Trojan PC: Just-In-Time Debugging

**kurt002** · 26 September 2011, 20:16

Beste,

een PC van een tante heeft volgend probleem:
iedere dag na opstart van de PC krijgt zij de melding van Just-In-Time Debugging met de possible debuggers: New instance of Microsoft Script Editor, maar wat ik ook probeer, ik krijg het niet voor elkaar om deze melding weg te krijgen.

Vandaar eens enkele logjes van dit systeem:

Virusscanner AVG 2011 Free edition:

"";"C:\WINDOWS\system32\svchost.exe (1224):\memory_001a0000";"Trojaans paard Downloader.Zlob.AZVF";"Geïnfecteerd"
"";"C:\WINDOWS\explorer.exe (1996):\memory_001a0000";"Trojaans paard Downloader.Zlob.AZVF";"Geïnfecteerd"
"";"C:\WINDOWS\explorer.exe (1996)";"Trojaans paard Downloader.Zlob.AZVF";"Verwijderd"
"";"C:\WINDOWS\system32\svchost.exe (1224)";"Trojaans paard Downloader.Zlob.AZVF";"Verwijderd"

Er zijn er dus nog 2 aanwezig dewelke ik niet weg krijg.

MBAM heeft volgende als resultaat ('Bekijk resultaten' kreeg ik niet te zien aangezien er niets kwaadaardigs gevonden was):

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7801

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

26/09/2011 18:38:38
mbam-log-2011-09-26 (18-38-38).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 260929
Verstreken tijd: 46 minuut/minuten, 49 seconde

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:13:03, on 26/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kurt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Taskhelp] %Temp%\start.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Taskhelp] %Temp%\start.exe (User 'Default user')
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: permham - C:\Documents and Settings\NetworkService\Local Settings\Application Data\permham.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8839 bytes

TFC uitvoering: Na 1u heb ik het opgegeven en de PC herstart.
Ik probeer dit nogmaals, en indien positief nieuws post ik het hier.

**Rosty** · 26 September 2011, 20:47

Hoi,

je zegt AVG 2011 terwijl ik in het logj enkel regels zie van AVG 2011!!

Doe eerst eens volgende: ledig de quarantiane map van AVG. Doe dan eerst een nieuwe scan met AVG gevolgd door volgende:

Download ComboFix van één van deze locaties:
Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**kurt002** · 26 September 2011, 22:52

Beste,

de eerste regels was een copy/paste van de scan van AVG 2011 (wat normaal niet gepost wordt).
Dit zijn de resultaten van een nieuwe scan van AVG 2011 na verwijderen van quarantaine:

"";"C:\WINDOWS\system32\svchost.exe (1216):\memory_001a0000";"Trojaans paard Downloader.Zlob.AZVF";"Geïnfecteerd"
"";"C:\WINDOWS\explorer.exe (1944):\memory_001a0000";"Trojaans paard Downloader.Zlob.AZVF";"Geïnfecteerd"
"";"C:\Program Files\Mozilla Firefox\firefox.exe (3936):\memory_001a0000";"Trojaans paard Downloader.Zlob.AZVF";"Geïnfecteerd"
"";"C:\WINDOWS\explorer.exe (1944)";"Trojaans paard Downloader.Zlob.AZVF";"Verwijderd"
"";"C:\WINDOWS\system32\svchost.exe (1216)";"Trojaans paard Downloader.Zlob.AZVF";"Verwijderd"
"";"C:\Program Files\Mozilla Firefox\firefox.exe (3936)";"Trojaans paard Downloader.Zlob.AZVF";"Verwijderd"

Hierna de combo uitgevoerd en hieronder de log file:

ComboFix 11-09-26.02 - Kurt 26/09/2011 22:12:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2047.1036 [GMT 2:00]
Gestart vanuit: d:\mijn documenten\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Kurt\Local Settings\Application Data\ApplicationHistory\UIMain.exe.f56a6b1b.ini
c:\windows\IsUn0413.exe
c:\windows\iun6002.exe
c:\windows\mdlu.dl
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-26 to 2011-09-26 ))))))))))))))))))))))))))))))
.
.
2011-09-26 18:12 . 2011-09-26 18:12 388096 ----a-r- c:\documents and settings\Kurt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-26 18:12 . 2011-09-26 18:12 -------- d-----w- c:\program files\Trend Micro
2011-09-26 15:50 . 2011-09-26 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-05 12:52 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-09-05 12:51 . 2011-09-05 12:51 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-05 12:50 . 2011-09-05 12:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-05 12:49 . 2011-09-05 12:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-08-30 21:37 . 2011-08-30 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-30 20:58 . 2011-09-26 20:07 -------- d--h--r- c:\documents and settings\Kurt\Onlangs geopend
2011-08-30 20:11 . 2011-08-30 20:11 414 ----a-w- C:\just-in-time enable.reg
2011-08-30 20:06 . 2011-08-30 20:06 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-30 19:59 . 2011-08-18 13:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-30 17:50 . 2011-08-30 17:50 -------- d-----w- C:\$AVG
2011-08-30 17:47 . 2011-08-30 17:47 -------- d-----w- c:\documents and settings\Kurt\Application Data\AVG10
2011-08-30 17:46 . 2011-08-30 17:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-30 17:45 . 2011-09-26 15:27 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-30 17:45 . 2011-08-30 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-30 17:44 . 2011-08-30 17:44 -------- d-----w- c:\program files\AVG
2011-08-30 17:43 . 2011-08-30 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-30 17:43 . 2011-08-30 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-28 13:34 . 2011-08-28 13:34 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-31 15:00 . 2010-10-17 14:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 16:57 . 2011-05-27 22:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.

Code:

<pre>
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\Analog Devices\SoundMAX\Smax4  .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\ESET\nod32kui .exe
c:\program files\QuickTime\qttask  .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Taskhelp"="c:\docume~1\Kurt\LOCALS~1\Temp\start.e xe" [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 12:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask .exe -atboottime [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-12-18 22:42 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-03-22 02:50 8425472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-03-22 02:50 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
c:\program files\Uniblue\RegistryBooster\launcher.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
c:\program files\The Cleaner\tcap.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"LVPrcSrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.ex e"=
"c:\\Documents and Settings\\Kurt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [22/02/2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16:03 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/08/2011 21:59 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 0:59 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8/02/2011 5:33 269520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 15:25 2151640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2010 16:34 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [14/04/2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [10/02/2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [10/02/2011 7:53 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [17/10/2010 16:34 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 1:33 7390560]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2010 11:25 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2010 11:25 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 15:25 15232]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 20:06]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:25]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:25]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-1801674531-1004Core.job
- c:\documents and settings\Kurt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 06:50]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-1801674531-1004UA.job
- c:\documents and settings\Kurt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 06:50]
.
2011-09-26 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
2011-09-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\o686nqfy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-permham - c:\documents and settings\NetworkService\Local Settings\Application Data\permham.dll
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A558EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x872d9872; SUB DWORD [EBP-0x4], 0x872d912e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A63D7B0]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000070[0x8A6A9220]
5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A638940]
[0x8A527C90] -> IRP_MJ_CREATE -> 0x8A558EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3320620AS___________________________ __3.AAK___#5&6e023af&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A558AEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-09-26 22:27:53 - machine werd herstart
ComboFix-quarantined-files.txt 2011-09-26 20:27
.
Pre-Run: 84.880.375.808 bytes beschikbaar
Post-Run: 84.937.232.384 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8CA68471526DE302E0AB822F766C3E2B

Voorlopig heb ik nog steeds de melding van die Just-In-Time Debugging.

Alvast bedankt.

**Rosty** · 27 September 2011, 19:11

Je bent ook besmet met een TDL3!! Ik ga nu eerst nog eens alles grondig nakijken en post ASAP een fix voor je.

Downloadt TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand.

Post de inhoud van dit bestand.

**kurt002** · 27 September 2011, 23:35

Log van TDSS:

23:32:25.0765 0400 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
23:32:25.0828 0400 ================================================== ==========
23:32:25.0828 0400 Current date / time: 2011/09/27 23:32:25.0828
23:32:25.0828 0400 SystemInfo:
23:32:25.0828 0400
23:32:25.0828 0400 OS Version: 5.1.2600 ServicePack: 3.0
23:32:25.0828 0400 Product type: Workstation
23:32:25.0828 0400 ComputerName: CARINE
23:32:25.0828 0400 UserName: Kurt
23:32:25.0828 0400 Windows directory: C:\WINDOWS
23:32:25.0828 0400 System windows directory: C:\WINDOWS
23:32:25.0828 0400 Processor architecture: Intel x86
23:32:25.0828 0400 Number of processors: 2
23:32:25.0828 0400 Page size: 0x1000
23:32:25.0828 0400 Boot type: Normal boot
23:32:25.0828 0400 ================================================== ==========
23:32:26.0375 0400 Initialize success
23:32:31.0531 3920 ================================================== ==========
23:32:31.0531 3920 Scan started
23:32:31.0531 3920 Mode: Manual;
23:32:31.0531 3920 ================================================== ==========
23:32:32.0765 3920 Abiosdsk - ok
23:32:32.0859 3920 abp480n5 - ok
23:32:32.0921 3920 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:32.0921 3920 ACPI - ok
23:32:32.0968 3920 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:32:32.0968 3920 ACPIEC - ok
23:32:33.0000 3920 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:32:33.0000 3920 ADIHdAudAddService - ok
23:32:33.0015 3920 adpu160m - ok
23:32:33.0015 3920 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
23:32:33.0031 3920 AEAudio - ok
23:32:33.0046 3920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:32:33.0046 3920 aec - ok
23:32:33.0078 3920 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:32:33.0078 3920 AFD - ok
23:32:33.0093 3920 Aha154x - ok
23:32:33.0109 3920 aic78u2 - ok
23:32:33.0109 3920 aic78xx - ok
23:32:33.0125 3920 AliIde - ok
23:32:33.0125 3920 amsint - ok
23:32:33.0140 3920 asc - ok
23:32:33.0140 3920 asc3350p - ok
23:32:33.0156 3920 asc3550 - ok
23:32:33.0187 3920 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
23:32:33.0187 3920 Aspi32 - ok
23:32:33.0203 3920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:33.0203 3920 AsyncMac - ok
23:32:33.0234 3920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:33.0234 3920 atapi - ok
23:32:33.0250 3920 Atdisk - ok
23:32:33.0281 3920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:33.0281 3920 Atmarpc - ok
23:32:33.0312 3920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:33.0312 3920 audstub - ok
23:32:33.0343 3920 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:32:33.0343 3920 AVGIDSDriver - ok
23:32:33.0390 3920 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:32:33.0390 3920 AVGIDSEH - ok
23:32:33.0406 3920 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:32:33.0406 3920 AVGIDSFilter - ok
23:32:33.0421 3920 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:32:33.0421 3920 AVGIDSShim - ok
23:32:33.0437 3920 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:32:33.0453 3920 Avgldx86 - ok
23:32:33.0453 3920 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:32:33.0453 3920 Avgmfx86 - ok
23:32:33.0468 3920 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:32:33.0468 3920 Avgrkx86 - ok
23:32:33.0484 3920 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:32:33.0484 3920 Avgtdix - ok
23:32:33.0531 3920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:32:33.0531 3920 Beep - ok
23:32:33.0593 3920 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
23:32:33.0593 3920 btaudio - ok
23:32:33.0640 3920 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
23:32:33.0640 3920 BTDriver - ok
23:32:33.0687 3920 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:32:33.0703 3920 BTKRNL - ok
23:32:33.0734 3920 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:32:33.0734 3920 BTWDNDIS - ok
23:32:33.0765 3920 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:32:33.0765 3920 btwhid - ok
23:32:33.0781 3920 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
23:32:33.0781 3920 BTWUSB - ok
23:32:33.0781 3920 catchme - ok
23:32:33.0812 3920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:33.0812 3920 cbidf2k - ok
23:32:33.0828 3920 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:32:33.0843 3920 CCDECODE - ok
23:32:33.0843 3920 cd20xrnt - ok
23:32:33.0875 3920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:33.0875 3920 Cdaudio - ok
23:32:33.0921 3920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:33.0921 3920 Cdfs - ok
23:32:33.0953 3920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:33.0953 3920 Cdrom - ok
23:32:33.0953 3920 Changer - ok
23:32:33.0968 3920 CmdIde - ok
23:32:33.0984 3920 Cpqarray - ok
23:32:34.0000 3920 dac2w2k - ok
23:32:34.0000 3920 dac960nt - ok
23:32:34.0031 3920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:34.0046 3920 Disk - ok
23:32:34.0078 3920 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:34.0109 3920 dmboot - ok
23:32:34.0125 3920 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
23:32:34.0125 3920 dmio - ok
23:32:34.0171 3920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:34.0171 3920 dmload - ok
23:32:34.0203 3920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:34.0203 3920 DMusic - ok
23:32:34.0203 3920 dpti2o - ok
23:32:34.0234 3920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:34.0234 3920 drmkaud - ok
23:32:34.0265 3920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:34.0265 3920 Fastfat - ok
23:32:34.0281 3920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:32:34.0281 3920 Fdc - ok
23:32:34.0312 3920 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
23:32:34.0312 3920 FilterService - ok
23:32:34.0343 3920 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
23:32:34.0343 3920 Fips - ok
23:32:34.0359 3920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:32:34.0359 3920 Flpydisk - ok
23:32:34.0406 3920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:34.0406 3920 FltMgr - ok
23:32:34.0453 3920 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:32:34.0453 3920 fssfltr - ok
23:32:34.0468 3920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:34.0468 3920 Fs_Rec - ok
23:32:34.0500 3920 Ftdisk (8c4181f883da4d9a955ebe58c9ac0be0) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:34.0500 3920 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 8c4181f883da4d9a955ebe58c9ac0be0, Fake md5: fa8ca22e70245c81ff29c36af56292fc
23:32:34.0500 3920 Ftdisk ( Rootkit.Win32.TDSS.tdl3 ) - infected
23:32:34.0500 3920 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
23:32:34.0515 3920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:34.0515 3920 Gpc - ok
23:32:34.0531 3920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:32:34.0546 3920 HDAudBus - ok
23:32:34.0593 3920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:34.0593 3920 HidUsb - ok
23:32:34.0609 3920 hpn - ok
23:32:34.0625 3920 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:32:34.0625 3920 HPZid412 - ok
23:32:34.0640 3920 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:32:34.0640 3920 HPZipr12 - ok
23:32:34.0671 3920 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:32:34.0687 3920 HPZius12 - ok
23:32:34.0718 3920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:34.0734 3920 HTTP - ok
23:32:34.0750 3920 i2omgmt - ok
23:32:34.0765 3920 i2omp - ok
23:32:34.0796 3920 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:34.0796 3920 i8042prt - ok
23:32:34.0843 3920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:32:34.0843 3920 Imapi - ok
23:32:34.0859 3920 ini910u - ok
23:32:34.0875 3920 IntelIde - ok
23:32:34.0921 3920 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:34.0937 3920 intelppm - ok
23:32:34.0953 3920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:34.0953 3920 Ip6Fw - ok
23:32:35.0000 3920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:35.0000 3920 IpFilterDriver - ok
23:32:35.0046 3920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:35.0046 3920 IpInIp - ok
23:32:35.0078 3920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:35.0078 3920 IpNat - ok
23:32:35.0093 3920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:35.0093 3920 IPSec - ok
23:32:35.0125 3920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:35.0125 3920 IRENUM - ok
23:32:35.0140 3920 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:35.0140 3920 isapnp - ok
23:32:35.0171 3920 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23:32:35.0187 3920 JGOGO - ok
23:32:35.0203 3920 JRAID (dafcafacde7de95e136ff5109422531d) C:\WINDOWS\system32\DRIVERS\jraid.sys
23:32:35.0203 3920 JRAID - ok
23:32:35.0265 3920 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:35.0265 3920 Kbdclass - ok
23:32:35.0281 3920 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:35.0281 3920 kbdhid - ok
23:32:35.0312 3920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:35.0328 3920 kmixer - ok
23:32:35.0359 3920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:35.0375 3920 KSecDD - ok
23:32:35.0390 3920 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:32:35.0390 3920 L8042Kbd - ok
23:32:35.0562 3920 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:32:35.0578 3920 Lavasoft Kernexplorer - ok
23:32:35.0609 3920 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:32:35.0609 3920 Lbd - ok
23:32:35.0625 3920 lbrtfdc - ok
23:32:35.0656 3920 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:32:35.0656 3920 LHidFilt - ok
23:32:35.0671 3920 LMIInfo - ok
23:32:35.0703 3920 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:32:35.0703 3920 lmimirr - ok
23:32:35.0734 3920 LMIRfsClientNP - ok
23:32:35.0750 3920 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:32:35.0750 3920 LMIRfsDriver - ok
23:32:35.0796 3920 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:32:35.0796 3920 LMouFilt - ok
23:32:35.0812 3920 LMouKE - ok
23:32:35.0843 3920 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
23:32:35.0859 3920 lvpopflt - ok
23:32:35.0890 3920 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:32:35.0906 3920 LVPr2Mon - ok
23:32:35.0953 3920 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:32:35.0968 3920 LVRS - ok
23:32:36.0515 3920 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:32:36.0921 3920 LVUVC - ok
23:32:37.0015 3920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:37.0031 3920 mnmdd - ok
23:32:37.0203 3920 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
23:32:37.0203 3920 Modem - ok
23:32:37.0375 3920 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:37.0375 3920 Mouclass - ok
23:32:37.0421 3920 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:37.0421 3920 mouhid - ok
23:32:37.0578 3920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:37.0593 3920 MountMgr - ok
23:32:37.0625 3920 mraid35x - ok
23:32:37.0640 3920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:37.0640 3920 MRxDAV - ok
23:32:37.0734 3920 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:37.0843 3920 MRxSmb - ok
23:32:37.0937 3920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:37.0937 3920 Msfs - ok
23:32:38.0046 3920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:38.0046 3920 MSKSSRV - ok
23:32:38.0093 3920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:38.0093 3920 MSPCLOCK - ok
23:32:38.0203 3920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:38.0203 3920 MSPQM - ok
23:32:38.0265 3920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:38.0281 3920 mssmbios - ok
23:32:38.0312 3920 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:32:38.0312 3920 MSTEE - ok
23:32:38.0343 3920 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:32:38.0359 3920 MTsensor - ok
23:32:38.0390 3920 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:32:38.0390 3920 Mup - ok
23:32:38.0421 3920 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:32:38.0421 3920 NABTSFEC - ok
23:32:38.0453 3920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:38.0453 3920 NDIS - ok
23:32:38.0484 3920 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:32:38.0500 3920 NdisIP - ok
23:32:38.0515 3920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:38.0515 3920 NdisTapi - ok
23:32:38.0531 3920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:38.0531 3920 Ndisuio - ok
23:32:38.0546 3920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:38.0546 3920 NdisWan - ok
23:32:38.0562 3920 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:38.0562 3920 NDProxy - ok
23:32:38.0578 3920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:38.0578 3920 NetBIOS - ok
23:32:38.0593 3920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:38.0593 3920 NetBT - ok
23:32:38.0609 3920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:38.0609 3920 Npfs - ok
23:32:38.0640 3920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:38.0656 3920 Ntfs - ok
23:32:38.0671 3920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:38.0671 3920 Null - ok
23:32:38.0859 3920 nv (a42c6ba17a5776aace3bae0ffa2fa8d1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:32:39.0062 3920 nv - ok
23:32:39.0093 3920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:39.0093 3920 NwlnkFlt - ok
23:32:39.0109 3920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:39.0109 3920 NwlnkFwd - ok
23:32:39.0140 3920 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
23:32:39.0140 3920 Parport - ok
23:32:39.0156 3920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:39.0156 3920 PartMgr - ok
23:32:39.0171 3920 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:39.0171 3920 ParVdm - ok
23:32:39.0187 3920 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:39.0187 3920 PCI - ok
23:32:39.0203 3920 PCIDump - ok
23:32:39.0218 3920 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:39.0218 3920 PCIIde - ok
23:32:39.0250 3920 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:32:39.0250 3920 Pcmcia - ok
23:32:39.0250 3920 PDCOMP - ok
23:32:39.0265 3920 PDFRAME - ok
23:32:39.0265 3920 PDRELI - ok
23:32:39.0281 3920 PDRFRAME - ok
23:32:39.0281 3920 perc2 - ok
23:32:39.0312 3920 perc2hib - ok
23:32:39.0343 3920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:39.0359 3920 PptpMiniport - ok
23:32:39.0406 3920 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
23:32:39.0406 3920 PQNTDrv - ok
23:32:39.0437 3920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:32:39.0437 3920 PSched - ok
23:32:39.0453 3920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:39.0453 3920 Ptilink - ok
23:32:39.0484 3920 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:32:39.0484 3920 PxHelp20 - ok
23:32:39.0500 3920 ql1080 - ok
23:32:39.0500 3920 Ql10wnt - ok
23:32:39.0515 3920 ql12160 - ok
23:32:39.0531 3920 ql1240 - ok
23:32:39.0546 3920 ql1280 - ok
23:32:39.0562 3920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:39.0562 3920 RasAcd - ok
23:32:39.0593 3920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:39.0593 3920 Rasl2tp - ok
23:32:39.0609 3920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:39.0609 3920 RasPppoe - ok
23:32:39.0625 3920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:39.0625 3920 Raspti - ok
23:32:39.0640 3920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:39.0640 3920 Rdbss - ok
23:32:39.0656 3920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:39.0656 3920 RDPCDD - ok
23:32:39.0671 3920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:39.0687 3920 RDPWD - ok
23:32:39.0703 3920 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:39.0718 3920 redbook - ok
23:32:39.0750 3920 RTLE8023xp (f58a92e8b9caebe2fa8e73ada7d9bd4c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:32:39.0750 3920 RTLE8023xp - ok
23:32:39.0796 3920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:39.0812 3920 Secdrv - ok
23:32:39.0843 3920 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
23:32:39.0843 3920 SenFiltService - ok
23:32:39.0875 3920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:32:39.0875 3920 serenum - ok
23:32:39.0875 3920 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
23:32:39.0875 3920 Serial - ok
23:32:39.0890 3920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:32:39.0890 3920 Sfloppy - ok
23:32:39.0906 3920 Simbad - ok
23:32:39.0937 3920 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:32:39.0937 3920 SLIP - ok
23:32:39.0953 3920 Sparrow - ok
23:32:39.0984 3920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:32:39.0984 3920 splitter - ok
23:32:40.0015 3920 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:40.0015 3920 sr - ok
23:32:40.0046 3920 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:40.0046 3920 Srv - ok
23:32:40.0109 3920 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:32:40.0109 3920 streamip - ok
23:32:40.0109 3920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:40.0109 3920 swenum - ok
23:32:40.0125 3920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:32:40.0125 3920 swmidi - ok
23:32:40.0171 3920 symc810 - ok
23:32:40.0171 3920 symc8xx - ok
23:32:40.0203 3920 sym_hi - ok
23:32:40.0203 3920 sym_u3 - ok
23:32:40.0234 3920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:40.0250 3920 sysaudio - ok
23:32:40.0312 3920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:40.0328 3920 Tcpip - ok
23:32:40.0343 3920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:40.0359 3920 TDPIPE - ok
23:32:40.0375 3920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:40.0375 3920 TDTCP - ok
23:32:40.0390 3920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:40.0390 3920 TermDD - ok
23:32:40.0406 3920 TosIde - ok
23:32:40.0437 3920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:32:40.0437 3920 Udfs - ok
23:32:40.0468 3920 ultra - ok
23:32:40.0468 3920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:32:40.0484 3920 Update - ok
23:32:40.0531 3920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:32:40.0531 3920 usbaudio - ok
23:32:40.0562 3920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:40.0562 3920 usbccgp - ok
23:32:40.0593 3920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:40.0593 3920 usbehci - ok
23:32:40.0625 3920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:40.0625 3920 usbhub - ok
23:32:40.0640 3920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:40.0640 3920 usbprint - ok
23:32:40.0687 3920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:40.0687 3920 USBSTOR - ok
23:32:40.0765 3920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:32:40.0765 3920 usbuhci - ok
23:32:40.0812 3920 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:32:40.0812 3920 usbvideo - ok
23:32:40.0859 3920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:32:40.0875 3920 VgaSave - ok
23:32:40.0890 3920 ViaIde - ok
23:32:40.0921 3920 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:40.0921 3920 VolSnap - ok
23:32:40.0953 3920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:40.0953 3920 Wanarp - ok
23:32:41.0015 3920 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:32:41.0015 3920 Wdf01000 - ok
23:32:41.0031 3920 WDICA - ok
23:32:41.0078 3920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:41.0078 3920 wdmaud - ok
23:32:41.0140 3920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:32:41.0140 3920 WS2IFSL - ok
23:32:41.0187 3920 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:32:41.0187 3920 WSTCODEC - ok
23:32:41.0234 3920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:32:41.0250 3920 WudfPf - ok
23:32:41.0281 3920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:32:41.0281 3920 WudfRd - ok
23:32:41.0375 3920 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
23:32:41.0375 3920 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
23:32:41.0390 3920 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
23:32:41.0578 3920 \Device\Harddisk0\DR0 - ok
23:32:41.0593 3920 Boot (0x1200) (4e310682960c10c28dae2bc45fd665c5) \Device\Harddisk0\DR0\Partition0
23:32:41.0593 3920 \Device\Harddisk0\DR0\Partition0 - ok
23:32:41.0609 3920 Boot (0x1200) (20a3e468b86cd16d88b4eb0c671902cd) \Device\Harddisk0\DR0\Partition1
23:32:41.0609 3920 \Device\Harddisk0\DR0\Partition1 - ok
23:32:41.0609 3920 ================================================== ==========
23:32:41.0609 3920 Scan finished
23:32:41.0609 3920 ================================================== ==========
23:32:41.0609 3912 Detected object count: 1
23:32:41.0609 3912 Actual detected object count: 1
23:33:01.0703 3912 Backup copy found, using it..
23:33:01.0718 3912 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured on reboot
23:33:01.0718 3912 Ftdisk ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

Hierna start ik de PC opnieuw op.

Ik merk ondertussen wel dat iets de svhost beschadigd heeft..
Makkelijk te herstellen of echt nodig PC opnieuw te installeren?

Alvast bedankt.

**kurt002** · 27 September 2011, 23:42

Na herstart van de PC heb ik nog eens die TDSS laten lopen, zie hieronder het logje:

23:38:52.0203 2244 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
23:38:52.0281 2244 ================================================== ==========
23:38:52.0281 2244 Current date / time: 2011/09/27 23:38:52.0281
23:38:52.0281 2244 SystemInfo:
23:38:52.0281 2244
23:38:52.0281 2244 OS Version: 5.1.2600 ServicePack: 3.0
23:38:52.0281 2244 Product type: Workstation
23:38:52.0281 2244 ComputerName: CARINE
23:38:52.0281 2244 UserName: Kurt
23:38:52.0281 2244 Windows directory: C:\WINDOWS
23:38:52.0281 2244 System windows directory: C:\WINDOWS
23:38:52.0281 2244 Processor architecture: Intel x86
23:38:52.0281 2244 Number of processors: 2
23:38:52.0281 2244 Page size: 0x1000
23:38:52.0281 2244 Boot type: Normal boot
23:38:52.0281 2244 ================================================== ==========
23:38:52.0921 2244 Initialize success
23:39:01.0687 2688 ================================================== ==========
23:39:01.0687 2688 Scan started
23:39:01.0687 2688 Mode: Manual;
23:39:01.0687 2688 ================================================== ==========
23:39:01.0843 2688 Abiosdsk - ok
23:39:01.0859 2688 abp480n5 - ok
23:39:01.0890 2688 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:39:01.0906 2688 ACPI - ok
23:39:01.0937 2688 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:39:01.0953 2688 ACPIEC - ok
23:39:01.0984 2688 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:39:01.0984 2688 ADIHdAudAddService - ok
23:39:01.0984 2688 adpu160m - ok
23:39:02.0000 2688 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
23:39:02.0000 2688 AEAudio - ok
23:39:02.0015 2688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:39:02.0015 2688 aec - ok
23:39:02.0046 2688 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:39:02.0046 2688 AFD - ok
23:39:02.0062 2688 Aha154x - ok
23:39:02.0062 2688 aic78u2 - ok
23:39:02.0078 2688 aic78xx - ok
23:39:02.0078 2688 AliIde - ok
23:39:02.0093 2688 amsint - ok
23:39:02.0093 2688 asc - ok
23:39:02.0109 2688 asc3350p - ok
23:39:02.0109 2688 asc3550 - ok
23:39:02.0140 2688 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
23:39:02.0140 2688 Aspi32 - ok
23:39:02.0171 2688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:39:02.0171 2688 AsyncMac - ok
23:39:02.0171 2688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:39:02.0171 2688 atapi - ok
23:39:02.0187 2688 Atdisk - ok
23:39:02.0203 2688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:39:02.0203 2688 Atmarpc - ok
23:39:02.0234 2688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:39:02.0234 2688 audstub - ok
23:39:02.0265 2688 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:39:02.0265 2688 AVGIDSDriver - ok
23:39:02.0296 2688 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:39:02.0296 2688 AVGIDSEH - ok
23:39:02.0312 2688 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:39:02.0312 2688 AVGIDSFilter - ok
23:39:02.0328 2688 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:39:02.0328 2688 AVGIDSShim - ok
23:39:02.0359 2688 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:39:02.0359 2688 Avgldx86 - ok
23:39:02.0359 2688 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:39:02.0359 2688 Avgmfx86 - ok
23:39:02.0390 2688 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:39:02.0390 2688 Avgrkx86 - ok
23:39:02.0421 2688 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:39:02.0421 2688 Avgtdix - ok
23:39:02.0453 2688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:39:02.0453 2688 Beep - ok
23:39:02.0500 2688 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
23:39:02.0515 2688 btaudio - ok
23:39:02.0546 2688 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
23:39:02.0546 2688 BTDriver - ok
23:39:02.0593 2688 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:39:02.0593 2688 BTKRNL - ok
23:39:02.0625 2688 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:39:02.0625 2688 BTWDNDIS - ok
23:39:02.0656 2688 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:39:02.0656 2688 btwhid - ok
23:39:02.0671 2688 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
23:39:02.0671 2688 BTWUSB - ok
23:39:02.0671 2688 catchme - ok
23:39:02.0703 2688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:39:02.0703 2688 cbidf2k - ok
23:39:02.0734 2688 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:39:02.0734 2688 CCDECODE - ok
23:39:02.0734 2688 cd20xrnt - ok
23:39:02.0765 2688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:39:02.0765 2688 Cdaudio - ok
23:39:02.0796 2688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:39:02.0796 2688 Cdfs - ok
23:39:02.0812 2688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:39:02.0812 2688 Cdrom - ok
23:39:02.0828 2688 Changer - ok
23:39:02.0828 2688 CmdIde - ok
23:39:02.0843 2688 Cpqarray - ok
23:39:02.0859 2688 dac2w2k - ok
23:39:02.0859 2688 dac960nt - ok
23:39:02.0875 2688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:39:02.0875 2688 Disk - ok
23:39:02.0906 2688 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
23:39:02.0906 2688 dmboot - ok
23:39:02.0937 2688 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
23:39:02.0937 2688 dmio - ok
23:39:02.0968 2688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:39:02.0968 2688 dmload - ok
23:39:02.0984 2688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:39:02.0984 2688 DMusic - ok
23:39:03.0000 2688 dpti2o - ok
23:39:03.0000 2688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:39:03.0000 2688 drmkaud - ok
23:39:03.0015 2688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:39:03.0015 2688 Fastfat - ok
23:39:03.0015 2688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:39:03.0031 2688 Fdc - ok
23:39:03.0046 2688 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
23:39:03.0062 2688 FilterService - ok
23:39:03.0093 2688 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
23:39:03.0093 2688 Fips - ok
23:39:03.0109 2688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:39:03.0109 2688 Flpydisk - ok
23:39:03.0140 2688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:39:03.0140 2688 FltMgr - ok
23:39:03.0171 2688 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:39:03.0171 2688 fssfltr - ok
23:39:03.0203 2688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:39:03.0203 2688 Fs_Rec - ok
23:39:03.0203 2688 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:39:03.0218 2688 Ftdisk - ok
23:39:03.0234 2688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:39:03.0234 2688 Gpc - ok
23:39:03.0250 2688 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:39:03.0250 2688 HDAudBus - ok
23:39:03.0281 2688 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:39:03.0281 2688 HidUsb - ok
23:39:03.0296 2688 hpn - ok
23:39:03.0312 2688 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:39:03.0312 2688 HPZid412 - ok
23:39:03.0328 2688 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:39:03.0328 2688 HPZipr12 - ok
23:39:03.0343 2688 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:39:03.0343 2688 HPZius12 - ok
23:39:03.0375 2688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:39:03.0375 2688 HTTP - ok
23:39:03.0390 2688 i2omgmt - ok
23:39:03.0390 2688 i2omp - ok
23:39:03.0421 2688 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:39:03.0421 2688 i8042prt - ok
23:39:03.0437 2688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:39:03.0453 2688 Imapi - ok
23:39:03.0453 2688 ini910u - ok
23:39:03.0468 2688 IntelIde - ok
23:39:03.0484 2688 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:39:03.0484 2688 intelppm - ok
23:39:03.0500 2688 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:39:03.0515 2688 Ip6Fw - ok
23:39:03.0531 2688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:39:03.0531 2688 IpFilterDriver - ok
23:39:03.0562 2688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:39:03.0562 2688 IpInIp - ok
23:39:03.0578 2688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:39:03.0578 2688 IpNat - ok
23:39:03.0593 2688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:39:03.0593 2688 IPSec - ok
23:39:03.0609 2688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:39:03.0609 2688 IRENUM - ok
23:39:03.0625 2688 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:39:03.0625 2688 isapnp - ok
23:39:03.0656 2688 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23:39:03.0656 2688 JGOGO - ok
23:39:03.0671 2688 JRAID (dafcafacde7de95e136ff5109422531d) C:\WINDOWS\system32\DRIVERS\jraid.sys
23:39:03.0671 2688 JRAID - ok
23:39:03.0703 2688 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:39:03.0703 2688 Kbdclass - ok
23:39:03.0703 2688 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:39:03.0703 2688 kbdhid - ok
23:39:03.0718 2688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:39:03.0718 2688 kmixer - ok
23:39:03.0734 2688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:39:03.0750 2688 KSecDD - ok
23:39:03.0750 2688 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:39:03.0750 2688 L8042Kbd - ok
23:39:03.0843 2688 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:39:03.0843 2688 Lavasoft Kernexplorer - ok
23:39:03.0859 2688 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:39:03.0859 2688 Lbd - ok
23:39:03.0875 2688 lbrtfdc - ok
23:39:03.0890 2688 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:39:03.0890 2688 LHidFilt - ok
23:39:03.0906 2688 LMIInfo - ok
23:39:03.0937 2688 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:39:03.0937 2688 lmimirr - ok
23:39:03.0953 2688 LMIRfsClientNP - ok
23:39:03.0968 2688 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:39:03.0968 2688 LMIRfsDriver - ok
23:39:03.0984 2688 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:39:03.0984 2688 LMouFilt - ok
23:39:04.0000 2688 LMouKE - ok
23:39:04.0015 2688 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
23:39:04.0015 2688 lvpopflt - ok
23:39:04.0062 2688 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:39:04.0062 2688 LVPr2Mon - ok
23:39:04.0078 2688 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:39:04.0078 2688 LVRS - ok
23:39:04.0234 2688 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:39:04.0390 2688 LVUVC - ok
23:39:04.0421 2688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:39:04.0421 2688 mnmdd - ok
23:39:04.0453 2688 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
23:39:04.0453 2688 Modem - ok
23:39:04.0484 2688 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:39:04.0484 2688 Mouclass - ok
23:39:04.0500 2688 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:39:04.0500 2688 mouhid - ok
23:39:04.0531 2688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:39:04.0531 2688 MountMgr - ok
23:39:04.0546 2688 mraid35x - ok
23:39:04.0562 2688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:39:04.0562 2688 MRxDAV - ok
23:39:04.0593 2688 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:39:04.0625 2688 MRxSmb - ok
23:39:04.0625 2688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:39:04.0625 2688 Msfs - ok
23:39:04.0656 2688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:39:04.0656 2688 MSKSSRV - ok
23:39:04.0687 2688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:39:04.0687 2688 MSPCLOCK - ok
23:39:04.0703 2688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:39:04.0718 2688 MSPQM - ok
23:39:04.0734 2688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:39:04.0734 2688 mssmbios - ok
23:39:04.0750 2688 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:39:04.0750 2688 MSTEE - ok
23:39:04.0781 2688 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:39:04.0781 2688 MTsensor - ok
23:39:04.0796 2688 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:39:04.0796 2688 Mup - ok
23:39:04.0828 2688 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:39:04.0828 2688 NABTSFEC - ok
23:39:04.0859 2688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:39:04.0859 2688 NDIS - ok
23:39:04.0875 2688 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:39:04.0875 2688 NdisIP - ok
23:39:04.0890 2688 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:39:04.0890 2688 NdisTapi - ok
23:39:04.0906 2688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:39:04.0921 2688 Ndisuio - ok
23:39:04.0921 2688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:39:04.0921 2688 NdisWan - ok
23:39:04.0937 2688 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:39:04.0937 2688 NDProxy - ok
23:39:04.0953 2688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:39:04.0953 2688 NetBIOS - ok
23:39:04.0968 2688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:39:04.0968 2688 NetBT - ok
23:39:04.0984 2688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:39:04.0984 2688 Npfs - ok
23:39:04.0984 2688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:39:05.0000 2688 Ntfs - ok
23:39:05.0046 2688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:39:05.0046 2688 Null - ok
23:39:05.0218 2688 nv (a42c6ba17a5776aace3bae0ffa2fa8d1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:39:05.0390 2688 nv - ok
23:39:05.0406 2688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:39:05.0406 2688 NwlnkFlt - ok
23:39:05.0421 2688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:39:05.0421 2688 NwlnkFwd - ok
23:39:05.0437 2688 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
23:39:05.0437 2688 Parport - ok
23:39:05.0437 2688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:39:05.0437 2688 PartMgr - ok
23:39:05.0453 2688 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
23:39:05.0453 2688 ParVdm - ok
23:39:05.0468 2688 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
23:39:05.0468 2688 PCI - ok
23:39:05.0468 2688 PCIDump - ok
23:39:05.0500 2688 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:39:05.0500 2688 PCIIde - ok
23:39:05.0515 2688 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:39:05.0515 2688 Pcmcia - ok
23:39:05.0515 2688 PDCOMP - ok
23:39:05.0531 2688 PDFRAME - ok
23:39:05.0531 2688 PDRELI - ok
23:39:05.0546 2688 PDRFRAME - ok
23:39:05.0546 2688 perc2 - ok
23:39:05.0562 2688 perc2hib - ok
23:39:05.0578 2688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:39:05.0578 2688 PptpMiniport - ok
23:39:05.0593 2688 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
23:39:05.0593 2688 PQNTDrv - ok
23:39:05.0609 2688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:39:05.0609 2688 PSched - ok
23:39:05.0625 2688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:39:05.0625 2688 Ptilink - ok
23:39:05.0656 2688 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:39:05.0656 2688 PxHelp20 - ok
23:39:05.0656 2688 ql1080 - ok
23:39:05.0671 2688 Ql10wnt - ok
23:39:05.0671 2688 ql12160 - ok
23:39:05.0687 2688 ql1240 - ok
23:39:05.0687 2688 ql1280 - ok
23:39:05.0703 2688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:39:05.0703 2688 RasAcd - ok
23:39:05.0718 2688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:39:05.0718 2688 Rasl2tp - ok
23:39:05.0718 2688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:39:05.0718 2688 RasPppoe - ok
23:39:05.0734 2688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:39:05.0734 2688 Raspti - ok
23:39:05.0750 2688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:39:05.0750 2688 Rdbss - ok
23:39:05.0765 2688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:39:05.0765 2688 RDPCDD - ok
23:39:05.0796 2688 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:39:05.0812 2688 RDPWD - ok
23:39:05.0812 2688 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:39:05.0812 2688 redbook - ok
23:39:05.0843 2688 RTLE8023xp (f58a92e8b9caebe2fa8e73ada7d9bd4c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:39:05.0843 2688 RTLE8023xp - ok
23:39:05.0875 2688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:39:05.0875 2688 Secdrv - ok
23:39:05.0906 2688 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
23:39:05.0921 2688 SenFiltService - ok
23:39:05.0921 2688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:39:05.0921 2688 serenum - ok
23:39:05.0937 2688 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
23:39:05.0937 2688 Serial - ok
23:39:05.0953 2688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:39:05.0953 2688 Sfloppy - ok
23:39:05.0953 2688 Simbad - ok
23:39:05.0984 2688 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:39:05.0984 2688 SLIP - ok
23:39:06.0000 2688 Sparrow - ok
23:39:06.0015 2688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:39:06.0015 2688 splitter - ok
23:39:06.0031 2688 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
23:39:06.0046 2688 sr - ok
23:39:06.0046 2688 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
23:39:06.0062 2688 Srv - ok
23:39:06.0062 2688 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:39:06.0062 2688 streamip - ok
23:39:06.0078 2688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:39:06.0078 2688 swenum - ok
23:39:06.0078 2688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:39:06.0093 2688 swmidi - ok
23:39:06.0093 2688 symc810 - ok
23:39:06.0109 2688 symc8xx - ok
23:39:06.0109 2688 sym_hi - ok
23:39:06.0125 2688 sym_u3 - ok
23:39:06.0140 2688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:39:06.0140 2688 sysaudio - ok
23:39:06.0187 2688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:39:06.0203 2688 Tcpip - ok
23:39:06.0218 2688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:39:06.0218 2688 TDPIPE - ok
23:39:06.0250 2688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:39:06.0265 2688 TDTCP - ok
23:39:06.0265 2688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:39:06.0265 2688 TermDD - ok
23:39:06.0281 2688 TosIde - ok
23:39:06.0312 2688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:39:06.0312 2688 Udfs - ok
23:39:06.0312 2688 ultra - ok
23:39:06.0328 2688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:39:06.0328 2688 Update - ok
23:39:06.0375 2688 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:39:06.0390 2688 usbaudio - ok
23:39:06.0406 2688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:39:06.0421 2688 usbccgp - ok
23:39:06.0421 2688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:39:06.0421 2688 usbehci - ok
23:39:06.0453 2688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:39:06.0453 2688 usbhub - ok
23:39:06.0453 2688 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:39:06.0453 2688 usbprint - ok
23:39:06.0484 2688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:39:06.0484 2688 USBSTOR - ok
23:39:06.0500 2688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:39:06.0515 2688 usbuhci - ok
23:39:06.0531 2688 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:39:06.0531 2688 usbvideo - ok
23:39:06.0546 2688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:39:06.0546 2688 VgaSave - ok
23:39:06.0562 2688 ViaIde - ok
23:39:06.0578 2688 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
23:39:06.0578 2688 VolSnap - ok
23:39:06.0609 2688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:39:06.0609 2688 Wanarp - ok
23:39:06.0656 2688 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:39:06.0656 2688 Wdf01000 - ok
23:39:06.0671 2688 WDICA - ok
23:39:06.0703 2688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:39:06.0703 2688 wdmaud - ok
23:39:06.0734 2688 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:39:06.0734 2688 WS2IFSL - ok
23:39:06.0765 2688 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:39:06.0765 2688 WSTCODEC - ok
23:39:06.0796 2688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:39:06.0796 2688 WudfPf - ok
23:39:06.0812 2688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:39:06.0812 2688 WudfRd - ok
23:39:06.0921 2688 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
23:39:06.0921 2688 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
23:39:06.0937 2688 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
23:39:07.0109 2688 \Device\Harddisk0\DR0 - ok
23:39:07.0109 2688 Boot (0x1200) (4e310682960c10c28dae2bc45fd665c5) \Device\Harddisk0\DR0\Partition0
23:39:07.0125 2688 \Device\Harddisk0\DR0\Partition0 - ok
23:39:07.0125 2688 Boot (0x1200) (20a3e468b86cd16d88b4eb0c671902cd) \Device\Harddisk0\DR0\Partition1
23:39:07.0125 2688 \Device\Harddisk0\DR0\Partition1 - ok
23:39:07.0125 2688 ================================================== ==========
23:39:07.0125 2688 Scan finished
23:39:07.0125 2688 ================================================== ==========
23:39:07.0140 2536 Detected object count: 0
23:39:07.0140 2536 Actual detected object count: 0

Hierna nog even HijackThis laten lopen (misschien overbodig, mn excuses hiervoor):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:39, on 27/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Taskhelp] %Temp%\start.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Taskhelp] %Temp%\start.exe (User 'Default user')
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7507 bytes

Mvg.

**Rosty** · 28 September 2011, 17:32

Nog problemen nu?

**kurt002** · 29 September 2011, 10:23

Oorspronkelijk geplaatst door Rosty

Nog problemen nu?

Ik wachtte om te reageren tot de PC enkele uren draaide zonder problemen.
Aangezien er een antwoord komt => OK.

Na het verwijderen van één object met die killer, PC herstart, alles terug laten lopen: géén foutmelding meer, AVG vind géén trojans meer en de PC sluit correct af. Ook zie ik nu dat ik terug windows updates kan krijgen (dit was met het probleem niet mogelijk, maar dat had ik vergeten zeggen).

Bij deze, van harte bedankt voor het snel en correct oplossen van dit voor mij misterieus probleem.

Mvg.

**Rosty** · 29 September 2011, 16:26

Hey,

ik ben blij dat het opgelost is!!

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.