-----w- c:\program files\Bonjour
2012-02-10 16:54 . 2012-02-10 16:54 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 07:14 . 2011-11-27 09:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 16:46 . 2011-12-14 16:46 913168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 14:24 . 2009-08-13 10:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 18:24 . 2011-11-26 16:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 15:25 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-13 1033512]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"CMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-10-31 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-10-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-26 19:02 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
NETSVCS VEREIST REPARATIES - huidige waarden worden getoond
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
fetnd5bv
se44mdfl
bthidenum
atixsaudio
cbidf
s117bus
oracleorahomeclientcache
pdlnebas
SaiNtHid
Intel_MIPMNMP
VX3000
MSMQ
issuser
mstdc
pdagent
AsuhfivrO
MSIRCOMM
ndasscsi
AF15BDA
SE2Bobex
CTSYN
Cap7134
vserial
i2omgmt
mcdbus
amoagent
iAimTV5
hap17v2k
cpqalert
ha20x2k
s24trans
a016mdm
ZTEusbmdm6k
CAMFLT
zumbus
WavxDMgr
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
ups
NVXBAR
ppmoucls
wtwservice
CTEDSPFX.DLL
CSDriver
dladresm
elnkupdateservice
Sntnlusb
acedrv07
U81xmgmt
cercsr6
pavfnsvr
VCAM
vulfntrs
wmp54gssvc
sit_mdm
GameConsoleService
iSMBIOS
rapapp
lirsgt
se2Dnd5
roxmediadb
freebsd
Ktp
rvscc
Cam5603D
StreamDispatcher
SANDRA
venturi2
irda
MRESP50a64
lgsnd_filter
nsvclog
yats32
mcsysmon
svcwmu
rppkt
InterBaseServer
MpFilter
retrowdsvc
p2pgasvc
pavsrv
ZD1211BU(ZyDAS)
DritekPortIO
szkg
W8100PCI
win32sl
avinitnt
fix
wlidsvc
ZDPNDIS5
Slntamr
hpqcxs08
sqlserveragent
snmptrapdservice
sonypvs1
AX88772
plsremotesvc
lexbces
slapd-data52
WIBUKEY
NxFsMon
X4HSX32
sysenforce
W700mgmt
btkrnl
nsctop
ProcObsrv
s116bus
LVRS
penclass
moufiltr
AGV
Evian
symwsc
iaimtv1
websensecamserver
cdrbsvsd
gbpoll
generichidservice
bufserv
srescan
autocomplete
GV600_4
EL2000
websenselogserver
dptrackerd
s117mgmt
elagopro
SaiMini
bh611
hnmsvc
aexnsclient
mvdcodec
s616mdfl
REVO
mbmiodrvr
s716nd5
se2Dunic
PCDCODEC
mssql$sony_mediamgr
tmxpflt
rtl8139
navapel
nvnetbus
MagicTune
btwaudio
rksample
eeyeevnt
s24eventmonitor
FsVga
hotspotshieldservice
ROCKEYNT
nv
superproserver
lxcd_device
us30sys
BrPar
smwdm
WNCPKT
wm
P17xfi
XFX_program
rrrspy
AN983
mldserv
DumaNT
ma_cmidi_installerservice
USB11LDR
Sk99202k
perc2hib
mskservice
PcdrNt
ELhid
aw_host
vpcvmm
kpfwsvc
z525mdfl
statusagent
se45obex
s716unic
carboncopy32
ntsvcmgr
mfebopk
pdcomp
s616obex
SE2Eobex
wscsvc
ARCSOFTVIRTUALCAPTURE
VSP1284D
WDM_YAMAHAAC97
netmnt
HWSCtrl
commserver
cwafadmincontroller
pshost
websenserealtimeanalyzer
MSFWDrv
backupexecjobengine
mindrepair
ispwdsvc
dlabmfsm
enxpsvr
s125bus
zpcollector
soma
keriomailserver
snapman380
sr
iaimtv4
se45mgmt
avsvcmonitor
ypcservice
belgium_id_card_service
epson_pm_rpcv2_02
As6frin
iaimfp3
dklogger
LUsbKbd
PSDFilter
awecho
trcboot
axsaki
hpzipr12
symmpi
sit_prt
iaimfp0
motmodem
upperdev
agnfilt
NMSSvc
viagfx
tsdhd
zpsc
SWUMX51
Eplpdx02
Stltrk2k
ziptoa
backuplauncher
NWDHCP
catchme
richvideo
ati2mtaa
SISNICXP
netrcacm
winpowerrmi
cwafadminmonitor
dmusic
mksupdateint
k750mdfl
HECI
zmxpzip
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-02 c:\windows\Tasks\AutoRearm.job
- c:\windows\AutoRearm\AutoRearm.exe [2011-11-19 11:09]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 17:03]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 17:03]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Ab\AppData\Roaming\Mozilla\Firefox\Profiles\3cje59o1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 18:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-433812194-944518567-224115866-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,65,f5,a0,a9,bb,e7,d5,df,a2,fa,ed,00,04,54,f5,0b,f8,1b,cc,d8,
b9,f6,f9,c6,99,26,fa,3b,ac,84,52,32,02,7e,cb,c6,e9,08,60,b7,6a,ac,ba,c0,82,\
"rkeysecu"=hex:2b,a8,f3,7b,9b,49,82,ba,59,dc,a4,05,a3,b7,27,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3028)
c:\windows\System32\SysHook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-03-02 18:29:49 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-02 17:29
ComboFix2.txt 2012-03-02 11:28
.
Pre-Run: 46.320.537.600 bytes beschikbaar
Post-Run: 45.997.096.960 bytes beschikbaar
.
- - End Of File - - 1342E73DB6B5A380BDA6DD65D1906879


Omhoog
 Profiel  
 
BerichtGeplaatst: vr maart 02, 2012 7:42 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33479
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download TDSSKStarter naar het bureaublad.

"TDSSKStarter.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
  • Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: za maart 03, 2012 1:09 pm 
Offline
Lid

Geregistreerd: do maart 01, 2012 5:38 pm
Berichten: 39
Besturingssysteem: Windows Vista
Bescherming: AVG
11:04:24.0573 5032 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
11:04:24.0573 5032 ============================================================
11:04:24.0573 5032 Current date / time: 2012/03/03 11:04:24.0573
11:04:24.0573 5032 SystemInfo:
11:04:24.0573 5032
11:04:24.0573 5032 OS Version: 6.0.6001 ServicePack: 1.0
11:04:24.0573 5032 Product type: Workstation
11:04:24.0573 5032 ComputerName: PC_VAN_AB
11:04:24.0573 5032 UserName: Ab
11:04:24.0573 5032 Windows directory: C:\Windows
11:04:24.0573 5032 System windows directory: C:\Windows
11:04:24.0573 5032 Processor architecture: Intel x86
11:04:24.0573 5032 Number of processors: 2
11:04:24.0573 5032 Page size: 0x1000
11:04:24.0573 5032 Boot type: Normal boot
11:04:24.0573 5032 ============================================================
11:04:26.0586 5032 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:04:26.0601 5032 \Device\Harddisk0\DR0:
11:04:26.0617 5032 MBR used
11:04:26.0617 5032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
11:04:26.0617 5032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xDEE2800
11:04:26.0882 5032 Initialize success
11:04:26.0882 5032 ============================================================
11:04:26.0913 2488 ============================================================
11:04:26.0913 2488 Scan started
11:04:26.0913 2488 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
11:04:26.0913 2488 ============================================================
11:04:32.0888 2488 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
11:04:33.0091 2488 ACPI - ok
11:04:33.0621 2488 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:04:33.0715 2488 adp94xx - ok
11:04:34.0292 2488 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:04:34.0635 2488 adpahci - ok
11:04:34.0978 2488 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:04:35.0010 2488 adpu160m - ok
11:04:35.0431 2488 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:04:35.0571 2488 adpu320 - ok
11:04:36.0476 2488 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
11:04:36.0772 2488 AFD - ok
11:04:37.0256 2488 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:04:37.0272 2488 agp440 - ok
11:04:37.0833 2488 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:04:37.0849 2488 aic78xx - ok
11:04:38.0254 2488 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:04:38.0270 2488 aliide - ok
11:04:38.0660 2488 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:04:38.0676 2488 amdagp - ok
11:04:38.0972 2488 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:04:38.0988 2488 amdide - ok
11:04:39.0362 2488 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:04:41.0484 2488 AmdK7 - ok
11:04:41.0874 2488 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:04:41.0952 2488 AmdK8 - ok
11:04:42.0638 2488 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:04:42.0654 2488 arc - ok
11:04:43.0137 2488 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:04:43.0153 2488 arcsas - ok
11:04:43.0746 2488 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:04:43.0824 2488 AsyncMac - ok
11:04:44.0182 2488 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:04:44.0214 2488 atapi - ok
11:04:44.0728 2488 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
11:04:45.0118 2488 athr - ok
11:04:46.0257 2488 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
11:04:46.0413 2488 AvgLdx86 - ok
11:04:46.0725 2488 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys
11:04:46.0741 2488 AvgMfx86 - ok
11:04:47.0115 2488 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
11:04:47.0146 2488 AvgRkx86 - ok
11:04:47.0568 2488 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
11:04:47.0583 2488 AvgTdiX - ok
11:04:48.0145 2488 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:04:48.0238 2488 b57nd60x - ok
11:04:49.0221 2488 BCM43XX (c38077d14adf896ee1e1dbbcbcf77e14) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:04:49.0299 2488 BCM43XX - ok
11:04:49.0892 2488 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:04:50.0048 2488 Beep - ok
11:04:50.0766 2488 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:04:50.0937 2488 blbdrive - ok
11:04:51.0452 2488 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
11:04:51.0889 2488 bowser - ok
11:04:52.0248 2488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:04:52.0887 2488 BrFiltLo - ok
11:04:53.0137 2488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:04:53.0215 2488 BrFiltUp - ok
11:04:53.0449 2488 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:04:54.0338 2488 Brserid - ok
11:04:54.0447 2488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:04:54.0572 2488 BrSerWdm - ok
11:04:54.0681 2488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:04:54.0837 2488 BrUsbMdm - ok
11:04:55.0009 2488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:04:55.0118 2488 BrUsbSer - ok
11:04:55.0227 2488 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:04:55.0352 2488 BTHMODEM - ok
11:04:55.0602 2488 catchme - ok
11:04:55.0804 2488 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:04:55.0898 2488 cdfs - ok
11:04:56.0101 2488 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:04:56.0335 2488 cdrom - ok
11:04:56.0444 2488 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
11:04:56.0538 2488 circlass - ok
11:04:56.0678 2488 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:04:56.0709 2488 CLFS - ok
11:04:57.0255 2488 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:04:57.0349 2488 CmBatt - ok
11:04:57.0474 2488 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:04:57.0489 2488 cmdide - ok
11:04:57.0567 2488 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:04:57.0583 2488 Compbatt - ok
11:04:57.0630 2488 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:04:57.0645 2488 crcdisk - ok
11:04:57.0692 2488 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:04:57.0786 2488 Crusoe - ok
11:04:58.0004 2488 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
11:04:58.0066 2488 CVirtA - ok
11:04:58.0285 2488 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:04:58.0332 2488 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:04:58.0332 2488 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:04:58.0503 2488 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
11:04:58.0566 2488 DfsC - ok
11:04:58.0768 2488 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:04:58.0815 2488 disk - ok
11:04:58.0878 2488 DKbFltr - ok
11:04:59.0096 2488 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
11:04:59.0112 2488 DNE - ok
11:04:59.0346 2488 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:04:59.0392 2488 drmkaud - ok
11:04:59.0564 2488 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:04:59.0642 2488 DXGKrnl - ok
11:05:00.0001 2488 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:05:00.0094 2488 E1G60 - ok
11:05:00.0344 2488 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:05:00.0360 2488 Ecache - ok
11:05:00.0531 2488 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:05:00.0562 2488 elxstor - ok
11:05:00.0703 2488 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:05:00.0765 2488 ErrDev - ok
11:05:01.0093 2488 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:05:01.0186 2488 exfat - ok
11:05:01.0327 2488 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:05:01.0420 2488 fastfat - ok
11:05:01.0561 2488 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:05:01.0639 2488 fdc - ok
11:05:01.0951 2488 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:05:01.0966 2488 FileInfo - ok
11:05:02.0076 2488 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:05:02.0154 2488 Filetrace - ok
11:05:02.0278 2488 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:05:02.0356 2488 flpydisk - ok
11:05:02.0544 2488 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:05:02.0559 2488 FltMgr - ok
11:05:02.0637 2488 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:05:02.0700 2488 Fs_Rec - ok
11:05:02.0918 2488 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:05:02.0934 2488 gagp30kx - ok
11:05:03.0090 2488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:05:03.0105 2488 GEARAspiWDM - ok
11:05:03.0324 2488 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:05:03.0464 2488 HdAudAddService - ok
11:05:03.0604 2488 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:05:03.0682 2488 HDAudBus - ok
11:05:03.0823 2488 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:05:03.0932 2488 HidBth - ok
11:05:04.0166 2488 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
11:05:04.0213 2488 HidIr - ok
11:05:04.0306 2488 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:05:04.0369 2488 HidUsb - ok
11:05:04.0603 2488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:05:04.0634 2488 HpCISSs - ok
11:05:04.0790 2488 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:05:04.0852 2488 HSFHWAZL - ok
11:05:05.0071 2488 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:05:05.0149 2488 HSF_DPV - ok
11:05:05.0258 2488 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:05:05.0305 2488 HSXHWAZL - ok
11:05:05.0476 2488 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
11:05:05.0570 2488 HTTP - ok
11:05:05.0710 2488 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:05:05.0726 2488 i2omp - ok
11:05:05.0976 2488 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:05:06.0022 2488 i8042prt - ok
11:05:06.0256 2488 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:05:06.0272 2488 iaStorV - ok
11:05:06.0444 2488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:05:06.0459 2488 iirsp - ok
11:05:06.0553 2488 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
11:05:06.0568 2488 int15 - ok
11:05:06.0958 2488 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
11:05:07.0068 2488 IntcAzAudAddService - ok
11:05:07.0208 2488 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:05:07.0224 2488 intelide - ok
11:05:07.0333 2488 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:05:07.0395 2488 intelppm - ok
11:05:07.0520 2488 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:07.0598 2488 IpFilterDriver - ok
11:05:07.0832 2488 IpInIp - ok
11:05:08.0222 2488 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:05:08.0284 2488 IPMIDRV - ok
11:05:08.0425 2488 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:05:08.0503 2488 IPNAT - ok
11:05:08.0815 2488 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:05:08.0893 2488 IRENUM - ok
11:05:09.0142 2488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:05:09.0174 2488 isapnp - ok
11:05:09.0454 2488 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:05:09.0470 2488 iScsiPrt - ok
11:05:09.0642 2488 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:05:09.0657 2488 iteatapi - ok
11:05:09.0829 2488 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:05:09.0860 2488 iteraid - ok
11:05:10.0000 2488 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:05:10.0016 2488 kbdclass - ok
11:05:10.0094 2488 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:05:10.0640 2488 kbdhid - ok
11:05:10.0858 2488 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
11:05:10.0905 2488 KSecDD - ok
11:05:11.0124 2488 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:05:11.0186 2488 lltdio - ok
11:05:11.0436 2488 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:05:11.0451 2488 LSI_FC - ok
11:05:11.0607 2488 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:05:11.0623 2488 LSI_SAS - ok
11:05:11.0701 2488 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:05:11.0716 2488 LSI_SCSI - ok
11:05:11.0763 2488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:05:11.0841 2488 luafv - ok
11:05:12.0028 2488 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:05:12.0060 2488 mdmxsdk - ok
11:05:12.0153 2488 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:05:12.0169 2488 megasas - ok
11:05:12.0294 2488 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:05:12.0356 2488 MegaSR - ok
11:05:12.0574 2488 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:05:12.0652 2488 Modem - ok
11:05:12.0746 2488 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:05:12.0840 2488 monitor - ok
11:05:13.0011 2488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:05:13.0027 2488 mouclass - ok
11:05:13.0198 2488 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:05:13.0261 2488 mouhid - ok
11:05:13.0386 2488 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:05:13.0417 2488 MountMgr - ok
11:05:13.0510 2488 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:05:13.0526 2488 mpio - ok
11:05:13.0620 2488 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:05:13.0666 2488 mpsdrv - ok
11:05:13.0822 2488 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:05:13.0838 2488 Mraid35x - ok
11:05:13.0932 2488 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:05:13.0994 2488 MRxDAV - ok
11:05:14.0134 2488 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:14.0212 2488 mrxsmb - ok
11:05:14.0353 2488 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:14.0431 2488 mrxsmb10 - ok
11:05:14.0571 2488 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:14.0618 2488 mrxsmb20 - ok
11:05:14.0790 2488 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:05:14.0805 2488 msahci - ok
11:05:14.0883 2488 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:05:14.0899 2488 msdsm - ok
11:05:15.0008 2488 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:05:15.0086 2488 Msfs - ok
11:05:15.0211 2488 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:05:15.0226 2488 msisadrv - ok
11:05:15.0367 2488 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:05:15.0429 2488 MSKSSRV - ok
11:05:15.0601 2488 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:15.0648 2488 MSPCLOCK - ok
11:05:15.0741 2488 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:05:15.0804 2488 MSPQM - ok
11:05:16.0006 2488 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:05:16.0022 2488 MsRPC - ok
11:05:16.0131 2488 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:05:16.0131 2488 mssmbios - ok
11:05:16.0350 2488 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:05:16.0412 2488 MSTEE - ok
11:05:16.0662 2488 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:05:16.0693 2488 Mup - ok
11:05:16.0849 2488 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:05:16.0911 2488 NativeWifiP - ok
11:05:17.0098 2488 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:05:17.0130 2488 NDIS - ok
11:05:17.0239 2488 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:17.0301 2488 NdisTapi - ok
11:05:17.0395 2488 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:17.0457 2488 Ndisuio - ok
11:05:17.0535 2488 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:17.0582 2488 NdisWan - ok
11:05:17.0738 2488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:05:17.0800 2488 NDProxy - ok
11:05:17.0910 2488 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:05:17.0988 2488 NetBIOS - ok
11:05:18.0175 2488 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:05:18.0237 2488 netbt - ok
11:05:18.0424 2488 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:05:18.0440 2488 nfrd960 - ok
11:05:18.0596 2488 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:05:18.0658 2488 Npfs - ok
11:05:18.0736 2488 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:05:18.0799 2488 nsiproxy - ok
11:05:18.0955 2488 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:05:19.0095 2488 Ntfs - ok
11:05:19.0236 2488 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
11:05:19.0251 2488 NTIDrvr - ok
11:05:19.0298 2488 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:05:19.0407 2488 ntrigdigi - ok
11:05:19.0579 2488 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:05:19.0641 2488 Null - ok
11:05:19.0875 2488 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
11:05:19.0891 2488 NVHDA - ok
11:05:20.0655 2488 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:05:21.0342 2488 nvlddmkm - ok
11:05:21.0529 2488 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:05:21.0560 2488 nvraid - ok
11:05:21.0700 2488 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
11:05:21.0732 2488 nvsmu - ok
11:05:21.0997 2488 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:05:22.0012 2488 nvstor - ok
11:05:22.0122 2488 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
11:05:22.0137 2488 nvstor32 - ok
11:05:22.0231 2488 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:05:22.0246 2488 nv_agp - ok
11:05:22.0262 2488 NwlnkFlt - ok
11:05:22.0278 2488 NwlnkFwd - ok
11:05:22.0324 2488 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:05:22.0434 2488 ohci1394 - ok
11:05:22.0668 2488 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:05:22.0792 2488 Parport - ok
11:05:22.0980 2488 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:05:22.0995 2488 partmgr - ok
11:05:23.0167 2488 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:05:23.0292 2488 Parvdm - ok
11:05:23.0448 2488 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
11:05:23.0463 2488 pci - ok
11:05:23.0588 2488 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:05:23.0604 2488 pciide - ok
11:05:23.0697 2488 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:05:23.0713 2488 pcmcia - ok
11:05:23.0931 2488 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:05:23.0994 2488 pcouffin - ok
11:05:24.0274 2488 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:05:24.0399 2488 PEAUTH - ok
11:05:24.0664 2488 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:05:24.0727 2488 PptpMiniport - ok
11:05:24.0914 2488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
11:05:24.0976 2488 Processor - ok
11:05:25.0195 2488 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:05:25.0242 2488 PSched - ok
11:05:25.0444 2488 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:05:25.0522 2488 ql2300 - ok
11:05:25.0741 2488 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:05:25.0772 2488 ql40xx - ok
11:05:25.0912 2488 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:05:25.0975 2488 QWAVEdrv - ok
11:05:26.0162 2488 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:05:26.0209 2488 RasAcd - ok
11:05:26.0349 2488 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:05:26.0396 2488 Rasl2tp - ok
11:05:26.0552 2488 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:05:26.0646 2488 RasPppoe - ok
11:05:26.0833 2488 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:05:26.0880 2488 RasSstp - ok
11:05:27.0098 2488 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:05:27.0192 2488 rdbss - ok
11:05:27.0285 2488 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:05:27.0363 2488 RDPCDD - ok
11:05:27.0550 2488 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:05:27.0613 2488 rdpdr - ok
11:05:27.0831 2488 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:05:27.0894 2488 RDPENCDD - ok
11:05:28.0096 2488 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:05:28.0159 2488 RDPWD - ok
11:05:28.0393 2488 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:05:28.0455 2488 rspndr - ok
11:05:28.0518 2488 RTSTOR (830b682cb24206f457ea8a617605209f) C:\Windows\system32\drivers\RTSTOR.SYS
11:05:28.0564 2488 RTSTOR - ok
11:05:28.0783 2488 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:05:28.0814 2488 sbp2port - ok
11:05:28.0970 2488 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
11:05:29.0017 2488 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0017 2488 SCDEmu - detected UnsignedFile.Multi.Generic (1)
11:05:29.0188 2488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:05:29.0298 2488 secdrv - ok
11:05:29.0438 2488 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:05:29.0532 2488 Serenum - ok
11:05:29.0578 2488 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:05:29.0703 2488 Serial - ok
11:05:29.0828 2488 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:05:29.0890 2488 sermouse - ok
11:05:30.0031 2488 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:05:30.0062 2488 sffdisk - ok
11:05:30.0124 2488 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:05:30.0202 2488 sffp_mmc - ok
11:05:30.0296 2488 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:05:30.0374 2488 sffp_sd - ok
11:05:30.0468 2488 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:05:30.0577 2488 sfloppy - ok
11:05:30.0702 2488 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:05:30.0717 2488 sisagp - ok
11:05:30.0795 2488 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:05:30.0811 2488 SiSRaid2 - ok
11:05:30.0858 2488 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:05:30.0873 2488 SiSRaid4 - ok
11:05:30.0967 2488 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:05:31.0045 2488 Smb - ok
11:05:31.0201 2488 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:05:31.0216 2488 spldr - ok
11:05:31.0279 2488 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
11:05:31.0326 2488 srv - ok
11:05:31.0466 2488 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
11:05:31.0528 2488 srv2 - ok
11:05:31.0653 2488 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
11:05:31.0684 2488 srvnet - ok
11:05:31.0872 2488 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:05:31.0887 2488 swenum - ok
11:05:31.0965 2488 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:05:31.0965 2488 Symc8xx - ok
11:05:32.0028 2488 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:05:32.0043 2488 Sym_hi - ok
11:05:32.0121 2488 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:05:32.0137 2488 Sym_u3 - ok
11:05:32.0199 2488 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
11:05:32.0230 2488 SynTP - ok
11:05:32.0371 2488 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:05:32.0449 2488 Tcpip - ok
11:05:32.0636 2488 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:05:32.0683 2488 Tcpip6 - ok
11:05:32.0730 2488 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:05:32.0808 2488 tcpipreg - ok
11:05:32.0886 2488 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:05:32.0948 2488 TDPIPE - ok
11:05:33.0010 2488 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:05:33.0057 2488 TDTCP - ok
11:05:33.0120 2488 tdx (aef3ef63a6914ae4faf4c5bebd23b5e6) C:\Windows\system32\DRIVERS\tdx.sys
11:05:33.0151 2488 tdx ( UnsignedFile.Multi.Generic ) - warning
11:05:33.0151 2488 tdx - detected UnsignedFile.Multi.Generic (1)
11:05:33.0198 2488 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
11:05:33.0229 2488 TermDD - ok
11:05:33.0369 2488 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:05:33.0432 2488 tssecsrv - ok
11:05:33.0541 2488 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:05:33.0588 2488 tunmp - ok
11:05:33.0666 2488 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
11:05:33.0697 2488 tunnel - ok
11:05:33.0806 2488 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:05:33.0822 2488 uagp35 - ok
11:05:33.0915 2488 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
11:05:33.0931 2488 UBHelper - ok
11:05:34.0024 2488 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
11:05:34.0071 2488 udfs - ok
11:05:34.0212 2488 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:05:34.0227 2488 uliagpkx - ok
11:05:34.0274 2488 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:05:34.0290 2488 uliahci - ok
11:05:34.0399 2488 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:05:34.0414 2488 UlSata - ok
11:05:34.0461 2488 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:05:34.0477 2488 ulsata2 - ok
11:05:34.0539 2488 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:05:34.0586 2488 umbus - ok
11:05:34.0726 2488 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:05:34.0773 2488 USBAAPL - ok
11:05:34.0867 2488 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:34.0929 2488 usbccgp - ok
11:05:35.0038 2488 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:05:35.0132 2488 usbcir - ok
11:05:35.0179 2488 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
11:05:35.0210 2488 usbehci - ok
11:05:35.0241 2488 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
11:05:35.0304 2488 usbhub - ok
11:05:35.0335 2488 usbohci (5fee2a4aaaebcd2e6576e7c90959b3fd) C:\Windows\system32\DRIVERS\usbohci.sys
11:05:35.0382 2488 usbohci - ok
11:05:35.0428 2488 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:05:35.0491 2488 usbprint - ok
11:05:35.0600 2488 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:35.0662 2488 USBSTOR - ok
11:05:35.0803 2488 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:05:35.0850 2488 usbuhci - ok
11:05:36.0006 2488 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:05:36.0068 2488 usbvideo - ok
11:05:36.0177 2488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:36.0271 2488 vga - ok
11:05:36.0380 2488 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:05:36.0474 2488 VgaSave - ok
11:05:36.0536 2488 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:05:36.0552 2488 viaagp - ok
11:05:36.0630 2488 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:05:36.0708 2488 ViaC7 - ok
11:05:36.0770 2488 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:05:36.0786 2488 viaide - ok
11:05:36.0864 2488 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:05:36.0879 2488 volmgr - ok
11:05:36.0942 2488 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:05:36.0973 2488 volmgrx - ok
11:05:37.0035 2488 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:05:37.0051 2488 volsnap - ok
11:05:37.0207 2488 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:05:37.0222 2488 vsmraid - ok
11:05:37.0363 2488 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:05:37.0472 2488 WacomPen - ok
11:05:37.0597 2488 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:37.0628 2488 Wanarp - ok
11:05:37.0675 2488 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:37.0706 2488 Wanarpv6 - ok
11:05:37.0878 2488 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:05:37.0893 2488 Wd - ok
11:05:38.0065 2488 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:05:38.0096 2488 Wdf01000 - ok
11:05:38.0252 2488 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:05:38.0346 2488 winachsf - ok
11:05:38.0502 2488 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
11:05:38.0548 2488 winbondcir - ok
11:05:38.0751 2488 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:05:38.0767 2488 WmiAcpi - ok
11:05:38.0923 2488 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:05:38.0970 2488 WpdUsb - ok
11:05:39.0126 2488 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:05:39.0204 2488 ws2ifsl - ok
11:05:39.0297 2488 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:39.0375 2488 WUDFRd - ok
11:05:39.0484 2488 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
11:05:39.0516 2488 XAudio - ok
11:05:39.0594 2488 MBR (0x1B8) (7ba4c7ea1ef33a92f5f01be63edacb6a) \Device\Harddisk0\DR0
11:05:46.0723 2488 \Device\Harddisk0\DR0 - ok
11:05:46.0754 2488 Boot (0x1200) (7745a878842078d013220814bfd3afc1) \Device\Harddisk0\DR0\Partition0
11:05:46.0754 2488 \Device\Harddisk0\DR0\Partition0 - ok
11:05:46.0770 2488 Boot (0x1200) (a879ce1db9e062cc6c1dab91db0a6dfb) \Device\Harddisk0\DR0\Partition1
11:05:46.0785 2488 \Device\Harddisk0\DR0\Partition1 - ok
11:05:46.0785 2488 ============================================================
11:05:46.0785 2488 Scan finished
11:05:46.0785 2488 ============================================================
11:05:47.0347 2844 Deinitialize success

==============================================
System Restore Point Check:

TDSSKiller Starter Restore Point Created Succesfully
==============================================
EOF


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 69 berichten ]  Ga naar pagina 1, 2, 3, 4, 5  Volgende

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot], Google [Bot] en 2 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling