Volledige versie bekijken : Mebroot rootkit / torpig trojan
dogegg 6 June 2011, 23:53 Hallo,
Een paar dagen geleden kreeg ik van mijn provider (XS4ALL) de volgende mail:
*** Begin mail 1
XS4ALL heeft geconstateerd dat uw verbinding misbruikt is door malware (zoals een virus of trojan). Uw gegevens zijn hierdoor kwetsbaar en uw privacy kan niet gewaarborgd worden. In dit bericht staan instructies om dit probleem op te lossen. Wij vragen u deze zorgvuldig te lezen. Uw internettoegang herstellen Om overlast te voorkomen en uw gegevens te beschermen kan het zijn dat u momenteel beperkte internettoegang hebt. Stel dan een proxy server in. Uitleg vindt u op https://www.xs4all.nl/helpdesk/beveiliging/proxy Wat is er precies aan de hand? Op uw netwerk zijn een of meerdere systemen besmet geraakt met het mebroot rootkit en/of de torpig trojan. Hun doel is om o.a. wachtwoorden en creditcardinformatie te stelen, sessies voor online bankieren te kapen en informatie ingevuld op websites zoals sociale netwerksites (facebook, hyves) en online winkels te registreren. Meer informatie over een besmet systeem kunt u vinden op https://www.xs4all.nl/veiligheid/inbraak/ Wat moet u doen? Deze malware is complex en kan niet op een betrouwbare manier verwijderd worden met behulp van een antivirusprogramma. We raden daarom aan om *alle* windowssystemen in uw netwerk opnieuw te installeren waarbij de partities verwijderd en opnieuw aangemaakt worden. Dit omdat een onderdeel van deze malware zich nestelt in een gedeelte van de harde schijf dat aangesproken wordt voordat het besturingssysteem opstart, het zogenaamde Master Boot Record. Maakt u gebruik van een groot netwerk, dan kunt u het besmette systeem opsporen door het DNS-verkeer op het netwerk te monitoren. Gedetailleerde instructies hiervoor zijn beschikbaar op aanvraag. Komt u er niet uit? Hulp nodig? Stuur dan een antwoord op deze waarschuwing met uw vraag. Met vriendelijke groet, XS4ALL Abuse Centre (Logregels indien beschikbaar) XS4ALL | 2011-06-01 17:33 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 XS4ALL | 2011-06-01 14:07 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 *** Einde mail 1
In de reactie op deze mail heb ik aangegeven dat ik 6 computers heb die van internet gebruik maken en dat het geen doen is om die allemaal opnieuw te installeren. Ik heb vervolgens gevraagd hoe ik kan constateren welke computer eventueel besmet is. Als antwoord kreeg ik de volgende mail van XS4ALL:
*** Begin mail 2
Geconstateerd is dat uw computer besmet is geraakt met de torpig trojan en/of het mebroot rootkit. Deze twee besmettingen komen vaak in combinatie met elkaar voor, al is het mogelijk dat ze soms los van elkaar op een systeem staan. Echter, veiligheidshalve is het verstandig om ervan uit te gaan dat beide aanwezig zijn. Beschikbare logregels, dit is verkeer vanaf uw verbinding naar buiten toe: XS4ALL | 2011-06-02 15:19 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 XS4ALL | 2011-06-01 17:33 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 XS4ALL | 2011-06-01 14:07 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 XS4ALL | 2011-05-31 19:03 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 XS4ALL | 2011-05-31 06:48 (UTC) | 82.95.215.248 | mwtype: torpig | dst_port: 80 Torpig (Sinowal) is een trojan specifiek ontworpen om wachtwoorden te stelen, financiele informatie als creditcardgegevens te achterhalen en om bankpagina's met valse informatie te injecteren en zo transacties om te leiden. Het polymorphische karakter van torpig houdt in dat er op dit moment geen enkel programma is dat torpig betrouwbaar kan opsporen en verwijderen. Mebroot is de besmetting die meestal verantwoordelijk is voor het installeren van torpig op een systeem. Doordat mebroot zich in het Master Boot Record (MBR) van een computer bevind wordt het actief voor het besturingssysteem en kan het zich op die manier zodanig diep ingraven dat het door een virusscanner niet gevonden kan worden. De enige oplossing op dit moment is dan ook om *alle* aanwezige computers aangesloten op deze internetverbinding opnieuw te installeren. Er zijn op dit moment *geen* antivirusproducten die een van deze infecties kan opsporen! Belangrijk is om bij de herinstallatie de partities te verwijderen en opnieuw aan te maken, dit zal namelijk een nieuwe MBR wegschrijven. Torpig en Mebroot maken gebruik van een eigen TCP/IP stack waardoor ze niet door een software firewall tegengehouden kunnen worden. Daarnaast verloopt de communicatie naar buiten uitsluitend over poort 80 en is dit alleen door een juist geconfigureerde IPS/IDS te herkennen. U kunt gebruik maken van de onderstaande regels om deze te herkennen: http://www.emergingthreats.net/rules/emerging-virus.rules (Zoek op mebroot, sinowal, torpig en anserin) Echter, een andere methode zou zijn om van een gegarandeerd schoon systeem met behulp van een network sniffer het netwerk in de gaten te houden op poort 80 verkeer dat hier niet in thuishoort. Dit werkt het beste wanneer niet actief gebruik gemaakt wordt van het netwerk. Verkeer dat niet geplaatst kan worden komt waarschijnlijk van het besmette apparaat. Hiermee is het mogelijk om in een groot netwerk het bronsysteem op te sporen. Meer informatie over torpig: http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf (http://www.cs.ucsb.edu/%7Eseclab/projects/torpig/torpig.pdf) *** Einde mail 2
Deze mail geeft ook niet echt een oplossing, de links verwijzen alleen naar algemene informatie over mebroot / torpig. Vervolgens maar eens telefonisch contact gezocht met XS4ALL. Het gesprek kwam er op neer dat XS4ALL niets voor mij kan doen (of niets wil doen?), ik moet het zelf maar uitzoeken en de enige oplossing volgens XS4ALL is om alle computers helemaal leeg te maken en opnieuw te installeren.
Grote vraag voor mij is: hoe kan ik constateren welke computer is besmet met mebroot / torpig en hoe kan ik dit verwijderen. Ik hoop dat jullie me hierbij kunnen helpen.
Ik heb inmiddels zelf de nodige stappen ondernomen: virusscanner een paar keer laten lopen, Malwarebytes en TFC uitgevoerd, Eset online scanner uitgevoerd. Geen aanwijzingen die duiden op mebroot / torpig; wel wat andere dingen gevonden, die netjes verwijderd zijn.
Bijgevoegd is de Hijackthis logfile van de computer die het meest van internet gebruik maakt.
Alvast bedankt voor de hulp.
Met vriendelijke groet,
Dogegg
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:09, on 6-6-2011
Platform: Windows XP SP3, v.3282 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\WINDOWS\system32\ctfmon.exe
M:\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
M:\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
M:\Total CMA Pack\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HTC\HTC Sync 3.0\adb.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\msiexec.exe
O:\BT-Tijd\Mebroot-torpig\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510203451.dl l
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Users\W5\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\W5\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - M:\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.cfxxe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
--
End of file - 7900 bytes
EvelineGirl 7 June 2011, 11:51 Hallo,
Ik merk dat je ook Combofix al hebt laten draaien. Dit is niet erg verstandig om op eigen initiatief te doen. Plaats ook het logje daar eens van aub.
1.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
2.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) naar het bureaublad.
Dubbelklik op "aswMBR.exe" om de tool te starten.
Klik op de knop "scan"
http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif
Als de scan gereed is klikt u op de knop "save log"
http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif
Plaats dit log bestand in het volgende bericht.
Succes,
Eveline.:)
dogegg 8 June 2011, 10:21 Hallo Eveline,
Bedankt voor je reactie.
Ik heb inderdaad Combofix laten draaien om te kijken wat die te melden had (verder geen gekke dingen gedaan). Opvallend is de melding dat AVG volgens Combofix nog steeds actief is, terwijl ik die al een hele tijd niet meer gebruik en ook verwijderd heb van mijn computer.
Hierbij de log van Combofix:
ComboFix 11-06-03.04 - W5 05-06-2011 13:58:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.446 [GMT 2:00]
Running from: C:\Users\W5\Desktop\ComboFix.exe
AV: AVG 7.5.516 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
Het rapport van TDDSSKILLER:
2011/06/08 10:08:51.0531 2228 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 10:08:53.0531 2228 ================================================== ==============================
2011/06/08 10:08:53.0531 2228 SystemInfo:
2011/06/08 10:08:53.0531 2228
2011/06/08 10:08:53.0531 2228 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/08 10:08:53.0531 2228 Product type: Workstation
2011/06/08 10:08:53.0531 2228 ComputerName: W5-659CC85F1EFD
2011/06/08 10:08:53.0531 2228 UserName: W5
2011/06/08 10:08:53.0531 2228 Windows directory: C:\WINDOWS
2011/06/08 10:08:53.0531 2228 System windows directory: C:\WINDOWS
2011/06/08 10:08:53.0531 2228 Processor architecture: Intel x86
2011/06/08 10:08:53.0531 2228 Number of processors: 2
2011/06/08 10:08:53.0531 2228 Page size: 0x1000
2011/06/08 10:08:53.0531 2228 Boot type: Normal boot
2011/06/08 10:08:53.0531 2228 ================================================== ==============================
2011/06/08 10:08:55.0562 2228 Initialize success
2011/06/08 10:09:17.0765 3676 ================================================== ==============================
2011/06/08 10:09:17.0765 3676 Scan started
2011/06/08 10:09:17.0765 3676 Mode: Manual;
2011/06/08 10:09:17.0765 3676 ================================================== ==============================
2011/06/08 10:09:18.0734 3676 ACPI (d9ce207de54b3cb8c00e8d64e423f985) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 10:09:18.0781 3676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 10:09:18.0812 3676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 10:09:18.0843 3676 AFD (eedece1d153c5a4f44063f6b81bb128d) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 10:09:18.0953 3676 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/08 10:09:19.0031 3676 Arp1394 (8843311ff38e791ff38fd377e6d69931) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/08 10:09:19.0171 3676 Asapi (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
2011/06/08 10:09:19.0250 3676 AsyncMac (26e7300adaf32afc70cd6cb91d9b127b) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 10:09:19.0265 3676 atapi (5c57fa4b5b2776c970c4f566a2df5b68) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 10:09:19.0343 3676 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/08 10:09:19.0406 3676 Atmarpc (71152b9de4a97f0410d38c52dc536e64) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 10:09:19.0531 3676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 10:09:19.0546 3676 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/08 10:09:19.0578 3676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 10:09:19.0625 3676 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2011/06/08 10:09:19.0843 3676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 10:09:19.0875 3676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 10:09:19.0890 3676 Cdfs (9529ef0ad949465cf0f178df918f451a) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 10:09:19.0906 3676 Cdrom (2bb41f9e073e1b6fc08cecd7fcb460fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 10:09:20.0062 3676 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/06/08 10:09:20.0109 3676 Compbatt (dcbb26bb8ce6e3f8e58004a0626741e1) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/08 10:09:20.0187 3676 Disk (4454f78a5f283c42db9fb5098372b547) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 10:09:20.0234 3676 dmboot (fc3eb0005d9b2367ac8de241b7dd2841) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 10:09:20.0250 3676 dmio (d41fa055efa29d858df0ac70f7cd6516) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 10:09:20.0281 3676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 10:09:20.0312 3676 DMusic (bafc50aa5b584be3ebc42c41bb7dbfee) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 10:09:20.0343 3676 drmkaud (24ea6cf426cf20b6c3fb67b6938de84c) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 10:09:20.0375 3676 Fastfat (0290de29cef5795064d8ecb44db96709) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 10:09:20.0390 3676 Fdc (3168e82018b1e88e089013ac7970bad8) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/08 10:09:20.0453 3676 Fips (752498f9dd288d59c6f0513c1ee88352) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 10:09:20.0484 3676 Flpydisk (10e9e0676af71fe78f03853f933137ab) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/08 10:09:20.0546 3676 FltMgr (09257eae1ea003020b26d3a723159033) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/08 10:09:20.0578 3676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 10:09:20.0593 3676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 10:09:20.0609 3676 Gpc (056e68384160cee86a3e8419fc892d07) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 10:09:20.0625 3676 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/08 10:09:20.0640 3676 HidBatt (da10390064915b72a708d22308290a9a) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/06/08 10:09:20.0656 3676 hidusb (8a0c80925d55c7b9c1d7eaac46e5fbf8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/08 10:09:20.0703 3676 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/08 10:09:20.0718 3676 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/08 10:09:20.0750 3676 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/08 10:09:20.0781 3676 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2011/06/08 10:09:20.0812 3676 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
2011/06/08 10:09:20.0828 3676 HTTP (c28cb834b5cbbb8b68c29d0eb2021ce7) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 10:09:20.0875 3676 i8042prt (0e3fa77f8fa3dffe35650777410217d9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/08 10:09:20.0890 3676 Imapi (c8608b31b59cb8988ec2ceb4cf4a94f3) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 10:09:20.0937 3676 InCDfs (c32910ff5b7dbcd3ae83075ca8c03823) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/06/08 10:09:20.0937 3676 InCDPass (06aa87b01fb9874b86987a10b04ec1bf) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/06/08 10:09:20.0953 3676 InCDRec (6a7100412d8776ee9026bf252a2a198a) C:\WINDOWS\system32\drivers\InCDRec.sys
2011/06/08 10:09:20.0968 3676 incdrm (b011def89702f93e0d50e2a562a8cb5b) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/06/08 10:09:21.0140 3676 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/08 10:09:21.0234 3676 intelppm (361f60b27d9bbf701f26a44e6501150e) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/08 10:09:21.0265 3676 Ip6Fw (f65d35815863e623890ef73f54db61ab) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/08 10:09:21.0281 3676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 10:09:21.0296 3676 IpInIp (9e01ac500963c5ab62fc98f59ba7960f) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 10:09:21.0312 3676 IpNat (597a994db7bd42dfd85b1214d3de0416) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 10:09:21.0328 3676 IPSec (17c65c873ed09769ac6e45c0d461ea2e) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 10:09:21.0359 3676 IRENUM (1fdcab16e51caf0219b8693c517c17a1) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 10:09:21.0375 3676 isapnp (9e25f42578bc22afe3d405414a177067) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 10:09:21.0375 3676 iteraid (e04acf2aa3b60249fab5a2503c59efc1) C:\WINDOWS\system32\DRIVERS\iteraid.sys
2011/06/08 10:09:21.0406 3676 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/08 10:09:21.0421 3676 Kbdclass (0c6a9734730068cd373034226f36f1e8) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 10:09:21.0484 3676 kmixer (bb69d5a68f937ee946abcc0b934ea7bc) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 10:09:21.0500 3676 KSecDD (9b4de82ec3c42326af6a1b9ad708a84e) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 10:09:21.0609 3676 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/06/08 10:09:21.0640 3676 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/06/08 10:09:21.0671 3676 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/06/08 10:09:21.0703 3676 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/06/08 10:09:21.0718 3676 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/06/08 10:09:21.0750 3676 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/06/08 10:09:21.0812 3676 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/06/08 10:09:21.0843 3676 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/06/08 10:09:21.0875 3676 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/06/08 10:09:21.0953 3676 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/06/08 10:09:21.0968 3676 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/06/08 10:09:21.0984 3676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 10:09:22.0031 3676 Modem (4dd00375c2a6fafb9bfd12246848875a) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 10:09:22.0062 3676 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/08 10:09:22.0093 3676 Mouclass (8ca12d7d14a25b37f56d5f1fe9a25a60) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 10:09:22.0109 3676 MountMgr (a1f6e5985d4b6332765bbd752b585820) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 10:09:22.0140 3676 MRxDAV (b9f3e668f69f62572da2ef5a4e637f3d) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 10:09:22.0171 3676 MRxSmb (fc56a3d7e0960c061c971e1338f0023f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 10:09:22.0187 3676 Msfs (317c43683419458d0fd5f8107a30913a) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 10:09:22.0234 3676 MSKSSRV (fb715eebfb34c937472c615a0fd3231b) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 10:09:22.0250 3676 MSPCLOCK (2fb80ec34b3bfa8617b55fe2b9d33106) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 10:09:22.0265 3676 MSPQM (dfc52003f881409650f81aa7716ddcf3) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 10:09:22.0281 3676 mssmbios (0bb1037d1c00f3a154205c7550af2845) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 10:09:22.0296 3676 Mup (d49499e4c395940a3fbaa9dc66d23a63) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 10:09:22.0328 3676 NDIS (7eaf6ac0fea24ce89b298b52ede1b5c4) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 10:09:22.0343 3676 NdisTapi (27afa919c0e3f139a193e9758532d5e6) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 10:09:22.0406 3676 Ndisuio (1f482bcdb22b941c7ed7159633a45b6e) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 10:09:22.0468 3676 NdisWan (db8df6110124ade6149c29dac88c3879) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 10:09:22.0484 3676 NDProxy (44b60db4c7b16675643f2f7604016103) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 10:09:22.0562 3676 NetBIOS (ce36bd0eea5b4b278dfcc7e59a1d1e86) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 10:09:22.0640 3676 NetBT (30da2fa55d186ef6c753ba736beda9fb) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 10:09:22.0734 3676 NIC1394 (96a1af0945947af0446d9971c5dc3478) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/08 10:09:22.0765 3676 Npfs (4b719885e41ca3425d36a69a0c057b3c) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 10:09:22.0781 3676 Ntfs (a470c31513534f650a59e78a2fe783c1) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 10:09:22.0812 3676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 10:09:22.0843 3676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 10:09:22.0843 3676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 10:09:22.0875 3676 ohci1394 (557d5d2245ffc96c9003e0aad02e9398) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/08 10:09:22.0890 3676 Parport (a54d582b1737095cf71fc4c75e7e4bb5) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 10:09:23.0015 3676 PartMgr (268917bc207a3105d975741c1c5285e8) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 10:09:23.0046 3676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 10:09:23.0062 3676 PCI (7f4cbf9df8ba8003ca145e5bbe95eb81) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 10:09:23.0093 3676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/08 10:09:23.0125 3676 Pcmcia (a925580e85b1aeec64a5c39ab79ecc7d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 10:09:23.0140 3676 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/06/08 10:09:23.0312 3676 PptpMiniport (5f125a075f48ee11d23cd1d59b5b5ca0) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 10:09:23.0390 3676 PSched (b6e3f0cbf53530b1eb92e29c0c3ebeac) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/08 10:09:23.0406 3676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 10:09:23.0484 3676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 10:09:23.0500 3676 Rasl2tp (2024f3c75d6cb95e0fddb1517fb21eb5) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 10:09:23.0515 3676 RasPppoe (a3a64b2f69b8e384029373845c273e6f) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 10:09:23.0531 3676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 10:09:23.0546 3676 Rdbss (3d5c240ae89126e2ceac04f229a62c94) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 10:09:23.0687 3676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 10:09:23.0734 3676 rdpdr (98cc7ac6614002080a92c5533608e425) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/08 10:09:23.0765 3676 RDPWD (bca59653d57bf56b3e2eb34edd1c55df) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 10:09:23.0781 3676 redbook (49c5ce86bc164709fda25212e4731126) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 10:09:23.0843 3676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 10:09:23.0859 3676 serenum (a6864b3a9c68be45c23df7ea3895d53b) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 10:09:23.0875 3676 Serial (5a49bc6b85cf7132cd742d284cc9d977) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 10:09:23.0937 3676 Sfloppy (df0061645da3c6592f13104e838774c8) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 10:09:24.0015 3676 snapman (e92be8a451c56b5506f0f3eba2a3628e) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/08 10:09:24.0062 3676 splitter (a7fee4c5d140e32d45538d40a5ed67e2) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 10:09:24.0125 3676 sr (e650c7b9a96a7a0b345a6d19c462d2af) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 10:09:24.0156 3676 Srv (6f2a87510e9e2ef79b9dec48e38f37cf) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 10:09:24.0234 3676 swenum (578418d07c7c7bac36a1f6832d4fcaf1) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 10:09:24.0281 3676 swmidi (bccf5102409538b01aac7aaa73660860) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 10:09:24.0343 3676 sysaudio (8b0ace8441356a7327da88d86e4672b7) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 10:09:24.0375 3676 Tcpip (270684847a8ef5c51fff58457e4dc8c6) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 10:09:24.0390 3676 TDPIPE (3ebf04df288699cbe92860fc2fc77156) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 10:09:24.0406 3676 TDTCP (ef72b325bfc20182a9070393eafc00b2) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 10:09:24.0421 3676 TermDD (b1d8df0d53171ea964df87cf0248fd08) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 10:09:24.0468 3676 Udfs (ddd12fc258e777b3a6a49e75bf3d6899) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 10:09:24.0625 3676 Update (2256719de3722bc2f47a05172aa423bc) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 10:09:24.0671 3676 usbccgp (d820f16e901511c0d20abd6bab35f645) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/08 10:09:24.0687 3676 usbehci (ae18e087754f290fc05f81cc3a4ec6c9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 10:09:24.0703 3676 usbhub (c8731ef48bae257e1948b8d87d8de0fb) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 10:09:24.0750 3676 usbprint (66fba83336949ad20a7d7049a499b169) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/08 10:09:24.0781 3676 usbscan (dcdc6ead214ea4f79bfcbc6d185eed5b) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/08 10:09:24.0796 3676 USBSTOR (479485d182199facf965bc4d2756d456) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 10:09:24.0875 3676 usbuhci (7710296ef5c1977d62ab3c9e2c3950ea) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/08 10:09:24.0890 3676 VgaSave (a856a8a639d6bc16b65cfb7c4aaa45d5) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 10:09:24.0906 3676 VolSnap (868170260a32fd080fb637da3f2a4423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 10:09:24.0953 3676 Wanarp (c37d29a03e5181b2c49103803b62583f) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 10:09:24.0984 3676 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/08 10:09:25.0031 3676 wdmaud (a687be1dc68ef2ef0d76216f9f05f986) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 10:09:25.0125 3676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/08 10:09:25.0140 3676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/08 10:09:25.0218 3676 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (560bf4bd85bf11608ee85d6cf87c02da) M:\CyberLink\PowerDVD\000.fcl
2011/06/08 10:09:25.0234 3676 MBR (0x1B8) (dd654ebc28ea19fc767af95a73cca807) \Device\Harddisk3\DR3
2011/06/08 10:09:25.0265 3676 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
2011/06/08 10:09:25.0281 3676 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
2011/06/08 10:09:25.0359 3676 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/06/08 10:09:25.0390 3676 ================================================== ==============================
2011/06/08 10:09:25.0390 3676 Scan finished
2011/06/08 10:09:25.0390 3676 ================================================== ==============================
2011/06/08 10:09:25.0406 3732 Detected object count: 0
2011/06/08 10:09:25.0406 3732 Actual detected object count: 0
En de log van aswmbr:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 10:11:46
-----------------------------
10:11:46.937 OS Version: Windows 5.1.2600 Service Pack 3, v.3282
10:11:46.937 Number of processors: 2 586 0x304
10:11:46.937 ComputerName: W5-659CC85F1EFD UserName: W5
10:11:47.562 Initialize success
10:11:54.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:11:54.093 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
10:11:54.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a
10:11:54.093 Disk 1 Vendor: Maxtor_6Y200M0 YAR51HW0 Size: 194481MB BusType: 3
10:11:54.093 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-22
10:11:54.093 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
10:11:54.093 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\iteraid1Port4Path0Target0Lun0
10:11:54.093 Disk 3 Vendor: ITE_Disk BAH4 Size: 239372MB BusType: 1
10:11:56.125 Disk 0 MBR read successfully
10:11:56.125 Disk 0 MBR scan
10:11:56.125 Disk 0 unknown MBR code
10:11:58.125 Disk 0 scanning sectors +1953520065
10:11:58.140 Disk 0 scanning C:\WINDOWS\system32\drivers
10:12:01.359 Service scanning
10:12:02.281 Disk 0 trace - called modules:
10:12:02.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:12:02.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87341ab8]
10:12:02.281 3 CLASSPNP.SYS[f770efd7] -> nt!IofCallDriver -> \Device\00000071[0x8730b9e8]
10:12:02.296 5 ACPI.sys[f7665620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8737bd98]
10:12:02.296 Scan finished successfully
10:12:36.171 Disk 0 MBR has been saved successfully to "O:\BT-Tijd\Mebroot-torpig\MBR.dat"
10:12:36.171 The log file has been saved successfully to "O:\BT-Tijd\Mebroot-torpig\aswMBR.txt"
Met vriendelijke groet,
Dogegg
EvelineGirl 8 June 2011, 10:44 Open een kladblok kopieer en plak de onderstaande code:
SecCenter::
{41564737-3200-1071-989B-0000E87B4FB1}
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix doen herstarten, post het nieuwe Combofix logje in je volgende antwoord.
Laat Combofix updaten indien er een update is!
Voer ook TDSSkiller en aswMBR uit op de andere pc's en plaats deze logjes.
Deze XP lijkt me schoon kreeg je 1 van de opties fixmbr of fix bij aswMBR??
dogegg 8 June 2011, 11:44 Bij aswmbr kreeg ik de optie fixmbr. Ik zag in de log "Disk 0 unknown MBR code"; is dat nog een teken dat er iets mis is?
Hierbij de log van Combofix. De resultaten van de andere pc's komen zsm.
Log Combofix:
ComboFix 11-06-07.02 - W5 08-06-2011 11:16:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.515 [GMT 2:00]
Running from: c:\users\W5\Desktop\ComboFix.exe
Command switches used :: c:\users\W5\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\W5\Application Data\inst.exe
c:\users\W5\WINDOWS
c:\windows\system32\bin
c:\windows\system32\bin\brutalchess.exe
c:\windows\system32\bin\freetype6.dll
c:\windows\system32\bin\jpeg.dll
c:\windows\system32\bin\libpng12.dll
c:\windows\system32\bin\libtiff.dll
c:\windows\system32\bin\Microsoft.VC80.CRT\Microso ft.VC80.CRT.manifest
c:\windows\system32\bin\Microsoft.VC80.CRT\msvcm80 .dll
c:\windows\system32\bin\Microsoft.VC80.CRT\msvcp80 .dll
c:\windows\system32\bin\Microsoft.VC80.CRT\msvcr80 .dll
c:\windows\system32\bin\SDL.dll
c:\windows\system32\bin\SDL_image.dll
c:\windows\system32\bin\zlib1.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2019-09-25 22:40 . 2019-09-25 22:40 20480 ----a-w- c:\windows\system32\APITypes.dll
2011-06-07 05:13 . 2011-06-07 05:14 -------- d-----w- c:\users\W5\Application Data\QuickScan
2011-06-06 21:11 . 2011-06-06 21:11 388096 ----a-r- c:\users\W5\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 19:48 . 2011-06-05 19:48 -------- d-----w- c:\program files\ESET
2011-05-24 20:32 . 2011-05-24 20:32 -------- d-----w- c:\users\W5\My Photos
2011-05-24 20:32 . 2011-05-24 20:32 -------- d-----w- c:\users\\W5\My Photos
2011-05-24 20:30 . 2007-11-27 01:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-05-23 21:11 . 2011-05-24 20:32 -------- d-----w- c:\users\W5\Application Data\HTC
2011-05-23 21:08 . 2011-05-23 21:08 -------- d-----w- c:\users\W5\Local Settings\Application Data\Downloaded Installations
2011-05-23 21:08 . 2009-06-09 22:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-05-23 21:08 . 2009-06-09 12:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-23 21:07 . 2011-05-23 21:07 -------- d-----w- c:\program files\Spirent Communications
2011-05-23 21:07 . 2011-05-23 21:11 -------- d-----w- c:\program files\HTC
2011-05-23 21:07 . 2011-05-23 21:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-23 21:05 . 2011-05-23 21:05 -------- d-----w- c:\program files\MSXML 4.0
2011-05-15 13:03 . 2011-05-15 13:03 -------- d-----w- c:\users\All Users\Application Data\ESTsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-29 07:11 . 2010-08-29 12:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-08-29 12:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 12:01 . 2011-03-21 03:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 12:01 . 2011-03-21 03:13 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 12:01 . 2011-03-21 03:13 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 12:01 . 2011-03-21 03:13 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 12:01 . 2011-03-21 03:13 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 12:01 . 2011-03-21 03:13 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 12:01 . 2011-03-21 03:13 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 12:01 . 2011-03-21 03:13 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 12:01 . 2010-08-08 20:19 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 12:01 . 2010-08-08 20:19 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 12:01 . 2009-11-04 14:54 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 16:57 . 2011-05-02 11:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-03-21 03:13 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-10-11 . 270684847A8EF5C51FFF58457E4DC8C6 . 361088 . . [5.1.2600.9999] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-11 . 270684847A8EF5C51FFF58457E4DC8C6 . 361088 . . [5.1.2600.9999] . . c:\windows\system32\syscache\tcpip.sys
.
[-] 2008-01-31 12:54 . 168163B5A3B8DBC53DC8B06252B94D40 . 1015296 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-01-31 . DBEA66514C6FE1E2BAF241D83B13AD85 . 692736 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2007-12-28 . ECEFB8593B1885ED9B62BEDAA4257C9A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3282_x-ww_d754003b\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-01-31 . E37DE8DF6C1F77CC2FD09EC9EF43211B . 578048 . . [5.1.2600.3282] . . c:\windows\system32\user32.dll
.
[-] 2008-01-31 . B733D20910E7D462FCF1DA03646D7B21 . 1424384 . . [6.00.2900.3282] . . c:\windows\explorer.exe
.
[-] 2008-01-31 . CD7009A1BE53EB6E716C0641B7F7BC06 . 226304 . . [5.1.2600.3282] . . c:\windows\regedit.exe
.
[-] 2008-01-31 . 22F2A2F1CE128C8A6137A009186820A7 . 1613824 . . [5.1.2600.3282] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\NB HShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 20:02 96552 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-28 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-12-28 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352]
"TopDesk"="c:\windows\System32\topdesk.exe" [2007-11-16 1937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\users\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - m:\apc\APC PowerChute Personal Edition\Display.exe [2011-1-31 221247]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,32,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-04-30 09:22 64032 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2007-12-28 00:44 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-12-13 20:02 1082152 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-03-14 20:01 54832 ------w- m:\cyberlink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01 71216 ------w- m:\cyberlink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-30 09:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
2007-11-16 06:40 1937920 ----a-w- c:\windows\system32\topdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack]
2008-09-18 10:51 42393 ----a-w- m:\total cma pack\Total CMA Pack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateServices]
2008-01-31 12:10 256777 ----a-w- c:\windows\system32\ultsvcs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
2007-09-05 17:20 36352 ----a-w- c:\windows\system32\visualtasktips.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 16:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"m:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system3 2\drivers\iteraid.sys [1/31/2008 2:16 PM 25067]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/6/2010 11:34 PM 10240]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/21/2011 5:13 AM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2010 10:24 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/21/2011 5:13 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/21/2011 5:13 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/21/2011 5:13 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/21/2011 5:13 AM 141792]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/21/2011 5:13 AM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/21/2011 5:13 AM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [3/21/2011 5:13 AM 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [8/9/2010 10:55 AM 1691480]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/23/2011 11:08 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/21/2011 5:13 AM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/21/2011 5:13 AM 84488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [12/13/2007 10:02 PM 50984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
IE: Free YouTube Download - c:\users\W5\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\W5\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\W5\Application Data\Mozilla\Firefox\Profiles\h5kkfefa.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http - proxy.xs4all.nl
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 11:29
Windows 5.1.2600 Service Pack 3, v.3282 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\m:\cyberlink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3512)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\COMRes.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
m:\apc\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
m:\apc\APC PowerChute Personal Edition\apcsystray.exe
.
************************************************** ************************
.
Completion time: 2011-06-08 11:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-08 09:38
.
Pre-Run: 9.086.758.912 bytes free
Post-Run: 8.955.781.120 bytes free
.
- - End Of File - - F99EF7C867EBA220B2CCDEB7A392F57D
EvelineGirl 8 June 2011, 11:49 Ik wacht even op de andere logjes voordat ik conclussies ga trekken.
Unknown wil nog niet zeggen 'geinfecteerd.' Daar kom ik nog op terug. :)
dogegg 8 June 2011, 11:51 Hallo Evelyne,
Hierbij de logs voor computer 2 (NB Combofix is nog niet uitgevoerd op deze computer):
Tdsskiller:
2011/06/08 11:15:48.0609 3560 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/08 11:15:49.0750 3560 ================================================== ==============================
2011/06/08 11:15:49.0750 3560 SystemInfo:
2011/06/08 11:15:49.0750 3560
2011/06/08 11:15:49.0750 3560 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/08 11:15:49.0750 3560 Product type: Workstation
2011/06/08 11:15:49.0750 3560 ComputerName: X-4141BA2FD0224
2011/06/08 11:15:49.0750 3560 UserName: Martina
2011/06/08 11:15:49.0750 3560 Windows directory: C:\WINDOWS
2011/06/08 11:15:49.0750 3560 System windows directory: C:\WINDOWS
2011/06/08 11:15:49.0750 3560 Processor architecture: Intel x86
2011/06/08 11:15:49.0750 3560 Number of processors: 1
2011/06/08 11:15:49.0750 3560 Page size: 0x1000
2011/06/08 11:15:49.0750 3560 Boot type: Normal boot
2011/06/08 11:15:49.0750 3560 ================================================== ==============================
2011/06/08 11:15:50.0687 3560 Initialize success
2011/06/08 11:15:53.0718 3636 ================================================== ==============================
2011/06/08 11:15:53.0718 3636 Scan started
2011/06/08 11:15:53.0718 3636 Mode: Manual;
2011/06/08 11:15:53.0718 3636 ================================================== ==============================
2011/06/08 11:15:54.0515 3636 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/08 11:15:54.0703 3636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 11:15:54.0796 3636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 11:15:54.0937 3636 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/08 11:15:55.0062 3636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 11:15:55.0171 3636 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/08 11:15:55.0265 3636 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 11:15:55.0953 3636 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/08 11:15:56.0031 3636 aswFW (95281a48f7cdd3edb614b6edc2669da7) C:\WINDOWS\system32\drivers\aswFW.sys
2011/06/08 11:15:56.0125 3636 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/08 11:15:56.0234 3636 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
2011/06/08 11:15:56.0328 3636 aswNdis2 (8fb32b6806b5e9f029199502c072d4d1) C:\WINDOWS\system32\drivers\aswNdis2.sys
2011/06/08 11:15:56.0421 3636 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/08 11:15:56.0531 3636 aswSnx (81e6986545a8fb6c819799d3a787b74c) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/08 11:15:56.0625 3636 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/08 11:15:56.0750 3636 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/08 11:15:56.0843 3636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 11:15:56.0937 3636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 11:15:57.0078 3636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 11:15:57.0171 3636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 11:15:57.0281 3636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 11:15:57.0406 3636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 11:15:57.0546 3636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 11:15:57.0640 3636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 11:15:57.0734 3636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 11:15:58.0156 3636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 11:15:58.0281 3636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 11:15:58.0406 3636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 11:15:58.0531 3636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 11:15:58.0625 3636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 11:15:58.0781 3636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 11:15:58.0906 3636 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/06/08 11:15:59.0000 3636 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/08 11:15:59.0125 3636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 11:15:59.0234 3636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/08 11:15:59.0328 3636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 11:15:59.0421 3636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/08 11:15:59.0515 3636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/08 11:15:59.0593 3636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 11:15:59.0687 3636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 11:15:59.0812 3636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 11:15:59.0890 3636 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/06/08 11:16:00.0031 3636 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/08 11:16:00.0203 3636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 11:16:00.0421 3636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/08 11:16:00.0546 3636 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/08 11:16:00.0671 3636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 11:16:00.0843 3636 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/08 11:16:00.0937 3636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/08 11:16:01.0031 3636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/08 11:16:01.0109 3636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 11:16:01.0218 3636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 11:16:01.0328 3636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 11:16:01.0406 3636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 11:16:01.0484 3636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 11:16:01.0593 3636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 11:16:01.0687 3636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 11:16:01.0765 3636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 11:16:01.0859 3636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 11:16:02.0046 3636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 11:16:02.0140 3636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 11:16:02.0218 3636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 11:16:02.0312 3636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/08 11:16:02.0437 3636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 11:16:02.0578 3636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 11:16:02.0703 3636 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 11:16:02.0843 3636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 11:16:02.0937 3636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 11:16:03.0046 3636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 11:16:03.0140 3636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 11:16:03.0234 3636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 11:16:03.0328 3636 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 11:16:03.0468 3636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 11:16:03.0578 3636 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 11:16:03.0671 3636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 11:16:03.0781 3636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 11:16:03.0890 3636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 11:16:04.0000 3636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 11:16:04.0093 3636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 11:16:04.0234 3636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 11:16:04.0359 3636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 11:16:04.0500 3636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 11:16:04.0562 3636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 11:16:04.0609 3636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 11:16:04.0703 3636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 11:16:04.0796 3636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 11:16:04.0875 3636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 11:16:04.0968 3636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 11:16:05.0093 3636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/08 11:16:05.0187 3636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 11:16:05.0640 3636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 11:16:05.0750 3636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/08 11:16:05.0859 3636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 11:16:06.0203 3636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 11:16:06.0343 3636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 11:16:06.0453 3636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 11:16:06.0546 3636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 11:16:06.0640 3636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 11:16:06.0750 3636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 11:16:06.0875 3636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/08 11:16:06.0984 3636 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 11:16:07.0109 3636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 11:16:07.0250 3636 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/06/08 11:16:07.0390 3636 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/06/08 11:16:07.0640 3636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 11:16:07.0750 3636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 11:16:07.0843 3636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 11:16:07.0953 3636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 11:16:08.0156 3636 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/08 11:16:08.0343 3636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 11:16:08.0437 3636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 11:16:08.0546 3636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 11:16:08.0671 3636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 11:16:08.0765 3636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 11:16:09.0078 3636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 11:16:09.0218 3636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 11:16:09.0328 3636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 11:16:09.0421 3636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 11:16:09.0500 3636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 11:16:09.0703 3636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 11:16:09.0875 3636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 11:16:10.0031 3636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 11:16:10.0140 3636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 11:16:10.0234 3636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/08 11:16:10.0343 3636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 11:16:10.0437 3636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/08 11:16:10.0609 3636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 11:16:10.0765 3636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 11:16:10.0906 3636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 11:16:11.0062 3636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 11:16:11.0250 3636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/08 11:16:11.0390 3636 ================================================== ==============================
2011/06/08 11:16:11.0390 3636 Scan finished
2011/06/08 11:16:11.0390 3636 ================================================== ==============================
2011/06/08 11:16:11.0421 3628 Detected object count: 0
2011/06/08 11:16:11.0421 3628 Actual detected object count: 0
Aswmbr:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 11:25:03
-----------------------------
11:25:03.625 OS Version: Windows 5.1.2600 Service Pack 3
11:25:03.625 Number of processors: 1 586 0x207
11:25:03.625 ComputerName: X-4141BA2FD0224 UserName: Martina
11:25:03.953 Initialize success
11:25:06.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:25:06.781 Disk 0 Vendor: ST340016A 3.21 Size: 38166MB BusType: 3
11:25:08.859 Disk 0 MBR read successfully
11:25:08.859 Disk 0 MBR scan
11:25:08.859 Disk 0 Windows XP default MBR code
11:25:10.875 Disk 0 scanning sectors +78155280
11:25:10.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:25:16.812 Service scanning
11:25:17.765 Disk 0 trace - called modules:
11:25:17.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:25:17.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89766ab8]
11:25:17.765 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000062[0x89748660]
11:25:17.781 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x894add98]
11:25:17.781 Scan finished successfully
11:25:37.593 Disk 0 MBR has been saved successfully to "F:\Tijd\Mebroot-torpig\MBR.dat"
11:25:37.593 The log file has been saved successfully to "F:\Tijd\Mebroot-torpig\aswMBR.txt"
Met vriendelijke groet,
Dogegg
EvelineGirl 8 June 2011, 11:54 Disk 0 Windows XP default MBR code
Deze lijkt me clean in ieder geval.:)
EvelineGirl 8 June 2011, 11:56 Voor de andere XP:
Upload het volgende naar VirusTotal: http://www.virustotal.com/
O:\BT-Tijd\Mebroot-torpig\MBR.dat
Meld hier de uitkomst.:)
dogegg 8 June 2011, 13:15 Hierbij het resultaat van VirusTotal van computer 1:
File name:
MBR.dat
Submission date:
2011-06-08 11:06:56 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
Antivirus Version Last Update Result AhnLab-V32011.06.08.012011.06.08-AntiVir7.11.9.972011.06.08-Antiy-AVL2.0.3.72011.06.07-Avast4.8.1351.02011.06.08-Avast55.0.677.02011.06.08-AVG10.0.0.11902011.06.08-BitDefender7.22011.06.08-CAT-QuickHeal11.002011.06.08-ClamAV0.97.0.02011.06.08-Commtouch5.3.2.62011.06.08-Comodo89932011.06.08-DrWeb5.0.2.033002011.06.08-Emsisoft5.1.0.82011.06.08-eSafe7.0.17.02011.06.06-eTrust-Vet36.1.83742011.06.08-F-Prot4.6.2.1172011.06.08-F-Secure9.0.16440.02011.06.08-Fortinet4.2.257.02011.06.08-GData222011.06.08-IkarusT3.1.1.104.02011.06.08-Jiangmin13.0.9002011.06.07-K7AntiVirus9.105.47812011.06.07-Kaspersky9.0.0.8372011.06.08-McAfee5.400.0.11582011.06.08-McAfee-GW-Edition2010.1D2011.06.08-Microsoft1.69032011.06.08-NOD3261892011.06.08-Norman6.07.102011.06.08-nProtect2011-06-08.022011.06.08-Panda10.0.3.52011.06.07-PCTools7.0.3.52011.06.08-Prevx3.02011.06.08-Rising23.61.02.032011.06.08-Sophos4.66.02011.06.08-SUPERAntiSpyware4.40.0.10062011.06.08-Symantec20111.1.0.1862011.06.08-TheHacker6.7.0.1.2252011.06.08-TrendMicro9.200.0.10122011.06.08-TrendMicro-HouseCall9.200.0.10122011.06.08-VBA323.12.16.02011.06.08-VIPRE95202011.06.08-ViRobot2011.6.8.45002011.06.08-VirusBuster14.0.71.02011.06.07-
Additional information
MD5 : cdaa3f5f208e52a907b2e5e6ea2f7b97 SHA1 : 4187b08456541334976665a91c21b38e2289feca SHA256: df26f9c37f099695b72307fa163fa83def2ec36a1385d3b8e9 589611409f8fce ssdeep: 12:/DBT4ioypXSONFAuEmlzo9RZngleU+W2zK0j3nuq:/DoypX9FAuV2U2H3nn File size : 512 bytes First seen: 2011-06-08 11:06:56 Last seen : 2011-06-08 11:06:56 TrID:
Generic PC disk image (100.0%) sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
EvelineGirl 8 June 2011, 13:23 Dubbel checken:
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) naar je bureaublad.
Dubbelklik op MBRCheck.exe om het programma te openen.
Zo'n soort venster zal geopend worden:
http://i677.photobucket.com/albums/vv132/RPMcMurphy_album_photos/mbrcheck.png
Als je (zoals hierboven in de afbeelding) een melding krijgt, typ dan op N en druk op Enter.
Druk nogmaals op Enter.
Een kladblokbestand genaamd MBRCheck_mm.dd.yy_hh.mm.ss zal op je bureaublad worden opgeslagen. Post de inhoud van dit bestand in je volgende bericht.
dogegg 8 June 2011, 14:01 Hierbij het resultaat van MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3, v.3282 (build 2600)
Logical Drives Mask: 0x00007ffd
Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BE1000 \WINDOWS\system32\KDCOM.DLL
0xF7AF1000 \WINDOWS\system32\BOOTVID.dll
0xF7692000 ACPI.sys
0xF7BE3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7681000 pci.sys
0xF76E1000 isapnp.sys
0xF76F1000 ohci1394.sys
0xF7701000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7AF5000 compbatt.sys
0xF7AF9000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CA9000 pciide.sys
0xF7961000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7711000 MountMgr.sys
0xF7662000 ftdisk.sys
0xF7BE5000 dmload.sys
0xF763C000 dmio.sys
0xF7969000 PartMgr.sys
0xF7721000 VolSnap.sys
0xF7624000 atapi.sys
0xF7971000 iteraid.sys
0xF760C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7731000 disk.sys
0xF7741000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75EC000 fltMgr.sys
0xF75DA000 sr.sys
0xF757D000 mfehidk.sys
0xF7566000 KSecDD.sys
0xF74D9000 Ntfs.sys
0xF74AC000 NDIS.sys
0xF7751000 Combo-Fix.sys
0xF7484000 snapman.sys
0xF746A000 Mup.sys
0xF7831000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70A8000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF7094000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF706F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7050000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF702C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79F9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7841000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7851000 \SystemRoot\system32\DRIVERS\serial.sys
0xF73C2000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7018000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7861000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A09000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A11000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7871000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A21000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7881000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7891000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FF5000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A29000 \SystemRoot\System32\Drivers\Asapi.SYS
0xF78A1000 \SystemRoot\system32\drivers\InCDPass.sys
0xF78B1000 \SystemRoot\system32\drivers\InCDRm.sys
0xF7DB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6FE1000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF78C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF73B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6FCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78E1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A39000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F19000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78F1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6EF5000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6E82000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7A51000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A59000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6E2A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7901000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DD1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7362000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7921000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE788000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE764000 \SystemRoot\system32\drivers\portcls.sys
0xF7951000 \SystemRoot\system32\drivers\drmk.sys
0xF7791000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A71000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7BFB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D07000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A81000 \SystemRoot\System32\drivers\vga.sys
0xF7BFF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF6E7E000 \SystemRoot\system32\drivers\InCDRec.sys
0xEE65D000 \SystemRoot\system32\drivers\InCDFs.sys
0xF7A89000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A91000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6E7A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE622000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE5C9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE5B6000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEE590000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE568000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE546000 \SystemRoot\System32\drivers\afd.sys
0xF77B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE51B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE4AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77C1000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6DAD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77D1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7AB1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEE45F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF77E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77F1000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEE447000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C21000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE754000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AB9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E25000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEC133000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBDD2000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBF4F000 \SystemRoot\system32\drivers\sysaudio.sys
0xEBAD5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7C8F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEBA33000 \SystemRoot\system32\DRIVERS\srv.sys
0xEBE6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEB836000 \??\M:\CyberLink\PowerDVD\000.fcl
0xEB4FD000 \SystemRoot\System32\Drivers\HTTP.sys
0xEB25A000 \SystemRoot\system32\drivers\cfwids.sys
0xEB0D5000 \SystemRoot\system32\drivers\mfeapfk.sys
0xEE72C000 \SystemRoot\system32\drivers\mfebopk.sys
0xF7A49000 \??\C:\ComboFix\catchme.sys
0xF7C29000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
924 C:\WINDOWS\system32\smss.exe
1336 csrss.exe
1368 C:\WINDOWS\system32\winlogon.exe
1412 C:\WINDOWS\system32\services.exe
1424 C:\WINDOWS\system32\lsass.exe
1592 C:\WINDOWS\system32\ati2evxx.exe
1624 C:\WINDOWS\system32\svchost.exe
1732 svchost.exe
1856 C:\Program Files\Windows Defender\MsMpEng.exe
1896 C:\WINDOWS\system32\svchost.exe
2008 svchost.exe
520 svchost.exe
736 C:\WINDOWS\system32\ati2evxx.exe
888 C:\WINDOWS\system32\spoolsv.exe
2032 M:\APC\APC PowerChute Personal Edition\mainserv.exe
540 C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
724 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1176 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1672 C:\WINDOWS\system32\mfevtps.exe
1780 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2056 C:\WINDOWS\system32\snmp.exe
2140 C:\WINDOWS\system32\svchost.exe
2284 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2456 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3240 C:\Program Files\McAfee.com\Agent\mcagent.exe
3264 C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
4092 alg.exe
464 C:\WINDOWS\system32\wscntfy.exe
2944 M:\APC\APC PowerChute Personal Edition\apcsystray.exe
3864 C:\WINDOWS\system32\svchost.exe
3664 C:\WINDOWS\system32\ctfmon.exe
3512 C:\WINDOWS\explorer.exe
3396 M:\Total CMA Pack\TOTALCMD.EXE
2804 C:\Program Files\Mozilla Firefox\firefox.exe
1324 C:\Users\W5\Desktop\MBRCheck.exe
1656 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (FAT32)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000002`70997200 (FAT32)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x0000000d`6cc24200 (FAT32)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000024`7dffdc00 (FAT32)
\\.\J: --> \\.\PhysicalDrive3 at offset 0x0000001d`38763400 (FAT32)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x000000e8`e0b00000 (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x0000000e`32d00000 (NTFS)
\\.\N: --> \\.\PhysicalDrive0 at offset 0x00000040`33300000 (NTFS)
\\.\O: --> \\.\PhysicalDrive0 at offset 0x00000094`73600000 (FAT32)
PhysicalDrive0 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80
PhysicalDrive3 Model Number: Maxtor6L250R0, Rev: BAH41G10
PhysicalDrive1 Model Number: Maxtor6Y200M0, Rev: YAR51HW0
PhysicalDrive2 Model Number: WDCWD20EARS-00MVWB0, Rev: 51.0AB51
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035
233 GB \\.\PhysicalDrive3 Unknown MBR code
SHA1: 2B97AC1E4CC0001F5E628D06B3A72CB8C9A67E75
189 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6
1863 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
EvelineGirl 8 June 2011, 14:13 Je hebt wel enorm veel schijven. :)
Toch lijkt me deze wel OK maar moet ik even wat dieper voor gaan zoeken.
Waar gebruik je deze 2 schijven voor? 931GB en 233GB?
Eerst ook maar even door naar de volgende computer?
dogegg 8 June 2011, 14:30 De 931 GB schijf is mijn opstart schijf en heeft de volgende partities:
- Windows XP (alleen systeem): 20 GB NTFS
- Linux (Ubuntu): 38 GB
- Swap partitie voor Linux: 1 MB
- Programma's: 200 GB NTFS
- Data-1: 337 GB NTFS
- Data-2: 337 GB FAT32
De 233 GB schijf bevat alleen data en heeft de volgende partities:
- Data-1: 117 GB FAT32
- Data-2: 117 GB FAT32
Op twee van de volgende computers draait op dit moment Malwarebytes, zodra die klaar zijn kan ik Tdsskiller en aswmbr uitvoeren.
De laatste twee computers die ik heb, behoeven niet gecontroleerd te worden; de ene is al een paar maanden niet gebruikt wegens een defecte harde schijf en de andere heeft geen aansluiting op internet of netwerk.
EvelineGirl 8 June 2011, 14:34 De 931 GB schijf is mijn opstart schijf en heeft de volgende partities:
- Windows XP (alleen systeem): 20 GB NTFS
- Linux (Ubuntu): 38 GB
- Swap partitie voor Linux: 1 MB
- Programma's: 200 GB NTFS
- Data-1: 337 GB NTFS
- Data-2: 337 GB FAT32
De 233 GB schijf bevat alleen data en heeft de volgende partities:
- Data-1: 117 GB FAT32
- Data-2: 117 GB FAT32
.
Dit verklaard de Unknown MBR. :)
Ik wacht de logjes af.
dogegg 8 June 2011, 16:42 De Unknown MBR voor de schijf van 931 GB snap ik vanwege Linux, maar de Unknown MBR voor de andere schijf is me niet helemaal duidelijk.
Hier volgen de logs voor computer 3 (laptop met Windows Vista, nog geen Combofix uitgevoerd:
Tdsskiller:
2011/06/08 15:51:02.0803 3884 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 15:51:03.0973 3884 ================================================== ==============================
2011/06/08 15:51:03.0973 3884 SystemInfo:
2011/06/08 15:51:03.0973 3884
2011/06/08 15:51:03.0973 3884 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/08 15:51:03.0973 3884 Product type: Workstation
2011/06/08 15:51:03.0973 3884 ComputerName: PC_VAN_BEHEER
2011/06/08 15:51:03.0973 3884 UserName: Gerben
2011/06/08 15:51:03.0973 3884 Windows directory: C:\Windows
2011/06/08 15:51:03.0973 3884 System windows directory: C:\Windows
2011/06/08 15:51:03.0973 3884 Processor architecture: Intel x86
2011/06/08 15:51:03.0973 3884 Number of processors: 2
2011/06/08 15:51:03.0973 3884 Page size: 0x1000
2011/06/08 15:51:03.0973 3884 Boot type: Normal boot
2011/06/08 15:51:03.0973 3884 ================================================== ==============================
2011/06/08 15:51:04.0582 3884 Initialize success
2011/06/08 15:52:02.0224 0968 ================================================== ==============================
2011/06/08 15:52:02.0224 0968 Scan started
2011/06/08 15:52:02.0224 0968 Mode: Manual;
2011/06/08 15:52:02.0224 0968 ================================================== ==============================
2011/06/08 15:52:02.0848 0968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/08 15:52:03.0269 0968 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
2011/06/08 15:52:03.0456 0968 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/08 15:52:03.0628 0968 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/08 15:52:03.0893 0968 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/08 15:52:03.0971 0968 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/08 15:52:04.0127 0968 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/08 15:52:04.0377 0968 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/08 15:52:04.0751 0968 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/08 15:52:04.0813 0968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/08 15:52:05.0032 0968 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/08 15:52:05.0250 0968 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/08 15:52:05.0562 0968 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/08 15:52:05.0765 0968 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/08 15:52:06.0030 0968 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/08 15:52:06.0124 0968 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/08 15:52:06.0327 0968 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/08 15:52:06.0514 0968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/08 15:52:06.0576 0968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/08 15:52:06.0779 0968 atikmdag (fe47d549367005b045580ce61ff5924d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/08 15:52:07.0138 0968 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/08 15:52:07.0387 0968 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2011/06/08 15:52:07.0512 0968 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2011/06/08 15:52:07.0575 0968 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\Windows\system32\Drivers\avgrkx86.sys
2011/06/08 15:52:07.0637 0968 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2011/06/08 15:52:07.0871 0968 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/08 15:52:08.0089 0968 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/06/08 15:52:08.0183 0968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/08 15:52:08.0355 0968 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/08 15:52:08.0433 0968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/08 15:52:08.0573 0968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/08 15:52:08.0667 0968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/08 15:52:08.0807 0968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/08 15:52:08.0901 0968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/08 15:52:08.0947 0968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/08 15:52:09.0119 0968 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/08 15:52:09.0213 0968 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/08 15:52:09.0353 0968 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/08 15:52:09.0509 0968 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/08 15:52:09.0681 0968 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/08 15:52:09.0837 0968 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/06/08 15:52:09.0977 0968 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/06/08 15:52:10.0055 0968 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/08 15:52:10.0195 0968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/08 15:52:10.0258 0968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/08 15:52:10.0445 0968 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/08 15:52:10.0585 0968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/08 15:52:10.0773 0968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/08 15:52:10.0960 0968 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/08 15:52:11.0194 0968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/08 15:52:11.0334 0968 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/08 15:52:11.0412 0968 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/08 15:52:11.0553 0968 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\Windows\system32\DRIVERS\DAMDrv.sys
2011/06/08 15:52:11.0771 0968 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/08 15:52:11.0943 0968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/08 15:52:12.0021 0968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/08 15:52:12.0223 0968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/08 15:52:12.0379 0968 e1express (476d9f2f0789cde89acee2a2fb21ec5a) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/08 15:52:12.0457 0968 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/08 15:52:12.0629 0968 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/06/08 15:52:12.0769 0968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/08 15:52:12.0894 0968 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/08 15:52:13.0003 0968 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
2011/06/08 15:52:13.0144 0968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/08 15:52:13.0253 0968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/08 15:52:13.0378 0968 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/08 15:52:13.0456 0968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/08 15:52:13.0612 0968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/08 15:52:13.0674 0968 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/08 15:52:13.0737 0968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/08 15:52:13.0861 0968 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/08 15:52:13.0986 0968 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/08 15:52:14.0111 0968 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/08 15:52:14.0251 0968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/08 15:52:14.0392 0968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/08 15:52:14.0563 0968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/08 15:52:14.0610 0968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/08 15:52:14.0657 0968 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/08 15:52:14.0844 0968 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/08 15:52:14.0922 0968 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/08 15:52:14.0985 0968 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/08 15:52:15.0187 0968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/08 15:52:15.0265 0968 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/08 15:52:15.0390 0968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/08 15:52:15.0531 0968 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/06/08 15:52:15.0655 0968 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/08 15:52:15.0749 0968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/08 15:52:15.0905 0968 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/08 15:52:15.0999 0968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/08 15:52:16.0248 0968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/08 15:52:16.0451 0968 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/08 15:52:16.0545 0968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/08 15:52:16.0763 0968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/08 15:52:17.0013 0968 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/08 15:52:17.0215 0968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/08 15:52:17.0325 0968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/08 15:52:17.0512 0968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/08 15:52:17.0590 0968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/08 15:52:17.0793 0968 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/08 15:52:17.0917 0968 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/08 15:52:18.0214 0968 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/08 15:52:18.0432 0968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/08 15:52:18.0791 0968 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/08 15:52:18.0838 0968 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/08 15:52:18.0900 0968 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/08 15:52:18.0947 0968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/08 15:52:19.0134 0968 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/08 15:52:19.0384 0968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/08 15:52:19.0462 0968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/08 15:52:19.0680 0968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/08 15:52:19.0899 0968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/08 15:52:20.0101 0968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/08 15:52:20.0179 0968 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/08 15:52:20.0569 0968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/08 15:52:20.0913 0968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/08 15:52:21.0334 0968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/08 15:52:21.0630 0968 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/08 15:52:22.0020 0968 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/08 15:52:22.0395 0968 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/08 15:52:22.0769 0968 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/08 15:52:22.0956 0968 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/08 15:52:23.0253 0968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/08 15:52:23.0393 0968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/08 15:52:23.0814 0968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/08 15:52:24.0048 0968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/08 15:52:24.0313 0968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/08 15:52:24.0407 0968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/08 15:52:24.0781 0968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/08 15:52:25.0015 0968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/08 15:52:25.0405 0968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/08 15:52:25.0639 0968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/08 15:52:26.0061 0968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/08 15:52:26.0279 0968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/08 15:52:26.0575 0968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/08 15:52:26.0825 0968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/08 15:52:27.0231 0968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/08 15:52:27.0496 0968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/08 15:52:27.0621 0968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/08 15:52:28.0182 0968 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/08 15:52:28.0557 0968 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/08 15:52:28.0931 0968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/08 15:52:29.0040 0968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/08 15:52:29.0212 0968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/08 15:52:29.0383 0968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/08 15:52:29.0524 0968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/08 15:52:29.0633 0968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/08 15:52:29.0805 0968 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/08 15:52:29.0945 0968 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/08 15:52:30.0132 0968 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/08 15:52:30.0460 0968 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/08 15:52:30.0616 0968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/08 15:52:30.0725 0968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/08 15:52:31.0006 0968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/08 15:52:31.0209 0968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/08 15:52:31.0302 0968 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/08 15:52:31.0427 0968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/08 15:52:31.0630 0968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/08 15:52:31.0895 0968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/08 15:52:32.0035 0968 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/08 15:52:32.0129 0968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/08 15:52:32.0347 0968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/08 15:52:32.0488 0968 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/08 15:52:32.0753 0968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/08 15:52:32.0878 0968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/08 15:52:33.0174 0968 R300 (fe47d549367005b045580ce61ff5924d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/08 15:52:33.0299 0968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/08 15:52:33.0471 0968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/08 15:52:33.0580 0968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/08 15:52:33.0658 0968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/08 15:52:33.0814 0968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/08 15:52:33.0985 0968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/08 15:52:34.0173 0968 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/08 15:52:34.0297 0968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/08 15:52:34.0531 0968 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/08 15:52:34.0859 0968 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/08 15:52:35.0124 0968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/08 15:52:35.0421 0968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/08 15:52:35.0545 0968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/08 15:52:35.0951 0968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/08 15:52:36.0201 0968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/08 15:52:36.0279 0968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/08 15:52:36.0591 0968 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2011/06/08 15:52:36.0934 0968 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/08 15:52:37.0121 0968 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/08 15:52:37.0308 0968 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/08 15:52:37.0464 0968 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/06/08 15:52:37.0729 0968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/08 15:52:38.0057 0968 sfsync04 (755c933969a81d119106097aa466715d) C:\Windows\system32\drivers\sfsync04.sys
2011/06/08 15:52:38.0260 0968 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
2011/06/08 15:52:38.0385 0968 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/08 15:52:38.0509 0968 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/08 15:52:38.0697 0968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/08 15:52:38.0899 0968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/08 15:52:39.0196 0968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/08 15:52:39.0399 0968 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/08 15:52:39.0492 0968 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/08 15:52:39.0664 0968 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/08 15:52:40.0085 0968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/08 15:52:40.0288 0968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/08 15:52:40.0413 0968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/08 15:52:40.0584 0968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/08 15:52:40.0709 0968 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/08 15:52:40.0912 0968 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
2011/06/08 15:52:41.0021 0968 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/08 15:52:41.0286 0968 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/08 15:52:41.0567 0968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/08 15:52:41.0770 0968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/08 15:52:41.0848 0968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/08 15:52:41.0988 0968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/08 15:52:42.0097 0968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/08 15:52:42.0207 0968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/08 15:52:42.0378 0968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/08 15:52:42.0472 0968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/08 15:52:42.0581 0968 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/08 15:52:42.0799 0968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/08 15:52:42.0987 0968 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/08 15:52:43.0158 0968 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/08 15:52:43.0267 0968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/08 15:52:43.0314 0968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/08 15:52:43.0517 0968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/08 15:52:43.0595 0968 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/08 15:52:43.0767 0968 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/06/08 15:52:44.0219 0968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/08 15:52:44.0656 0968 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/08 15:52:45.0124 0968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/08 15:52:45.0451 0968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/08 15:52:45.0685 0968 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/08 15:52:45.0904 0968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/08 15:52:46.0075 0968 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/08 15:52:46.0450 0968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/08 15:52:46.0715 0968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/08 15:52:46.0809 0968 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/08 15:52:46.0933 0968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/08 15:52:47.0011 0968 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/08 15:52:47.0183 0968 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/08 15:52:47.0339 0968 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/08 15:52:47.0417 0968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/08 15:52:47.0526 0968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/08 15:52:47.0635 0968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/08 15:52:47.0823 0968 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/08 15:52:48.0041 0968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/08 15:52:48.0306 0968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:52:48.0400 0968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:52:48.0540 0968 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/08 15:52:48.0946 0968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/08 15:52:49.0367 0968 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/08 15:52:49.0726 0968 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/08 15:52:50.0272 0968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/08 15:52:50.0521 0968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/08 15:52:50.0771 0968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/08 15:52:51.0021 0968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/08 15:52:51.0130 0968 MBR (0x1B8) (d7698f541c627d08a3416a1fddee4763) \Device\Harddisk0\DR0
2011/06/08 15:52:51.0707 0968 ================================================== ==============================
2011/06/08 15:52:51.0707 0968 Scan finished
2011/06/08 15:52:51.0707 0968 ================================================== ==============================
2011/06/08 15:52:51.0723 3220 Detected object count: 0
2011/06/08 15:52:51.0723 3220 Actual detected object count: 0
Aswmbr:
Deze geeft na het opstarten de melding: Initialize error 0. Scannen is vervolgens niet mogelijk.
EvelineGirl 8 June 2011, 16:50 Die 2e is simpel, omdat er alleen Data op staat en geen besturingssysteem, dus geen MBR.
Voor Vista geld wel dat je aswMBR als Administrator moet starten -> rechtsklik -> uitvoeren als Administrator.:)
dogegg 8 June 2011, 16:55 En nog de logs van computer 4 (Windows XP, nog geen combofix gedraaid).
Tdsskiller:
2011/06/08 16:33:07.0441 3556 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 16:33:09.0444 3556 ================================================== ==============================
2011/06/08 16:33:09.0444 3556 SystemInfo:
2011/06/08 16:33:09.0444 3556
2011/06/08 16:33:09.0444 3556 OS Version: 5.1.2600 ServicePack: 1.0
2011/06/08 16:33:09.0444 3556 Product type: Workstation
2011/06/08 16:33:09.0444 3556 ComputerName: W3-KZGX4W7JWCTU
2011/06/08 16:33:09.0444 3556 UserName: W3
2011/06/08 16:33:09.0444 3556 Windows directory: K:\WINDOWS
2011/06/08 16:33:09.0444 3556 System windows directory: K:\WINDOWS
2011/06/08 16:33:09.0444 3556 Processor architecture: Intel x86
2011/06/08 16:33:09.0444 3556 Number of processors: 1
2011/06/08 16:33:09.0444 3556 Page size: 0x1000
2011/06/08 16:33:09.0444 3556 Boot type: Normal boot
2011/06/08 16:33:09.0444 3556 ================================================== ==============================
2011/06/08 16:33:11.0016 3556 Initialize success
2011/06/08 16:36:33.0788 2852 ================================================== ==============================
2011/06/08 16:36:33.0788 2852 Scan started
2011/06/08 16:36:33.0788 2852 Mode: Manual;
2011/06/08 16:36:33.0788 2852 ================================================== ==============================
2011/06/08 16:36:34.0388 2852 ACPI (db9d06fed418ed73cd5b879dd2cbdb16) K:\WINDOWS\System32\DRIVERS\ACPI.sys
2011/06/08 16:36:34.0499 2852 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) K:\WINDOWS\System32\drivers\ACPIEC.sys
2011/06/08 16:36:34.0759 2852 aec (ff773feda15e8bd97fd54fe87a0acdbe) K:\WINDOWS\System32\drivers\aec.sys
2011/06/08 16:36:34.0949 2852 AFD (51b1872b62d1c335bac53313913c8d5b) K:\WINDOWS\System32\drivers\afd.sys
2011/06/08 16:36:35.0119 2852 agp440 (65880045c51aa36184841cee915a61df) K:\WINDOWS\System32\DRIVERS\agp440.sys
2011/06/08 16:36:36.0151 2852 Aspi32 (54ab078660e536da72b21a27f56b035b) K:\WINDOWS\System32\drivers\aspi32.sys
2011/06/08 16:36:36.0301 2852 AsyncMac (03f403b07a884fc2aa54a0916c410931) K:\WINDOWS\System32\DRIVERS\asyncmac.sys
2011/06/08 16:36:36.0451 2852 atapi (95b858761a00e1d4f81f79a0da019aca) K:\WINDOWS\System32\DRIVERS\atapi.sys
2011/06/08 16:36:36.0672 2852 ati2mtag (c5224c32626e551e705750d23f9a3d76) K:\WINDOWS\System32\DRIVERS\ati2mtag.sys
2011/06/08 16:36:36.0822 2852 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) K:\WINDOWS\System32\DRIVERS\atmarpc.sys
2011/06/08 16:36:36.0982 2852 audstub (d9f724aa26c010a217c97606b160ed68) K:\WINDOWS\System32\DRIVERS\audstub.sys
2011/06/08 16:36:37.0132 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) K:\WINDOWS\System32\drivers\Beep.sys
2011/06/08 16:36:37.0273 2852 Bridge (dba7442096f025a0490ec348f82acdbe) K:\WINDOWS\System32\DRIVERS\bridge.sys
2011/06/08 16:36:37.0363 2852 BridgeMP (dba7442096f025a0490ec348f82acdbe) K:\WINDOWS\System32\DRIVERS\bridge.sys
2011/06/08 16:36:37.0503 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) K:\WINDOWS\System32\drivers\cbidf2k.sys
2011/06/08 16:36:37.0723 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) K:\WINDOWS\System32\drivers\Cdaudio.sys
2011/06/08 16:36:37.0843 2852 Cdfs (049a38451f2611caf2fd528e023a0b5a) K:\WINDOWS\System32\drivers\Cdfs.sys
2011/06/08 16:36:37.0994 2852 Cdrom (6506e033ad04cfec9ee56dbefd1083dd) K:\WINDOWS\System32\DRIVERS\cdrom.sys
2011/06/08 16:36:38.0124 2852 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) K:\WINDOWS\System32\drivers\cfwids.sys
2011/06/08 16:36:39.0065 2852 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) K:\WINDOWS\System32\DRIVERS\ctljystk.sys
2011/06/08 16:36:39.0446 2852 Disk (d1b16340ceaceecbf52340a0cbdf43e1) K:\WINDOWS\System32\DRIVERS\disk.sys
2011/06/08 16:36:39.0656 2852 dmboot (b6a8be706e409ef1f49dc065b208975e) K:\WINDOWS\System32\drivers\dmboot.sys
2011/06/08 16:36:39.0856 2852 dmio (fc7ceaee848b0a4a0d17a65b7a3556e5) K:\WINDOWS\System32\drivers\dmio.sys
2011/06/08 16:36:39.0996 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) K:\WINDOWS\System32\drivers\dmload.sys
2011/06/08 16:36:40.0167 2852 DMusic (ef05974d47d56fa8387f170f05bae5e7) K:\WINDOWS\System32\drivers\DMusic.sys
2011/06/08 16:36:40.0427 2852 drmkaud (fd859e517fa2abb53654afa7ec9e3a94) K:\WINDOWS\System32\drivers\drmkaud.sys
2011/06/08 16:36:40.0537 2852 EIO (e41f6ac72e597e5f87b4a9ab0d8ab8bc) K:\WINDOWS\system32\drivers\EIO.sys
2011/06/08 16:36:40.0988 2852 EL90XBC (6e883bf518296a40959131c2304af714) K:\WINDOWS\System32\DRIVERS\el90xbc5.sys
2011/06/08 16:36:41.0158 2852 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) K:\WINDOWS\System32\drivers\emu10k1m.sys
2011/06/08 16:36:41.0298 2852 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) K:\WINDOWS\System32\drivers\ctlfacem.sys
2011/06/08 16:36:41.0449 2852 Fastfat (e4a3a8f3e60b542a747b10e86faa5dad) K:\WINDOWS\System32\drivers\Fastfat.sys
2011/06/08 16:36:41.0609 2852 Fdc (19c5c7eac0190a42522290bf002f64ea) K:\WINDOWS\System32\DRIVERS\fdc.sys
2011/06/08 16:36:41.0749 2852 Fips (dac8cab287a959c2f717d3748177374b) K:\WINDOWS\System32\drivers\Fips.sys
2011/06/08 16:36:41.0909 2852 Flpydisk (8f70d1f7606f7442e2f7383f3701d728) K:\WINDOWS\System32\DRIVERS\flpydisk.sys
2011/06/08 16:36:42.0069 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) K:\WINDOWS\System32\drivers\Fs_Rec.sys
2011/06/08 16:36:42.0180 2852 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) K:\WINDOWS\System32\DRIVERS\ftdisk.sys
2011/06/08 16:36:42.0300 2852 gameenum (6d18cad8a05d88e672b61db855a08289) K:\WINDOWS\System32\DRIVERS\gameenum.sys
2011/06/08 16:36:42.0420 2852 GearAspiWDM (d9d93a84da53e0bd515a62b3c4aeea78) K:\WINDOWS\System32\drivers\GearAspiWDM.sys
2011/06/08 16:36:42.0580 2852 Gpc (13591e0a02e85de2a388f3ec4bd206df) K:\WINDOWS\System32\DRIVERS\msgpc.sys
2011/06/08 16:36:43.0001 2852 i8042prt (22da5faf555eee1d51e0609c6e3400c1) K:\WINDOWS\System32\DRIVERS\i8042prt.sys
2011/06/08 16:36:43.0141 2852 Imapi (3cb4410747f2330d97b10b656d5bb2ac) K:\WINDOWS\System32\DRIVERS\imapi.sys
2011/06/08 16:36:43.0441 2852 IntelIde (c58a4252a365161254bedef0d8d900f8) K:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/08 16:36:43.0592 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) K:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
2011/06/08 16:36:43.0702 2852 IpInIp (f56dd863ba732a4e8ee58d486c31250f) K:\WINDOWS\System32\DRIVERS\ipinip.sys
2011/06/08 16:36:43.0852 2852 IpNat (fc672ad6e9676814a0c844912f2abcff) K:\WINDOWS\System32\DRIVERS\ipnat.sys
2011/06/08 16:36:43.0972 2852 IPSec (1c4802409cfd4a7051f458b744cfcaa5) K:\WINDOWS\System32\DRIVERS\ipsec.sys
2011/06/08 16:36:44.0122 2852 IRENUM (b43201394646b7e98c89056edda686b5) K:\WINDOWS\System32\DRIVERS\irenum.sys
2011/06/08 16:36:44.0293 2852 isapnp (fd298ad13acb19fc43b627aca0806231) K:\WINDOWS\System32\DRIVERS\isapnp.sys
2011/06/08 16:36:44.0463 2852 Kbdclass (f1a07c34b2266acf2801332d34deefdd) K:\WINDOWS\System32\DRIVERS\kbdclass.sys
2011/06/08 16:36:44.0633 2852 kmixer (10e0feb086d8c1419b958c9034e4668a) K:\WINDOWS\System32\drivers\kmixer.sys
2011/06/08 16:36:44.0783 2852 KSecDD (abc70e8b89cce44731a346deb764bf95) K:\WINDOWS\System32\drivers\KSecDD.sys
2011/06/08 16:36:45.0124 2852 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) K:\WINDOWS\System32\drivers\mbamswissarmy.sys
2011/06/08 16:36:45.0524 2852 mfeapfk (113445fc6a858ef453cded5b0a0df665) K:\WINDOWS\System32\drivers\mfeapfk.sys
2011/06/08 16:36:45.0725 2852 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) K:\WINDOWS\System32\drivers\mfeavfk.sys
2011/06/08 16:36:46.0025 2852 mfebopk (a528b15e330edb83ea649be318d841d5) K:\WINDOWS\System32\drivers\mfebopk.sys
2011/06/08 16:36:46.0546 2852 mfefirek (c7da1b8003c89acedaa13768f7a1c622) K:\WINDOWS\System32\drivers\mfefirek.sys
2011/06/08 16:36:47.0197 2852 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) K:\WINDOWS\System32\drivers\mfehidk.sys
2011/06/08 16:36:47.0427 2852 mfendisk (b1728195877b18ce63cf0cd00b2871eb) K:\WINDOWS\System32\DRIVERS\mfendisk.sys
2011/06/08 16:36:47.0497 2852 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) K:\WINDOWS\System32\DRIVERS\mfendisk.sys
2011/06/08 16:36:47.0597 2852 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) K:\WINDOWS\System32\drivers\mferkdet.sys
2011/06/08 16:36:47.0728 2852 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) K:\WINDOWS\System32\drivers\mferkdk.sys
2011/06/08 16:36:47.0858 2852 mfesmfk (096b52ea918aa909ba5903d79e129005) K:\WINDOWS\System32\drivers\mfesmfk.sys
2011/06/08 16:36:47.0998 2852 mfetdi2k (25e12c68b49a64ffc873603dfd578236) K:\WINDOWS\System32\drivers\mfetdi2k.sys
2011/06/08 16:36:48.0148 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) K:\WINDOWS\System32\drivers\mnmdd.sys
2011/06/08 16:36:48.0288 2852 Modem (436c5c42b0edebee7110513577c04097) K:\WINDOWS\System32\drivers\Modem.sys
2011/06/08 16:36:48.0429 2852 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) K:\WINDOWS\System32\drivers\MODEMCSA.sys
2011/06/08 16:36:48.0809 2852 Mouclass (4cb839b6e2ae35ad78ad24843258a606) K:\WINDOWS\System32\DRIVERS\mouclass.sys
2011/06/08 16:36:48.0939 2852 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) K:\WINDOWS\System32\drivers\MountMgr.sys
2011/06/08 16:36:49.0220 2852 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) K:\WINDOWS\System32\DRIVERS\mrxdav.sys
2011/06/08 16:36:49.0400 2852 MRxSmb (7a3a2be44e12e2abde1af891e83ac130) K:\WINDOWS\System32\DRIVERS\mrxsmb.sys
2011/06/08 16:36:49.0590 2852 Msfs (a1831538e119363d0d90d757ac8a2012) K:\WINDOWS\System32\drivers\Msfs.sys
2011/06/08 16:36:49.0740 2852 MSKSSRV (85736f804191cb420a31aca2a7f0674f) K:\WINDOWS\System32\drivers\MSKSSRV.sys
2011/06/08 16:36:49.0891 2852 MSPCLOCK (e943adb93d83c5cbc0ca3f53f53b48cc) K:\WINDOWS\System32\drivers\MSPCLOCK.sys
2011/06/08 16:36:50.0031 2852 MSPQM (f6a726b8832db1f88326b8be98b11981) K:\WINDOWS\System32\drivers\MSPQM.sys
2011/06/08 16:36:50.0241 2852 Mup (08c56887f06473b09fc1b39e7dec0fb6) K:\WINDOWS\System32\drivers\Mup.sys
2011/06/08 16:36:50.0442 2852 NDIS (3b350e5a2a5e951453f3993275a4523a) K:\WINDOWS\System32\drivers\NDIS.sys
2011/06/08 16:36:50.0572 2852 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) K:\WINDOWS\System32\DRIVERS\ndistapi.sys
2011/06/08 16:36:50.0732 2852 Ndisuio (e6b6d5e4c9c199b7bb56d7862ea68fbc) K:\WINDOWS\System32\DRIVERS\ndisuio.sys
2011/06/08 16:36:50.0862 2852 NdisWan (15787deca8c5428beeaa8044f544fd85) K:\WINDOWS\System32\DRIVERS\ndiswan.sys
2011/06/08 16:36:51.0022 2852 NDProxy (59fc3fb44d2669bc144fd87826bb571f) K:\WINDOWS\System32\drivers\NDProxy.sys
2011/06/08 16:36:51.0173 2852 NetBIOS (e351339fa17c4a70940e15b5e3dae6e2) K:\WINDOWS\System32\DRIVERS\netbios.sys
2011/06/08 16:36:51.0293 2852 NetBT (d96f3bc5a6e7452b0e3275b560dc8528) K:\WINDOWS\System32\DRIVERS\netbt.sys
2011/06/08 16:36:51.0503 2852 NIC2000 (cb5f8ca8caf77cc538271a0e98945cbf) K:\WINDOWS\System32\DRIVERS\NIC2000.sys
2011/06/08 16:36:51.0964 2852 Npfs (20aba9f035e3a98877480e34fcc4dcb3) K:\WINDOWS\System32\drivers\Npfs.sys
2011/06/08 16:36:52.0154 2852 Ntfs (e3ae9c79498210a5f39fe5a9ad62bc55) K:\WINDOWS\System32\drivers\Ntfs.sys
2011/06/08 16:36:52.0364 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) K:\WINDOWS\System32\drivers\Null.sys
2011/06/08 16:36:52.0504 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) K:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
2011/06/08 16:36:52.0645 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) K:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
2011/06/08 16:36:52.0815 2852 P3 (1068e44105191b31688aead4f842454f) K:\WINDOWS\System32\DRIVERS\p3.sys
2011/06/08 16:36:52.0935 2852 Parport (432f3a614a0e9e2e06d8556e4dce5b04) K:\WINDOWS\System32\DRIVERS\parport.sys
2011/06/08 16:36:53.0115 2852 PartMgr (3334430c29dc338092f79c38ef7b4cd0) K:\WINDOWS\System32\drivers\PartMgr.sys
2011/06/08 16:36:53.0256 2852 ParVdm (1eade28746a64c21e0a808bb12a63326) K:\WINDOWS\System32\drivers\ParVdm.sys
2011/06/08 16:36:53.0376 2852 PCDCODEC (e74208a4dc1bff9c02a1d2abe7f4d2d3) K:\WINDOWS\System32\DRIVERS\atinpdxx.sys
2011/06/08 16:36:53.0506 2852 PCI (41414453d66e17ce077a70c9540bb7e0) K:\WINDOWS\System32\DRIVERS\pci.sys
2011/06/08 16:36:53.0806 2852 PCLinkBridge (3401d8cd88435535b3616644d417647b) K:\WINDOWS\System32\DRIVERS\pro2000.sys
2011/06/08 16:36:53.0947 2852 Pcmcia (52293c96f9e97bc9db35dfa5f5e742d9) K:\WINDOWS\System32\drivers\Pcmcia.sys
2011/06/08 16:36:55.0118 2852 PptpMiniport (fed674d73eb56c35444f701e847bf85b) K:\WINDOWS\System32\DRIVERS\raspptp.sys
2011/06/08 16:36:55.0268 2852 PQIMount (19b9004d21704dee27d19b03b3ab15c0) K:\WINDOWS\System32\drivers\PQIMount.sys
2011/06/08 16:36:55.0419 2852 PQNTDrv (4228630829c0e521c43d882a00533374) K:\WINDOWS\System32\drivers\PQNTDrv.sys
2011/06/08 16:36:55.0539 2852 PQV2i (abf46ec4e7708889ff13cae8c136a1a4) K:\WINDOWS\System32\drivers\PQV2i.sys
2011/06/08 16:36:55.0709 2852 PSched (944440247fe6988c88b376ed85a0cd1a) K:\WINDOWS\System32\DRIVERS\psched.sys
2011/06/08 16:36:55.0849 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) K:\WINDOWS\System32\DRIVERS\ptilink.sys
2011/06/08 16:36:55.0979 2852 PxHelp20 (81088114178112618b1c414a65e50f7c) K:\WINDOWS\System32\Drivers\PxHelp20.sys
2011/06/08 16:36:56.0680 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) K:\WINDOWS\System32\DRIVERS\rasacd.sys
2011/06/08 16:36:56.0831 2852 Rasl2tp (4c242c79a9c0d98d52d6f8cb9248d528) K:\WINDOWS\System32\DRIVERS\rasl2tp.sys
2011/06/08 16:36:57.0011 2852 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) K:\WINDOWS\System32\DRIVERS\raspppoe.sys
2011/06/08 16:36:57.0161 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) K:\WINDOWS\System32\DRIVERS\raspti.sys
2011/06/08 16:36:57.0301 2852 Rdbss (df80c149c96fcfbb8a3dc3d5dd950aa8) K:\WINDOWS\System32\DRIVERS\rdbss.sys
2011/06/08 16:36:57.0452 2852 RDPCDD (4912d5b403614ce99c28420f75353332) K:\WINDOWS\System32\DRIVERS\RDPCDD.sys
2011/06/08 16:36:57.0612 2852 rdpdr (5208d077065ea8775e319f9834f94136) K:\WINDOWS\System32\DRIVERS\rdpdr.sys
2011/06/08 16:36:57.0772 2852 RDPWD (0606700377b6fb8b04475e92507adade) K:\WINDOWS\System32\drivers\RDPWD.sys
2011/06/08 16:36:57.0932 2852 redbook (aa3edbdc9827b913f21e4b7cbc014f78) K:\WINDOWS\System32\DRIVERS\redbook.sys
2011/06/08 16:36:58.0253 2852 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) K:\WINDOWS\System32\DRIVERS\secdrv.sys
2011/06/08 16:36:58.0433 2852 serenum (65a7c4d86c153c82e33a552c217abb29) K:\WINDOWS\System32\DRIVERS\serenum.sys
2011/06/08 16:36:58.0533 2852 Serial (12b53c0dc7b8dda3a47ed175ddd87b15) K:\WINDOWS\System32\DRIVERS\serial.sys
2011/06/08 16:36:58.0944 2852 Sfloppy (4e1b8866f3d208dee3906a191cb493e3) K:\WINDOWS\System32\drivers\Sfloppy.sys
2011/06/08 16:36:59.0084 2852 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) K:\WINDOWS\System32\drivers\sfmanm.sys
2011/06/08 16:36:59.0695 2852 splitter (32c54211e9e8a45cbcb097beaeb1999a) K:\WINDOWS\System32\drivers\splitter.sys
2011/06/08 16:36:59.0885 2852 sr (45b200f4a0b6beb071f23c7076ec3ee0) K:\WINDOWS\System32\DRIVERS\sr.sys
2011/06/08 16:37:00.0075 2852 Srv (94619eb663216f9bf12f9b950fcab3c0) K:\WINDOWS\System32\DRIVERS\srv.sys
2011/06/08 16:37:00.0266 2852 swenum (616a013d3ea068b6dee83d905e92ee9f) K:\WINDOWS\System32\DRIVERS\swenum.sys
2011/06/08 16:37:00.0386 2852 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) K:\WINDOWS\System32\drivers\swmidi.sys
2011/06/08 16:37:00.0866 2852 sysaudio (b0b19f036f76333ab3338c7493e87b12) K:\WINDOWS\System32\drivers\sysaudio.sys
2011/06/08 16:37:01.0097 2852 Tcpip (244a2f9816bc9b593957281ef577d976) K:\WINDOWS\System32\DRIVERS\tcpip.sys
2011/06/08 16:37:01.0287 2852 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) K:\WINDOWS\System32\drivers\TDPIPE.sys
2011/06/08 16:37:01.0447 2852 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) K:\WINDOWS\System32\drivers\TDTCP.sys
2011/06/08 16:37:01.0608 2852 TermDD (194c51bc28a7ce9818012142b062e431) K:\WINDOWS\System32\DRIVERS\termdd.sys
2011/06/08 16:37:01.0848 2852 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) K:\WINDOWS\System32\drivers\tiehdusb.sys
2011/06/08 16:37:02.0038 2852 tnt1tr6 (9a35651c13fb49eeb62aec4107a8e61c) K:\WINDOWS\System32\DRIVERS\tnt1tr6.sys
2011/06/08 16:37:02.0158 2852 tnt8208 (20281c59920f0c436bf8070d74e53f1b) K:\WINDOWS\System32\DRIVERS\tnt8208.sys
2011/06/08 16:37:02.0289 2852 tntcapi (080b961a88cbf7c927c500b6122c91ef) K:\WINDOWS\System32\DRIVERS\tntcapi.sys
2011/06/08 16:37:02.0409 2852 tntdss1 (b7e7adf87ccd4d9d38e04a65a6eeb156) K:\WINDOWS\System32\DRIVERS\tntdss1.sys
2011/06/08 16:37:02.0559 2852 tnthdlc (78fe20bb3b82c15d02392f4f182467cb) K:\WINDOWS\System32\DRIVERS\tnthdlc.sys
2011/06/08 16:37:02.0699 2852 tntkrn (f23ba3bebfaac475f8f82b3525f67fb6) K:\WINDOWS\System32\DRIVERS\tntkrn.sys
2011/06/08 16:37:02.0829 2852 tnts0cfg (2021a094ea719d88a67886667c51260d) K:\WINDOWS\System32\DRIVERS\tnts0cfg.sys
2011/06/08 16:37:03.0230 2852 tnts0usb (6230641298f265dedcfc820c1cca2fc9) K:\WINDOWS\System32\DRIVERS\tnts0usb.sys
2011/06/08 16:37:03.0460 2852 tntt30 (449f67a8f9b686a47e5a1507e3764cb0) K:\WINDOWS\System32\DRIVERS\tntt30.sys
2011/06/08 16:37:03.0761 2852 tntv110 (ebc49bd8810e1b433a6552dd922893df) K:\WINDOWS\System32\DRIVERS\tntv110.sys
2011/06/08 16:37:04.0452 2852 tntwan (c3be7640e02ffa75d0b5d4ec2fc94bed) K:\WINDOWS\System32\DRIVERS\tntwan.sys
2011/06/08 16:37:04.0842 2852 trm3x5 (abc610753d5b67813e98b37eeb10ccc8) K:\WINDOWS\System32\DRIVERS\trm3x5.sys
2011/06/08 16:37:05.0113 2852 Udfs (01ca8ec606522d2f60820b0c0086fdd5) K:\WINDOWS\System32\drivers\Udfs.sys
2011/06/08 16:37:05.0613 2852 Update (164cfae1d766905f56c432acfc54f28c) K:\WINDOWS\System32\DRIVERS\update.sys
2011/06/08 16:37:05.0824 2852 USB2000 (4d7bfb0f98206d3c3e36eaff52ce6711) K:\WINDOWS\System32\DRIVERS\USB2000.sys
2011/06/08 16:37:06.0034 2852 usbehci (cdaa3ef29eabae9ae825baf2b8e36735) K:\WINDOWS\System32\DRIVERS\usbehci.sys
2011/06/08 16:37:06.0334 2852 usbhub (d7bf70ac85e48b6c4df953401eccb75a) K:\WINDOWS\System32\DRIVERS\usbhub.sys
2011/06/08 16:37:06.0655 2852 USBSTOR (4923c60f9c381eae679db04021d26abb) K:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
2011/06/08 16:37:06.0955 2852 usbuhci (49ec068278d85bc1e20ac7f3d315e940) K:\WINDOWS\System32\DRIVERS\usbuhci.sys
2011/06/08 16:37:07.0216 2852 VgaSave (08d2edfd7261242b8aea27f1fe11e120) K:\WINDOWS\System32\drivers\vga.sys
2011/06/08 16:37:07.0476 2852 VolSnap (edb803a96ae88fcb69f3db45b493cf47) K:\WINDOWS\System32\drivers\VolSnap.sys
2011/06/08 16:37:07.0686 2852 Wanarp (484af08f15d1306ff2e8b64fe62a160c) K:\WINDOWS\System32\DRIVERS\wanarp.sys
2011/06/08 16:37:07.0957 2852 wdmaud (499b653356a9e5589ee83ac47e5d2a8c) K:\WINDOWS\System32\drivers\wdmaud.sys
2011/06/08 16:37:08.0357 2852 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/06/08 16:37:08.0608 2852 MBR (0x1B8) (775e2744e1c61954a913caa0cf47812b) \Device\Harddisk1\DR1
2011/06/08 16:37:08.0688 2852 MBR (0x1B8) (fbe52462a4647a53ab7fefa2f16c2b97) \Device\Harddisk2\DR2
2011/06/08 16:37:08.0758 2852 ================================================== ==============================
2011/06/08 16:37:08.0758 2852 Scan finished
2011/06/08 16:37:08.0758 2852 ================================================== ==============================
2011/06/08 16:37:08.0818 2948 Detected object count: 0
2011/06/08 16:37:08.0818 2948 Actual detected object count: 0
Aswmbr:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 16:47:14
-----------------------------
16:47:14.248 OS Version: Windows 5.1.2600 Service Pack 1
16:47:14.248 Number of processors: 1 586 0x803
16:47:14.248 ComputerName: W3-KZGX4W7JWCTU UserName: W3
16:47:14.950 Initialize success
16:47:20.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:47:20.838 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
16:47:20.838 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
16:47:20.838 Disk 1 Vendor: Maxtor_94098H6 BAC51KJ0 Size: 39083MB BusType: 3
16:47:20.838 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
16:47:20.838 Disk 2 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
16:47:22.851 Disk 0 MBR read successfully
16:47:22.851 Disk 0 MBR scan
16:47:22.861 Disk 0 unknown MBR code
16:47:24.864 Disk 0 scanning sectors +120101940
16:47:24.894 Disk 0 scanning K:\WINDOWS\System32\drivers
16:47:30.852 Service scanning
16:47:32.445 Disk 0 trace - called modules:
16:47:32.455 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
16:47:32.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8339ab48]
16:47:32.785 3 CLASSPNP.SYS[f88c7022] -> nt!IofCallDriver -> \Device\00000067[0x833d9f18]
16:47:32.785 5 ACPI.sys[f882f12d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83386d98]
16:47:32.785 Scan finished successfully
16:47:54.496 Disk 0 MBR has been saved successfully to "E:\Mebroot-torpig\MBR.dat"
16:47:54.526 The log file has been saved successfully to "E:\Mebroot-torpig\aswMBR.txt"
Ik zie hier ook weer: Disk 0 unknown MBR code.
Deze schijf is de opstartschijf en is als volgt opgebouwd:
- Windows 98 (alleen systeem: 2,8 GB FAT32)
- Windows XP (alleen systeem: 3,2 GB NTFS)
- Data-1 (26 GB FAT32)
- Data-2 (26 GB FAT32)
dogegg 8 June 2011, 16:59 > Voor Vista geld wel dat je aswMBR als Administrator moet starten -> rechtsklik -> uitvoeren als Administrator.
Dit heb ik ook geprobeerd, echter met hetzelfde resultaat.
EvelineGirl 8 June 2011, 17:02 Deze E:\Mebroot-torpig\MBR.dat uploaden naar VirusTotal: http://www.virustotal.com/
Voer op beide ook MBR check.exe uit.
Voor Vista geld wederom uitvoeren als Administrator.
dogegg 8 June 2011, 17:12 Computer 3:
Aswmbr heeft geen mbr.dat aangemaakt, dus die kan ik ook niet uploaden naar Virus Total.
Hierbij het resultaat van MBR check:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6820s
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 160):
0x81C36000 \SystemRoot\system32\ntkrnlpa.exe
0x81C03000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\System32\drivers\sfsync04.sys
0x8072A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8072D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80737000 \SystemRoot\system32\drivers\volmgr.sys
0x80746000 \SystemRoot\System32\drivers\volmgrx.sys
0x80790000 \SystemRoot\system32\DRIVERS\pciide.sys
0x80797000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x82201000 \SystemRoot\system32\drivers\iastor.sys
0x822C8000 \SystemRoot\system32\drivers\atapi.sys
0x822D0000 \SystemRoot\system32\drivers\ataport.SYS
0x822EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x82320000 \SystemRoot\system32\drivers\fileinfo.sys
0x82330000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82339000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A07000 \SystemRoot\system32\drivers\ndis.sys
0x87B12000 \SystemRoot\system32\drivers\msrpc.sys
0x87B3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C04000 \SystemRoot\System32\drivers\tcpip.sys
0x87CEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F14000 \SystemRoot\system32\drivers\volsnap.sys
0x87F4D000 \SystemRoot\System32\Drivers\spldr.sys
0x87F55000 \SystemRoot\System32\drivers\sfvfs02.sys
0x87F6D000 \SystemRoot\System32\drivers\sfhlp02.sys
0x87F75000 \SystemRoot\System32\drivers\sfdrv01.sys
0x87F88000 \SystemRoot\System32\Drivers\mup.sys
0x87F97000 \SystemRoot\System32\drivers\ecache.sys
0x87FBE000 \SystemRoot\system32\drivers\disk.sys
0x87FCF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FF0000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FF9000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x87DDD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87DE8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87DF1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C602000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8CD28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CDC8000 \SystemRoot\System32\drivers\watchdog.sys
0x87B78000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8CDD4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87BB3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDDF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CE03000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D00C000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8D395000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D3B3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D3E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D3E5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CE90000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D3F0000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8CEA8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D3F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D3FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D000000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8CEB8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CEE7000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CF28000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CF33000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CF4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CF55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CF78000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CF87000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CF9B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CFB0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D009000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CFC0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CFEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CDEE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x823AA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CFF4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x823DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E005000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8E055000 \SystemRoot\system32\drivers\portcls.sys
0x8E082000 \SystemRoot\system32\drivers\drmk.sys
0x8E0A7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E1C3000 \SystemRoot\system32\drivers\modem.sys
0x8E1D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E1D9000 \SystemRoot\System32\Drivers\Null.SYS
0x8E1E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E1E7000 \SystemRoot\System32\drivers\vga.sys
0x807B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E1F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87BF1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x823F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x807D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x807E4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x805BC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x805D2000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8E400000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E432000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E43F000 \SystemRoot\System32\Drivers\bthport.sys
0x8E4BF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E4D3000 \SystemRoot\system32\drivers\afd.sys
0x8E51B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E531000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E53F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8E541000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E554000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E590000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8E5B9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E5C3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8E5CD000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E5E4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x87BF9000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8E60C000 \SystemRoot\system32\drivers\btwavdt.sys
0x8E673000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8E6C4000 \SystemRoot\system32\drivers\btwaudio.sys
0x8E740000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8E743000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E74C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E754000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87D09000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98650000 \SystemRoot\System32\win32k.sys
0x8E761000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E76B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98870000 \SystemRoot\System32\TSDDD.dll
0x98890000 \SystemRoot\System32\cdd.dll
0x8E77A000 \SystemRoot\system32\drivers\luafv.sys
0x9C200000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C2F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C307000 \SystemRoot\system32\drivers\HTTP.sys
0x9C374000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C391000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3BF000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C3E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E79D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8E7D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D80F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D837000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D886000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9D8C9000 \SystemRoot\System32\drivers\enodpl.sys
0x9D8CB000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9D8D0000 \SystemRoot\system32\drivers\peauth.sys
0x9D9AE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D9B8000 \SystemRoot\System32\drivers\tandpl.sys
0x9D9BA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D9C6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3A09000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA3A6D000 \??\C:\Users\Gerben\AppData\Local\Temp\aswMBR.sys
0x77CA0000 \Windows\System32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
552 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\SLsvc.exe
1404 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\spoolsv.exe
1836 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\AEADISRV.EXE
180 C:\Windows\System32\agrsmsvc.exe
332 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
440 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
528 C:\Windows\System32\svchost.exe
852 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1560 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1664 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1928 C:\Program Files\PDF Complete\pdfsvc.exe
2052 C:\Windows\System32\svchost.exe
2092 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
2144 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2156 C:\PROGRA~1\AVG\AVG8\avgam.exe
2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2236 C:\Program Files\AVG\AVG8\avgrsx.exe
2264 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2340 C:\Windows\System32\svchost.exe
2400 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\SearchIndexer.exe
2596 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2968 C:\Windows\System32\taskeng.exe
3236 C:\Windows\System32\taskeng.exe
3288 C:\Windows\System32\dwm.exe
3600 WmiPrvSE.exe
3456 C:\Windows\System32\svchost.exe
2912 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1240 C:\Windows\System32\wuauclt.exe
2468 C:\Windows\System32\mobsync.exe
4028 C:\Windows\explorer.exe
1332 C:\Windows\System32\wbem\unsecapp.exe
3856 C:\Users\Gerben\AppData\Local\Google\Chrome\Applic ation\chrome.exe
3540 C:\Users\Gerben\AppData\Local\Google\Chrome\Applic ation\chrome.exe
2608 C:\Users\Gerben\AppData\Local\Google\Chrome\Applic ation\chrome.exe
632 C:\Windows\System32\SearchProtocolHost.exe
1516 C:\Windows\System32\SearchFilterHost.exe
1228 C:\Users\Gerben\Desktop\MBRCheck.exe
3044 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000024`dfe00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000022`c9e00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC32P
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BA45552C7D0FECBC71843573FE570B53B965795E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
dogegg 8 June 2011, 17:18 Computer 4:
Het resultaat van VirusTotal:
File name:
MBR.dat
Submission date:
2011-06-08 15:05:01 (UTC)
Current status:
queued (#41) queued analysing finished
http://virustotal.hispasecsistemas.netdna-cdn.com/img/loader.gif
Result:
0/ 43 (0.0%)
Antivirus Version Last Update Result AhnLab-V32011.06.09.002011.06.08-AntiVir7.11.9.992011.06.08-Antiy-AVL2.0.3.72011.06.07-Avast4.8.1351.02011.06.08-Avast55.0.677.02011.06.08-AVG10.0.0.11902011.06.08-BitDefender7.22011.06.08-CAT-QuickHeal11.002011.06.08-ClamAV0.97.0.02011.06.08-Commtouch5.3.2.62011.06.08-Comodo89952011.06.08-DrWeb5.0.2.033002011.06.08-Emsisoft5.1.0.82011.06.08-eSafe7.0.17.02011.06.06-eTrust-Vet36.1.83742011.06.08-F-Prot4.6.2.1172011.06.08-F-Secure9.0.16440.02011.06.08-Fortinet4.2.257.02011.06.08-GData222011.06.08-IkarusT3.1.1.104.02011.06.08-Jiangmin13.0.9002011.06.08-K7AntiVirus9.105.47812011.06.07-Kaspersky9.0.0.8372011.06.08-McAfee5.400.0.11582011.06.08-McAfee-GW-Edition2010.1D2011.06.08-Microsoft1.69032011.06.08-NOD3261902011.06.08-Norman6.07.102011.06.08-nProtect2011-06-08.022011.06.08-Panda10.0.3.52011.06.08-PCTools7.0.3.52011.06.08-Prevx3.02011.06.08-Rising23.61.02.032011.06.08-Sophos4.66.02011.06.08-SUPERAntiSpyware4.40.0.10062011.06.08-Symantec20111.1.0.1862011.06.08-TheHacker6.7.0.1.2252011.06.08-TrendMicro9.200.0.10122011.06.08-TrendMicro-HouseCall9.200.0.10122011.06.08-VBA323.12.16.02011.06.08-VIPRE95222011.06.08-ViRobot2011.6.8.45002011.06.08-VirusBuster14.0.72.02011.06.08-
Additional information
Show all
MD5 : 4342e4538f5ce7744729fb0f3c5c1a06 SHA1 : 72d57e43d00092aea94114f7cf61b32e066a644d SHA256: c146885d83ff3f00244d16db1fb97498eaf368d89bcc41cad9 f5825b127aa56a ssdeep: 6:5ekYu/DswUoypNTJzRuYvo4nxaYRV800xB9w1qk5n0DRTk08bebY3oCn zjZ1GduJ:0T4ioypl
5v/c8i0HYko68due+sS File size : 512 bytes First seen: 2011-06-08 15:05:01 Last seen : 2011-06-08 15:05:01 TrID:
Unknown! sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
En het resultaat van MBR check:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 1 (build 2600)
Logical Drives Mask: 0x00001ffd
Kernel Drivers (total 124):
0x804D4000 \WINDOWS\system32\ntoskrnl.exe
0x806C8000 \WINDOWS\system32\hal.dll
0xF8D76000 \WINDOWS\system32\KDCOM.DLL
0xF8C86000 \WINDOWS\system32\BOOTVID.dll
0xF8829000 ACPI.sys
0xF8D78000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8876000 pci.sys
0xF8886000 isapnp.sys
0xF8D7A000 intelide.sys
0xF8AF6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8896000 MountMgr.sys
0xF880A000 ftdisk.sys
0xF8D7C000 dmload.sys
0xF87E6000 dmio.sys
0xF8AFE000 PartMgr.sys
0xF88A6000 VolSnap.sys
0xF87D0000 atapi.sys
0xF8B06000 trm3x5.sys
0xF87B9000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF88B6000 disk.sys
0xF88C6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF87A8000 sr.sys
0xF874B000 mfehidk.sys
0xF8735000 PQV2i.sys
0xF88D6000 PxHelp20.sys
0xF8721000 KSecDD.sys
0xF8697000 Ntfs.sys
0xF866E000 NDIS.sys
0xF8654000 Mup.sys
0xF8B0E000 agp440.sys
0xF8976000 \SystemRoot\System32\DRIVERS\p3.sys
0xF822D000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF821B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF81C7000 \SystemRoot\System32\DRIVERS\el90xbc5.sys
0xF8B5E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF81A5000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8B66000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF815F000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF813E000 \SystemRoot\system32\drivers\portcls.sys
0xF8986000 \SystemRoot\system32\drivers\drmk.sys
0xF811E000 \SystemRoot\system32\drivers\ks.sys
0xF8996000 \SystemRoot\system32\drivers\sfmanm.sys
0xF80FA000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF7B2F000 \SystemRoot\system32\drivers\mfefirek.sys
0xF8D98000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF8F3B000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF85F0000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF89B6000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF89C6000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8B6E000 \SystemRoot\System32\Drivers\GearAspiWDM.SYS
0xF8B76000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7AF4000 \SystemRoot\System32\DRIVERS\parport.sys
0xF89D6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8B7E000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8B86000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF85E4000 \SystemRoot\System32\DRIVERS\atinpdxx.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\STREAM.SYS
0xF8F3C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7AE0000 \SystemRoot\System32\DRIVERS\mfendisk.sys
0xF89F6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF82BB000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7ACA000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8A06000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8A16000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF82B7000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7AB9000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8A26000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8B8E000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8B96000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7A8C000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8A36000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8F3D000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF79A2000 \SystemRoot\System32\DRIVERS\update.sys
0xF8A46000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8D9A000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A56000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8B9E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8D9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8F67000 \SystemRoot\System32\Drivers\Null.SYS
0xF8D9E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8BAE000 \SystemRoot\System32\drivers\vga.sys
0xF8DA0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8DA2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8BB6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8BBE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF862C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF8A96000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF1868000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF1855000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF182E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8AA6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF1806000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF8F78000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xF8AC6000 \SystemRoot\System32\Drivers\PQIMount.SYS
0xF1752000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8AE6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8906000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF163E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF14EE000 \SystemRoot\System32\watchdog.sys
0xF14EA000 \SystemRoot\System32\drivers\Dxapi.sys
0xBFF80000 \SystemRoot\System32\drivers\dxg.sys
0xF8F46000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9BB000 \SystemRoot\System32\ati2dvag.dll
0xBF9ED000 \SystemRoot\System32\ati3d1ag.dll
0xF8DEC000 \SystemRoot\System32\DRIVERS\nic2000.sys
0xF1325000 \SystemRoot\System32\drivers\afd.sys
0xF1442000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF1285000 \SystemRoot\system32\drivers\sysaudio.sys
0xF10E7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0ED5000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8E24000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF8B46000 \SystemRoot\System32\drivers\aspi32.sys
0xF8E36000 \??\K:\WINDOWS\system32\drivers\EIO.sys
0xF1396000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF0E34000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8DC4000 \SystemRoot\System32\DRIVERS\pro2000.sys
0xF0D7C000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF0AD6000 \SystemRoot\system32\drivers\mfeapfk.sys
0xF0BC4000 \SystemRoot\system32\drivers\mfebopk.sys
0xF070E000 \SystemRoot\system32\drivers\cfwids.sys
0xF050F000 \??\K:\DOCUME~1\W3\LOCALS~1\Temp\aswMBR.sys
0xF0331000 \SystemRoot\system32\drivers\kmixer.sys
0x77F40000 \WINDOWS\system32\ntdll.dll
Processes (total 33):
0 System Idle Process
4 System
888 K:\WINDOWS\system32\smss.exe
1516 csrss.exe
1540 K:\WINDOWS\system32\winlogon.exe
1584 K:\WINDOWS\system32\services.exe
1596 K:\WINDOWS\system32\lsass.exe
1760 K:\WINDOWS\system32\svchost.exe
1864 K:\WINDOWS\system32\svchost.exe
1948 svchost.exe
1984 svchost.exe
500 K:\WINDOWS\system32\spoolsv.exe
1464 K:\WINDOWS\explorer.exe
1812 K:\Program Files\McAfee.com\Agent\mcagent.exe
1892 D:\Executive Software\Diskeeper\DkService.exe
1968 D:\FreeRAM XP Pro\FreeRAM XP Pro.exe
292 K:\WINDOWS\system32\gearsec.exe
332 K:\Program Files\Java\jre6\bin\jqs.exe
384 K:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
564 K:\WINDOWS\system32\devldr32.exe
720 K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
812 K:\WINDOWS\system32\mfevtps.exe
344 K:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
1992 wdfmgr.exe
2068 K:\WINDOWS\system32\ups.exe
2116 K:\WINDOWS\system32\svchost.exe
2148 K:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2188 K:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3108 K:\WINDOWS\system32\wbem\wmiapsrv.exe
3904 K:\WINDOWS\system32\rundll32.exe
2600 K:\PROGRA~1\McAfee\MPF\MpfAlert.exe
2972 D:\Mozilla Firefox\firefox.exe
4040 K:\Documents and Settings\W3\Bureaublad\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000001`770df800 (FAT32)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000007`e2e9aa00 (FAT32)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`7d04fc00 (FAT32)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000005`04017400 (FAT32)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (FAT32)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000004`a94e8200 (FAT32)
\\.\K: --> \\.\PhysicalDrive0 at offset 0x00000000`af064a00 (NTFS)
PhysicalDrive0 Model Number: Maxtor6Y060L0, Rev: YAR41VW0
PhysicalDrive1 Model Number: Maxtor94098H6, Rev: BAC51KJ0
PhysicalDrive2 Model Number: WDCWD400EB-00CPF0, Rev: 06.04G06
Size Device Name MBR Status
--------------------------------------------
57 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6
38 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: E3EF1EE108E1DB8DE51DBFB5BBD8FC4AB9BD1D2B
37 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: B85804939B36D5CD991F145729DB5F8047E34AA7
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
EvelineGirl 8 June 2011, 17:27 Wil je op de Vista eens Combofix uitvoeren:
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
EvelineGirl 8 June 2011, 17:54 P.S ik kan waarschijnlijk na het weekend pas weer antwoorden.
dogegg 8 June 2011, 21:57 Hierbij de log van Combofix voor computer 3 (Vista):
ComboFix 11-06-07.02 - Gerben 08-06-2011 17:50:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1095 [GMT 2:00]
Gestart vanuit: c:\users\Gerben\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\shimg.dll
F:\Autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))
.
.
2011-06-08 15:57 . 2011-06-08 15:58 -------- d-----w- c:\users\Gerben\AppData\Local\temp
2011-06-08 15:57 . 2011-06-08 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-08 15:31 . 2011-06-08 15:46 -------- d-----w- C:\32788R22FWJFW
2011-06-07 11:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03BC9D4E-2189-4EED-9737-01FD4EA5E1A8}\mpengine.dll
2011-06-06 05:32 . 2011-06-06 05:32 -------- d-----w- c:\program files\ESET
2011-06-05 22:02 . 2011-06-05 22:02 -------- d-----w- c:\users\Gerben\AppData\Roaming\Malwarebytes
2011-06-05 22:01 . 2011-06-05 22:01 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 22:01 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 22:01 . 2011-06-05 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 22:01 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 20:42 . 2011-06-03 20:42 -------- d-----w- c:\users\Gerben\AppData\Roaming\ParetoLogic
2011-06-03 20:42 . 2011-06-03 20:42 -------- d-----w- c:\users\Gerben\AppData\Roaming\DriverCure
2011-06-03 20:42 . 2011-06-05 18:02 -------- d-----w- c:\programdata\ParetoLogic
2011-05-30 19:03 . 2011-05-30 19:03 -------- d-----w- C:\found.000
2011-05-25 13:01 . 2011-05-25 13:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 12:16 . 2011-06-02 15:49 -------- d-----w- c:\users\Gerben\AppData\Roaming\Mimy
2011-05-25 12:16 . 2011-05-25 12:36 -------- d-----w- c:\users\Gerben\AppData\Roaming\Esumym
2011-05-14 11:21 . 2000-06-23 12:06 192000 ----a-w- c:\windows\system32\iac22120.rra
2011-05-14 11:21 . 2000-06-23 08:36 745984 ----a-w- c:\windows\system32\ir50221a.rra
2011-05-14 11:21 . 2000-06-22 16:11 145408 ----a-w- c:\windows\system32\Ivfs2333.rra
2011-05-14 11:21 . 2000-06-22 11:09 56320 ----a-w- c:\windows\system32\iyvu9_32.dll
2011-05-14 11:21 . 2000-06-23 12:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2011-05-11 16:44 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-04-02 17:03 . 2010-11-05 13:31 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-12 21:55 . 2011-04-27 11:37 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 15:34 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:34 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-29 18:33 136176 ----atw- c:\users\Gerben\AppData\Local\Google\Update\Google Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 14:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 03:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 07:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-05-08 07:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-06-11 07:55 163840 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 13:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 00:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 09:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 uvewbdywzcpnfo;uvewbdywzcpnfo;c:\users\Gerben\AppD ata\Local\Temp\DAT9F2F.tmp.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.s ys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 ldiskl;ldiskl;c:\users\Gerben\AppData\Local\Temp\l diskl.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158814017-855914190-1733611836-1007Core.job
- c:\users\Gerben\AppData\Local\Google\Update\Google Update.exe [2011-05-29 18:33]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158814017-855914190-1733611836-1007UA.job
- c:\users\Gerben\AppData\Local\Google\Update\Google Update.exe [2011-05-29 18:33]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.dufpy.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyServer = proxy.xs4all.nl:8080
uInternet Settings,ProxyOverride = <local>
IE: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hanze.nl
Trusted Zone: rug.nl\nestor
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-NvCplDaemonTool - c:\users\Gerben\yload3D.dll
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 17:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
c:\windows\TEMP\TMP0000004CF4A747049A44175B 524288 bytes
.
Scan succesvol afgerond
verborgen bestanden: 1
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p dfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1158814017-855914190-1733611836-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9b,db,16,14,d2,2c,53,18,06,2c,e0,db,40,cf,9b, 4d,7a,37,14,18,57,54,42,
58,87,6c,cd,6a,b5,59,f0,1f,50,61,67,cf,0a,5e,c3,6f ,1e,f2,ba,80,ec,45,e3,c2,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89, 5d
.
[HKEY_USERS\S-1-5-21-1158814017-855914190-1733611836-1007\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:39,50,ec,8a,bc,e5,2b,6a,9e,a2,8d,e3,85,bb,02, 7f,e9,ab,c0,10,78,
0a,61,95,fc,00,eb,e3,70,c9,44,b0,07,11,36,dd,1d,f5 ,08,d2,a2,bd,da,25,9b,4d,\
"rkeysecu"=hex:07,dc,3e,22,4c,83,2d,ee,5c,34,b6,c3,d1,34,da, 28
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-06-08 18:01:37
ComboFix-quarantined-files.txt 2011-06-08 16:01
.
Pre-Run: 49.122.635.776 bytes beschikbaar
Post-Run: 48.738.398.208 bytes beschikbaar
.
- - End Of File - - 60C351A91B0050BA086CE69807AC2A80
dogegg 13 June 2011, 23:06 Hallo Eveline,
Afgelopen dagen heb ik zelf nog wat onderzoek gedaan. Op de volgende websites staat beschreven hoe de Torpig trojan is te herkennen:
http://www.virusalert.nl/?show=virus&id=997&name=Trojan.Torpig-a
http://www.virusalert.nl/?show=virus&id=1873
Ik heb mijn computers en bijbehorende registers op basis van deze gegevens onderzocht en vond op Computer 4 de volgende register waarden (bij de andere computers leverde dit onderzoek geen resultaten op):
HKEY_Curren_User\Software\Microsoft\Search assistant\ACMu\5604\
000 REG_SZ \service\explore
001 REG_SZ dllp.txt
002 REG_SZ dll.dll
HKEY_Curren_User\Software\Microsoft\Search assistant\ACMu\5603\
000 REG_SZ ibm000
HKEY_Users\5-1-5-21-861567501-152049171-1060284298-1003\Software\Microsoft\Search assistant\ACMu\5604\
000 REG_SZ \service\explore
001 REG_SZ dllp.txt
002 REG_SZ dll.dll
HKEY_Users\5-1-5-21-861567501-152049171-1060284298-1003\Software\Microsoft\Search assistant\ACMu\5603\
000 REG_SZ ibm000
HKEY_Local_Machine\System\Control set 001\Services\isapnp\Parameters
IBM0001 REG_DWORD 0x00000010 (16)
HKEY_Local_Machine\System\Control set 002\Services\isapnp\Parameters
IBM0001 REG_DWORD 0x00000010 (16)
HKEY_Local_Machine\System\Current control set\Services\isapnp\Parameters
IBM0001 REG_DWORD 0x00000010 (16)
HKEY_Users\5-1-5-21-861567501-152049171-1060284298-1003\Software\VB and VBA Program Settings\Driver Detective\Startup
PWD REG_SZ
HKEY_Curren_User\Software\VB and VBA Program Settings\Driver Detective\Startup
PWD REG_SZ
Het lijkt er op dat deze computer de veroorzaker van het probleem is.
Verder heb ik Wireshark geïnstalleerd om het internet verkeer te kunnen monitoren. Wireshark geeft een heleboel informatie, maar het is voor mij onduidelijk of hier verdacht verkeer tussen zit.
Hebben jullie ervaring met Wireshark? Waar moet ik precies op letten?
Met vriendelijke groet,
Dogegg
EvelineGirl 14 June 2011, 10:39 Ik ken het programma WireShark niet daar kan ik dus niks over zeggen. Was computer 4 die met XP en Windows 98?
dogegg 14 June 2011, 21:42 Klopt, gegevens over deze computer zijn gepost op 8 juni om 16.55 en 17.18.
EvelineGirl 15 June 2011, 13:23 TDSSKiller en AswMBR vinden niks bijzonders op die computer. Wil je doe tools een draaien in veilige modus?
Doe ook een Combofix scan:
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
dogegg 15 June 2011, 23:46 Hierbij het resultaat van TDSSKiller:
2011/06/15 22:27:00.0848 1452 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 22:27:00.0908 1452 ================================================== ==============================
2011/06/15 22:27:00.0908 1452 SystemInfo:
2011/06/15 22:27:00.0908 1452
2011/06/15 22:27:00.0908 1452 OS Version: 5.1.2600 ServicePack: 1.0
2011/06/15 22:27:00.0908 1452 Product type: Workstation
2011/06/15 22:27:00.0908 1452 ComputerName: W3-KZGX4W7JWCTU
2011/06/15 22:27:00.0908 1452 UserName: W3
2011/06/15 22:27:00.0908 1452 Windows directory: K:\WINDOWS
2011/06/15 22:27:00.0908 1452 System windows directory: K:\WINDOWS
2011/06/15 22:27:00.0908 1452 Processor architecture: Intel x86
2011/06/15 22:27:00.0908 1452 Number of processors: 1
2011/06/15 22:27:00.0908 1452 Page size: 0x1000
2011/06/15 22:27:00.0908 1452 Boot type: Safe boot
2011/06/15 22:27:00.0908 1452 ================================================== ==============================
2011/06/15 22:27:07.0247 1452 Initialize success
2011/06/15 22:27:12.0114 1472 ================================================== ==============================
2011/06/15 22:27:12.0114 1472 Scan started
2011/06/15 22:27:12.0114 1472 Mode: Manual;
2011/06/15 22:27:12.0114 1472 ================================================== ==============================
2011/06/15 22:27:13.0716 1472 ACPI (db9d06fed418ed73cd5b879dd2cbdb16) K:\WINDOWS\System32\DRIVERS\ACPI.sys
2011/06/15 22:27:14.0007 1472 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) K:\WINDOWS\System32\drivers\ACPIEC.sys
2011/06/15 22:27:14.0468 1472 aec (ff773feda15e8bd97fd54fe87a0acdbe) K:\WINDOWS\System32\drivers\aec.sys
2011/06/15 22:27:14.0738 1472 AFD (51b1872b62d1c335bac53313913c8d5b) K:\WINDOWS\System32\drivers\afd.sys
2011/06/15 22:27:14.0978 1472 agp440 (65880045c51aa36184841cee915a61df) K:\WINDOWS\System32\DRIVERS\agp440.sys
2011/06/15 22:27:16.0891 1472 Aspi32 (54ab078660e536da72b21a27f56b035b) K:\WINDOWS\System32\drivers\aspi32.sys
2011/06/15 22:27:17.0201 1472 AsyncMac (03f403b07a884fc2aa54a0916c410931) K:\WINDOWS\System32\DRIVERS\asyncmac.sys
2011/06/15 22:27:17.0512 1472 atapi (95b858761a00e1d4f81f79a0da019aca) K:\WINDOWS\System32\DRIVERS\atapi.sys
2011/06/15 22:27:18.0033 1472 ati2mtag (c5224c32626e551e705750d23f9a3d76) K:\WINDOWS\System32\DRIVERS\ati2mtag.sys
2011/06/15 22:27:18.0373 1472 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) K:\WINDOWS\System32\DRIVERS\atmarpc.sys
2011/06/15 22:27:18.0604 1472 audstub (d9f724aa26c010a217c97606b160ed68) K:\WINDOWS\System32\DRIVERS\audstub.sys
2011/06/15 22:27:18.0874 1472 Beep (da1f27d85e0d1525f6621372e7b685e9) K:\WINDOWS\System32\drivers\Beep.sys
2011/06/15 22:27:19.0134 1472 Bridge (dba7442096f025a0490ec348f82acdbe) K:\WINDOWS\System32\DRIVERS\bridge.sys
2011/06/15 22:27:19.0244 1472 BridgeMP (dba7442096f025a0490ec348f82acdbe) K:\WINDOWS\System32\DRIVERS\bridge.sys
2011/06/15 22:27:19.0545 1472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) K:\WINDOWS\System32\drivers\cbidf2k.sys
2011/06/15 22:27:19.0985 1472 Cdaudio (c1b486a7658353d33a10cc15211a873b) K:\WINDOWS\System32\drivers\Cdaudio.sys
2011/06/15 22:27:20.0266 1472 Cdfs (049a38451f2611caf2fd528e023a0b5a) K:\WINDOWS\System32\drivers\Cdfs.sys
2011/06/15 22:27:20.0536 1472 Cdrom (6506e033ad04cfec9ee56dbefd1083dd) K:\WINDOWS\System32\DRIVERS\cdrom.sys
2011/06/15 22:27:20.0807 1472 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) K:\WINDOWS\System32\drivers\cfwids.sys
2011/06/15 22:27:21.0788 1472 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) K:\WINDOWS\System32\DRIVERS\ctljystk.sys
2011/06/15 22:27:22.0419 1472 Disk (d1b16340ceaceecbf52340a0cbdf43e1) K:\WINDOWS\System32\DRIVERS\disk.sys
2011/06/15 22:27:22.0970 1472 dmboot (b6a8be706e409ef1f49dc065b208975e) K:\WINDOWS\System32\drivers\dmboot.sys
2011/06/15 22:27:23.0450 1472 dmio (fc7ceaee848b0a4a0d17a65b7a3556e5) K:\WINDOWS\System32\drivers\dmio.sys
2011/06/15 22:27:23.0721 1472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) K:\WINDOWS\System32\drivers\dmload.sys
2011/06/15 22:27:24.0001 1472 DMusic (ef05974d47d56fa8387f170f05bae5e7) K:\WINDOWS\System32\drivers\DMusic.sys
2011/06/15 22:27:24.0472 1472 drmkaud (fd859e517fa2abb53654afa7ec9e3a94) K:\WINDOWS\System32\drivers\drmkaud.sys
2011/06/15 22:27:24.0692 1472 EIO (e41f6ac72e597e5f87b4a9ab0d8ab8bc) K:\WINDOWS\system32\drivers\EIO.sys
2011/06/15 22:27:24.0923 1472 EL90XBC (6e883bf518296a40959131c2304af714) K:\WINDOWS\System32\DRIVERS\el90xbc5.sys
2011/06/15 22:27:25.0233 1472 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) K:\WINDOWS\System32\drivers\emu10k1m.sys
2011/06/15 22:27:25.0523 1472 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) K:\WINDOWS\System32\drivers\ctlfacem.sys
2011/06/15 22:27:25.0854 1472 Fastfat (e4a3a8f3e60b542a747b10e86faa5dad) K:\WINDOWS\System32\drivers\Fastfat.sys
2011/06/15 22:27:26.0154 1472 Fdc (19c5c7eac0190a42522290bf002f64ea) K:\WINDOWS\System32\DRIVERS\fdc.sys
2011/06/15 22:27:26.0385 1472 Fips (dac8cab287a959c2f717d3748177374b) K:\WINDOWS\System32\drivers\Fips.sys
2011/06/15 22:27:26.0655 1472 Flpydisk (8f70d1f7606f7442e2f7383f3701d728) K:\WINDOWS\System32\DRIVERS\flpydisk.sys
2011/06/15 22:27:26.0885 1472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) K:\WINDOWS\System32\drivers\Fs_Rec.sys
2011/06/15 22:27:27.0146 1472 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) K:\WINDOWS\System32\DRIVERS\ftdisk.sys
2011/06/15 22:27:27.0406 1472 gameenum (6d18cad8a05d88e672b61db855a08289) K:\WINDOWS\System32\DRIVERS\gameenum.sys
2011/06/15 22:27:27.0657 1472 GearAspiWDM (d9d93a84da53e0bd515a62b3c4aeea78) K:\WINDOWS\System32\drivers\GearAspiWDM.sys
2011/06/15 22:27:27.0897 1472 Gpc (13591e0a02e85de2a388f3ec4bd206df) K:\WINDOWS\System32\DRIVERS\msgpc.sys
2011/06/15 22:27:28.0748 1472 i8042prt (22da5faf555eee1d51e0609c6e3400c1) K:\WINDOWS\System32\DRIVERS\i8042prt.sys
2011/06/15 22:27:29.0008 1472 Imapi (3cb4410747f2330d97b10b656d5bb2ac) K:\WINDOWS\System32\DRIVERS\imapi.sys
2011/06/15 22:27:29.0469 1472 IntelIde (c58a4252a365161254bedef0d8d900f8) K:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/15 22:27:29.0740 1472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) K:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
2011/06/15 22:27:29.0980 1472 IpInIp (f56dd863ba732a4e8ee58d486c31250f) K:\WINDOWS\System32\DRIVERS\ipinip.sys
2011/06/15 22:27:30.0240 1472 IpNat (fc672ad6e9676814a0c844912f2abcff) K:\WINDOWS\System32\DRIVERS\ipnat.sys
2011/06/15 22:27:30.0501 1472 IPSec (1c4802409cfd4a7051f458b744cfcaa5) K:\WINDOWS\System32\DRIVERS\ipsec.sys
2011/06/15 22:27:30.0761 1472 IRENUM (b43201394646b7e98c89056edda686b5) K:\WINDOWS\System32\DRIVERS\irenum.sys
2011/06/15 22:27:31.0051 1472 isapnp (fd298ad13acb19fc43b627aca0806231) K:\WINDOWS\System32\DRIVERS\isapnp.sys
2011/06/15 22:27:31.0372 1472 Kbdclass (f1a07c34b2266acf2801332d34deefdd) K:\WINDOWS\System32\DRIVERS\kbdclass.sys
2011/06/15 22:27:31.0662 1472 kmixer (10e0feb086d8c1419b958c9034e4668a) K:\WINDOWS\System32\drivers\kmixer.sys
2011/06/15 22:27:32.0133 1472 KSecDD (abc70e8b89cce44731a346deb764bf95) K:\WINDOWS\System32\drivers\KSecDD.sys
2011/06/15 22:27:33.0074 1472 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) K:\WINDOWS\System32\drivers\mbamswissarmy.sys
2011/06/15 22:27:33.0805 1472 mfeapfk (113445fc6a858ef453cded5b0a0df665) K:\WINDOWS\System32\drivers\mfeapfk.sys
2011/06/15 22:27:34.0216 1472 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) K:\WINDOWS\System32\drivers\mfeavfk.sys
2011/06/15 22:27:34.0506 1472 mfebopk (a528b15e330edb83ea649be318d841d5) K:\WINDOWS\System32\drivers\mfebopk.sys
2011/06/15 22:27:34.0897 1472 mfefirek (c7da1b8003c89acedaa13768f7a1c622) K:\WINDOWS\System32\drivers\mfefirek.sys
2011/06/15 22:27:35.0408 1472 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) K:\WINDOWS\System32\drivers\mfehidk.sys
2011/06/15 22:27:35.0848 1472 mfendisk (b1728195877b18ce63cf0cd00b2871eb) K:\WINDOWS\System32\DRIVERS\mfendisk.sys
2011/06/15 22:27:36.0019 1472 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) K:\WINDOWS\System32\DRIVERS\mfendisk.sys
2011/06/15 22:27:36.0309 1472 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) K:\WINDOWS\System32\drivers\mferkdet.sys
2011/06/15 22:27:36.0669 1472 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) K:\WINDOWS\System32\drivers\mferkdk.sys
2011/06/15 22:27:37.0000 1472 mfesmfk (096b52ea918aa909ba5903d79e129005) K:\WINDOWS\System32\drivers\mfesmfk.sys
2011/06/15 22:27:37.0381 1472 mfetdi2k (25e12c68b49a64ffc873603dfd578236) K:\WINDOWS\System32\drivers\mfetdi2k.sys
2011/06/15 22:27:37.0711 1472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) K:\WINDOWS\System32\drivers\mnmdd.sys
2011/06/15 22:27:37.0931 1472 Modem (436c5c42b0edebee7110513577c04097) K:\WINDOWS\System32\drivers\Modem.sys
2011/06/15 22:27:38.0252 1472 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) K:\WINDOWS\System32\drivers\MODEMCSA.sys
2011/06/15 22:27:38.0582 1472 Mouclass (4cb839b6e2ae35ad78ad24843258a606) K:\WINDOWS\System32\DRIVERS\mouclass.sys
2011/06/15 22:27:38.0843 1472 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) K:\WINDOWS\System32\drivers\MountMgr.sys
2011/06/15 22:27:39.0433 1472 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) K:\WINDOWS\System32\DRIVERS\mrxdav.sys
2011/06/15 22:27:39.0834 1472 MRxSmb (7a3a2be44e12e2abde1af891e83ac130) K:\WINDOWS\System32\DRIVERS\mrxsmb.sys
2011/06/15 22:27:40.0275 1472 Msfs (a1831538e119363d0d90d757ac8a2012) K:\WINDOWS\System32\drivers\Msfs.sys
2011/06/15 22:27:40.0585 1472 MSKSSRV (85736f804191cb420a31aca2a7f0674f) K:\WINDOWS\System32\drivers\MSKSSRV.sys
2011/06/15 22:27:40.0906 1472 MSPCLOCK (e943adb93d83c5cbc0ca3f53f53b48cc) K:\WINDOWS\System32\drivers\MSPCLOCK.sys
2011/06/15 22:27:41.0216 1472 MSPQM (f6a726b8832db1f88326b8be98b11981) K:\WINDOWS\System32\drivers\MSPQM.sys
2011/06/15 22:27:41.0476 1472 Mup (08c56887f06473b09fc1b39e7dec0fb6) K:\WINDOWS\System32\drivers\Mup.sys
2011/06/15 22:27:41.0877 1472 NDIS (3b350e5a2a5e951453f3993275a4523a) K:\WINDOWS\System32\drivers\NDIS.sys
2011/06/15 22:27:42.0167 1472 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) K:\WINDOWS\System32\DRIVERS\ndistapi.sys
2011/06/15 22:27:42.0478 1472 Ndisuio (e6b6d5e4c9c199b7bb56d7862ea68fbc) K:\WINDOWS\System32\DRIVERS\ndisuio.sys
2011/06/15 22:27:42.0758 1472 NdisWan (15787deca8c5428beeaa8044f544fd85) K:\WINDOWS\System32\DRIVERS\ndiswan.sys
2011/06/15 22:27:43.0119 1472 NDProxy (59fc3fb44d2669bc144fd87826bb571f) K:\WINDOWS\System32\drivers\NDProxy.sys
2011/06/15 22:27:43.0419 1472 NetBIOS (e351339fa17c4a70940e15b5e3dae6e2) K:\WINDOWS\System32\DRIVERS\netbios.sys
2011/06/15 22:27:43.0720 1472 NetBT (d96f3bc5a6e7452b0e3275b560dc8528) K:\WINDOWS\System32\DRIVERS\netbt.sys
2011/06/15 22:27:44.0160 1472 NIC2000 (cb5f8ca8caf77cc538271a0e98945cbf) K:\WINDOWS\System32\DRIVERS\NIC2000.sys
2011/06/15 22:27:44.0471 1472 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) K:\WINDOWS\System32\drivers\npf.sys
2011/06/15 22:27:44.0781 1472 Npfs (20aba9f035e3a98877480e34fcc4dcb3) K:\WINDOWS\System32\drivers\Npfs.sys
2011/06/15 22:27:45.0162 1472 Ntfs (e3ae9c79498210a5f39fe5a9ad62bc55) K:\WINDOWS\System32\drivers\Ntfs.sys
2011/06/15 22:27:45.0602 1472 Null (73c1e1f395918bc2c6dd67af7591a3ad) K:\WINDOWS\System32\drivers\Null.sys
2011/06/15 22:27:45.0793 1472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) K:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
2011/06/15 22:27:46.0013 1472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) K:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
2011/06/15 22:27:46.0363 1472 P3 (1068e44105191b31688aead4f842454f) K:\WINDOWS\System32\DRIVERS\p3.sys
2011/06/15 22:27:46.0624 1472 Parport (432f3a614a0e9e2e06d8556e4dce5b04) K:\WINDOWS\System32\DRIVERS\parport.sys
2011/06/15 22:27:46.0894 1472 PartMgr (3334430c29dc338092f79c38ef7b4cd0) K:\WINDOWS\System32\drivers\PartMgr.sys
2011/06/15 22:27:47.0145 1472 ParVdm (1eade28746a64c21e0a808bb12a63326) K:\WINDOWS\System32\drivers\ParVdm.sys
2011/06/15 22:27:47.0395 1472 PCDCODEC (e74208a4dc1bff9c02a1d2abe7f4d2d3) K:\WINDOWS\System32\DRIVERS\atinpdxx.sys
2011/06/15 22:27:47.0645 1472 PCI (41414453d66e17ce077a70c9540bb7e0) K:\WINDOWS\System32\DRIVERS\pci.sys
2011/06/15 22:27:48.0486 1472 PCLinkBridge (3401d8cd88435535b3616644d417647b) K:\WINDOWS\System32\DRIVERS\pro2000.sys
2011/06/15 22:27:48.0857 1472 Pcmcia (52293c96f9e97bc9db35dfa5f5e742d9) K:\WINDOWS\System32\drivers\Pcmcia.sys
2011/06/15 22:27:50.0469 1472 PptpMiniport (fed674d73eb56c35444f701e847bf85b) K:\WINDOWS\System32\DRIVERS\raspptp.sys
2011/06/15 22:27:50.0740 1472 PQIMount (19b9004d21704dee27d19b03b3ab15c0) K:\WINDOWS\System32\drivers\PQIMount.sys
2011/06/15 22:27:51.0010 1472 PQNTDrv (4228630829c0e521c43d882a00533374) K:\WINDOWS\System32\drivers\PQNTDrv.sys
2011/06/15 22:27:51.0280 1472 PQV2i (abf46ec4e7708889ff13cae8c136a1a4) K:\WINDOWS\System32\drivers\PQV2i.sys
2011/06/15 22:27:51.0661 1472 PSched (944440247fe6988c88b376ed85a0cd1a) K:\WINDOWS\System32\DRIVERS\psched.sys
2011/06/15 22:27:51.0941 1472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) K:\WINDOWS\System32\DRIVERS\ptilink.sys
2011/06/15 22:27:52.0242 1472 PxHelp20 (81088114178112618b1c414a65e50f7c) K:\WINDOWS\System32\Drivers\PxHelp20.sys
2011/06/15 22:27:53.0504 1472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) K:\WINDOWS\System32\DRIVERS\rasacd.sys
2011/06/15 22:27:53.0774 1472 Rasl2tp (4c242c79a9c0d98d52d6f8cb9248d528) K:\WINDOWS\System32\DRIVERS\rasl2tp.sys
2011/06/15 22:27:54.0044 1472 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) K:\WINDOWS\System32\DRIVERS\raspppoe.sys
2011/06/15 22:27:54.0315 1472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) K:\WINDOWS\System32\DRIVERS\raspti.sys
2011/06/15 22:27:54.0575 1472 Rdbss (df80c149c96fcfbb8a3dc3d5dd950aa8) K:\WINDOWS\System32\DRIVERS\rdbss.sys
2011/06/15 22:27:54.0856 1472 RDPCDD (4912d5b403614ce99c28420f75353332) K:\WINDOWS\System32\DRIVERS\RDPCDD.sys
2011/06/15 22:27:55.0126 1472 rdpdr (5208d077065ea8775e319f9834f94136) K:\WINDOWS\System32\DRIVERS\rdpdr.sys
2011/06/15 22:27:55.0396 1472 RDPWD (0606700377b6fb8b04475e92507adade) K:\WINDOWS\System32\drivers\RDPWD.sys
2011/06/15 22:27:55.0667 1472 redbook (aa3edbdc9827b913f21e4b7cbc014f78) K:\WINDOWS\System32\DRIVERS\redbook.sys
2011/06/15 22:27:56.0188 1472 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) K:\WINDOWS\System32\DRIVERS\secdrv.sys
2011/06/15 22:27:56.0468 1472 serenum (65a7c4d86c153c82e33a552c217abb29) K:\WINDOWS\System32\DRIVERS\serenum.sys
2011/06/15 22:27:56.0728 1472 Serial (12b53c0dc7b8dda3a47ed175ddd87b15) K:\WINDOWS\System32\DRIVERS\serial.sys
2011/06/15 22:27:56.0989 1472 Sfloppy (4e1b8866f3d208dee3906a191cb493e3) K:\WINDOWS\System32\drivers\Sfloppy.sys
2011/06/15 22:27:57.0299 1472 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) K:\WINDOWS\System32\drivers\sfmanm.sys
2011/06/15 22:27:57.0940 1472 splitter (32c54211e9e8a45cbcb097beaeb1999a) K:\WINDOWS\System32\drivers\splitter.sys
2011/06/15 22:27:58.0200 1472 sr (45b200f4a0b6beb071f23c7076ec3ee0) K:\WINDOWS\System32\DRIVERS\sr.sys
2011/06/15 22:27:58.0541 1472 Srv (94619eb663216f9bf12f9b950fcab3c0) K:\WINDOWS\System32\DRIVERS\srv.sys
2011/06/15 22:27:58.0891 1472 swenum (616a013d3ea068b6dee83d905e92ee9f) K:\WINDOWS\System32\DRIVERS\swenum.sys
2011/06/15 22:27:59.0122 1472 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) K:\WINDOWS\System32\drivers\swmidi.sys
2011/06/15 22:28:00.0093 1472 sysaudio (b0b19f036f76333ab3338c7493e87b12) K:\WINDOWS\System32\drivers\sysaudio.sys
2011/06/15 22:28:00.0464 1472 Tcpip (244a2f9816bc9b593957281ef577d976) K:\WINDOWS\System32\DRIVERS\tcpip.sys
2011/06/15 22:28:00.0794 1472 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) K:\WINDOWS\System32\drivers\TDPIPE.sys
2011/06/15 22:28:00.0994 1472 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) K:\WINDOWS\System32\drivers\TDTCP.sys
2011/06/15 22:28:01.0205 1472 TermDD (194c51bc28a7ce9818012142b062e431) K:\WINDOWS\System32\DRIVERS\termdd.sys
2011/06/15 22:28:01.0475 1472 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) K:\WINDOWS\System32\drivers\tiehdusb.sys
2011/06/15 22:28:01.0756 1472 tnt1tr6 (9a35651c13fb49eeb62aec4107a8e61c) K:\WINDOWS\System32\DRIVERS\tnt1tr6.sys
2011/06/15 22:28:02.0016 1472 tnt8208 (20281c59920f0c436bf8070d74e53f1b) K:\WINDOWS\System32\DRIVERS\tnt8208.sys
2011/06/15 22:28:02.0266 1472 tntcapi (080b961a88cbf7c927c500b6122c91ef) K:\WINDOWS\System32\DRIVERS\tntcapi.sys
2011/06/15 22:28:02.0567 1472 tntdss1 (b7e7adf87ccd4d9d38e04a65a6eeb156) K:\WINDOWS\System32\DRIVERS\tntdss1.sys
2011/06/15 22:28:02.0847 1472 tnthdlc (78fe20bb3b82c15d02392f4f182467cb) K:\WINDOWS\System32\DRIVERS\tnthdlc.sys
2011/06/15 22:28:03.0118 1472 tntkrn (f23ba3bebfaac475f8f82b3525f67fb6) K:\WINDOWS\System32\DRIVERS\tntkrn.sys
2011/06/15 22:28:03.0388 1472 tnts0cfg (2021a094ea719d88a67886667c51260d) K:\WINDOWS\System32\DRIVERS\tnts0cfg.sys
2011/06/15 22:28:03.0658 1472 tnts0usb (6230641298f265dedcfc820c1cca2fc9) K:\WINDOWS\System32\DRIVERS\tnts0usb.sys
2011/06/15 22:28:04.0059 1472 tntt30 (449f67a8f9b686a47e5a1507e3764cb0) K:\WINDOWS\System32\DRIVERS\tntt30.sys
2011/06/15 22:28:04.0409 1472 tntv110 (ebc49bd8810e1b433a6552dd922893df) K:\WINDOWS\System32\DRIVERS\tntv110.sys
2011/06/15 22:28:04.0690 1472 tntwan (c3be7640e02ffa75d0b5d4ec2fc94bed) K:\WINDOWS\System32\DRIVERS\tntwan.sys
2011/06/15 22:28:05.0180 1472 trm3x5 (abc610753d5b67813e98b37eeb10ccc8) K:\WINDOWS\System32\DRIVERS\trm3x5.sys
2011/06/15 22:28:05.0481 1472 Udfs (01ca8ec606522d2f60820b0c0086fdd5) K:\WINDOWS\System32\drivers\Udfs.sys
2011/06/15 22:28:06.0022 1472 Update (164cfae1d766905f56c432acfc54f28c) K:\WINDOWS\System32\DRIVERS\update.sys
2011/06/15 22:28:06.0372 1472 USB2000 (4d7bfb0f98206d3c3e36eaff52ce6711) K:\WINDOWS\System32\DRIVERS\USB2000.sys
2011/06/15 22:28:06.0603 1472 usbehci (cdaa3ef29eabae9ae825baf2b8e36735) K:\WINDOWS\System32\DRIVERS\usbehci.sys
2011/06/15 22:28:06.0883 1472 usbhub (d7bf70ac85e48b6c4df953401eccb75a) K:\WINDOWS\System32\DRIVERS\usbhub.sys
2011/06/15 22:28:07.0133 1472 USBSTOR (4923c60f9c381eae679db04021d26abb) K:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
2011/06/15 22:28:07.0394 1472 usbuhci (49ec068278d85bc1e20ac7f3d315e940) K:\WINDOWS\System32\DRIVERS\usbuhci.sys
2011/06/15 22:28:07.0634 1472 VgaSave (08d2edfd7261242b8aea27f1fe11e120) K:\WINDOWS\System32\drivers\vga.sys
2011/06/15 22:28:08.0035 1472 VolSnap (edb803a96ae88fcb69f3db45b493cf47) K:\WINDOWS\System32\drivers\VolSnap.sys
2011/06/15 22:28:08.0365 1472 Wanarp (484af08f15d1306ff2e8b64fe62a160c) K:\WINDOWS\System32\DRIVERS\wanarp.sys
2011/06/15 22:28:08.0826 1472 wdmaud (499b653356a9e5589ee83ac47e5d2a8c) K:\WINDOWS\System32\drivers\wdmaud.sys
2011/06/15 22:28:09.0256 1472 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/06/15 22:28:09.0567 1472 MBR (0x1B8) (775e2744e1c61954a913caa0cf47812b) \Device\Harddisk1\DR1
2011/06/15 22:28:09.0667 1472 MBR (0x1B8) (fbe52462a4647a53ab7fefa2f16c2b97) \Device\Harddisk2\DR2
2011/06/15 22:28:09.0737 1472 ================================================== ==============================
2011/06/15 22:28:09.0737 1472 Scan finished
2011/06/15 22:28:09.0737 1472 ================================================== ==============================
2011/06/15 22:28:09.0837 1464 Detected object count: 0
2011/06/15 22:28:09.0837 1464 Actual detected object count: 0
En het resultaat van AswMBR:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 22:29:32
-----------------------------
22:29:32.136 OS Version: Windows 5.1.2600 Service Pack 1
22:29:32.136 Number of processors: 1 586 0x803
22:29:32.136 ComputerName: W3-KZGX4W7JWCTU UserName: W3
22:29:32.526 Initialize success
22:29:40.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:29:40.247 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
22:29:40.267 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:29:40.277 Disk 1 Vendor: Maxtor_94098H6 BAC51KJ0 Size: 39083MB BusType: 3
22:29:40.297 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
22:29:40.317 Disk 2 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
22:29:40.347 Disk 0 MBR read successfully
22:29:40.367 Disk 0 MBR scan
22:29:40.387 Disk 0 unknown MBR code
22:29:40.407 Disk 0 scanning sectors +120101940
22:29:40.478 Disk 0 scanning K:\WINDOWS\System32\drivers
22:29:48.469 Service scanning
22:29:53.306 Disk 0 trace - called modules:
22:29:53.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
22:29:56.551 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fdeb48]
22:29:56.691 3 CLASSPNP.SYS[f8707022] -> nt!IofCallDriver -> \Device\00000068[0x82fde9e8]
22:29:56.831 5 ACPI.sys[f866f12d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82fdd940]
22:29:56.981 Scan finished successfully
22:30:34.395 Disk 0 MBR has been saved successfully to "E:\Mebroot-torpig\MBR.dat"
22:30:34.425 The log file has been saved successfully to "E:\Mebroot-torpig\aswMBR 15-06-2011.txt"
TDSSKiller en AswMBR zijn beide uitgevoerd in veilige modus.
Combofix kon de Recovery Console niet installeren, omdat ik beperkte internet toegang heb (via een proxy van XS4all). Hierbij de log:
ComboFix 11-06-15.02 - W3 15-06-2011 23:02:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.31.1043.18.511.275 [GMT 2:00]
Gestart vanuit: k:\documents and settings\W3\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
k:\documents and settings\W3\WINDOWS
k:\windows\IsUn0413.exe
.
k:\windows\system32\qmgr.dll . . . is geïnfecteerd!!
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))
.
.
2011-06-14 21:20 . 2011-06-15 20:30 -------- d--h--r- k:\documents and settings\W3\Onlangs geopend
2011-06-11 22:21 . 2011-06-12 20:50 -------- d-----w- k:\documents and settings\W3\Application Data\Wireshark
2011-06-11 13:01 . 2011-06-11 13:01 -------- d-----w- k:\program files\WinPcap
2011-06-06 21:57 . 2011-06-06 21:57 388096 ----a-r- k:\documents and settings\W3\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 05:23 . 2011-06-06 05:23 -------- d-----w- k:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-29 07:11 . 2011-03-08 20:55 39984 ----a-w- k:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-03-08 20:55 21048 ----a-w- k:\windows\system32\drivers\mbam.sys
2011-04-14 12:01 . 2011-04-27 14:54 9344 ----a-w- k:\windows\system32\drivers\mfeclnk.sys
2011-04-14 12:01 . 2011-04-27 14:54 141792 ----a-w- k:\windows\system32\mfevtps.exe
2011-04-14 12:01 . 2011-04-27 14:54 95824 ----a-w- k:\windows\system32\drivers\mfeapfk.sys
2011-04-14 12:01 . 2011-04-27 14:54 88736 ----a-w- k:\windows\system32\drivers\mfendisk.sys
2011-04-14 12:01 . 2011-04-27 14:54 84488 ----a-w- k:\windows\system32\drivers\mferkdet.sys
2011-04-14 12:01 . 2011-04-27 14:54 84200 ----a-w- k:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 12:01 . 2011-04-27 14:54 56064 ----a-w- k:\windows\system32\drivers\cfwids.sys
2011-04-14 12:01 . 2011-04-27 14:54 314088 ----a-w- k:\windows\system32\drivers\mfefirek.sys
2011-04-14 12:01 . 2010-06-27 14:50 52320 ----a-w- k:\windows\system32\drivers\mfebopk.sys
2011-04-14 12:01 . 2010-06-27 14:50 153280 ----a-w- k:\windows\system32\drivers\mfeavfk.sys
2011-04-14 12:01 . 2009-11-04 14:54 387480 ----a-w- k:\windows\system32\drivers\mfehidk.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[-] 2003-05-30 08:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . k:\windows\system32\d3d9.dll
.
k:\windows\System32\wscntfy.exe ... is niet aanwezig !!
k:\windows\System32\xmlprov.dll ... is niet aanwezig !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"FreeRAM XP"="d:\freeram xp pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mcui_exe"="k:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="k:\windows\System32\CTFMON.EXE" [2002-09-11 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2002-09-11 12:00 13312 ----a-w- k:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-03-07 12:16 184408 ----a-w- d:\executive software\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2003-02-26 11:00 139347 ----a-w- k:\program files\Network Associates\Common Framework\UpdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 03:41 1122304 ----a-w- k:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- k:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack]
2008-09-18 10:51 42393 ----a-w- d:\dodatki\Total CMA Pack\Total CMA Pack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2006-05-11 23:32 86016 ----a-w- d:\highcriteria\TotalRecorder\TotRecSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;k:\windows\system32\drivers\mfetdi2k.sys [27-4-2011 16:54 84200]
R2 NPF;NetGroup Packet Filter Driver;k:\windows\system32\drivers\npf.sys [25-6-2010 19:07 35088]
R2 PCLinkBridge;USB-USB Network Bridge;k:\windows\system32\drivers\Pro2000.sys [20-3-2004 20:11 6566]
R3 cfwids;McAfee Inc. cfwids;k:\windows\system32\drivers\cfwids.sys [27-4-2011 16:54 56064]
R3 mfefirek;McAfee Inc. mfefirek;k:\windows\system32\drivers\mfefirek.sys [27-4-2011 16:54 314088]
R3 mfendiskmp;mfendiskmp;k:\windows\system32\drivers\ mfendisk.sys [27-4-2011 16:54 88736]
S3 MBAMSwissArmy;MBAMSwissArmy;k:\windows\system32\dr ivers\mbamswissarmy.sys [8-3-2011 22:55 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;k:\windows\system32\drivers\mfendisk.sys [27-4-2011 16:54 88736]
S3 mferkdet;McAfee Inc. mferkdet;k:\windows\system32\drivers\mferkdet.sys [27-4-2011 16:54 84488]
S3 NIC2000;USB-USB Network Bridge Adapter;k:\windows\system32\drivers\NIC2000.SYS [20-3-2004 20:11 5766]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mfeavfk01
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
mSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - k:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://k:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://k:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
FF - ProfilePath - k:\documents and settings\W3\Application Data\Mozilla\Firefox\Profiles\p16clst2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - proxy.xs4all.nl
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - k:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - k:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-ACROMOUSE - k:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe
MSConfigStartUp-ShStatEXE - k:\program files\Network Associates\VirusScan\SHSTAT.EXE
MSConfigStartUp-swg - k:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
MSConfigStartUp-TISDNMonitor - k:\program files\TELES\ISDN Tools\tisdnmon.exe
AddRemove-uTorrent - k:\program files\uTorrent\uTorrent.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 23:15
Windows 5.1.2600 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1544)
k:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(1600)
k:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(292)
k:\windows\System32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\executive software\Diskeeper\DkService.exe
k:\windows\System32\GEARSec.exe
k:\program files\Java\jre6\bin\jqs.exe
k:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
k:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
k:\windows\System32\mfevtps.exe
k:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
k:\windows\System32\wdfmgr.exe
k:\program files\Common Files\McAfee\SystemCore\mcshield.exe
k:\program files\Common Files\McAfee\SystemCore\mfefire.exe
k:\windows\System32\devldr32.exe
k:\windows\System32\wbem\wmiapsrv.exe
k:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-06-15 23:23:29 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-15 21:23
.
Pre-Run: 110.284.800 bytes beschikbaar
Post-Run: 403.935.232 bytes beschikbaar
.
- - End Of File - - 111F7C770B21FFE42D611E52345B1A5A
Moet ik overigens nog iets doen met Computer 3 (Vista) naar aanleiding van de Combofix log van 8 juni 21.57 uur?
EvelineGirl 16 June 2011, 12:01 Nee nog even niet. Laten we ons nu eerst op deze concentreren.
Draai Combofix in normale modus aub. :)
dogegg 16 June 2011, 12:55 Ik heb Combofix in de normale modus gedraaid.
EvelineGirl 16 June 2011, 12:58 Ok draai hem dan nu nog een keer.
dogegg 17 June 2011, 01:25 Hierbij de nieuwe Combofix log:
ComboFix 11-06-15.02 - W3 17-06-2011 0:51.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.31.1043.18.511.287 [GMT 2:00]
Gestart vanuit: k:\documents and settings\W3\Bureaublad\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Besmet exemplaar van k:\windows\system32\qmgr.dll werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - k:\windows\ERDNT\cache\qmgr.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-16 to 2011-06-16 ))))))))))))))))))))))))))))))
.
.
2011-06-14 21:20 . 2011-06-15 21:45 -------- d--h--r- k:\documents and settings\W3\Onlangs geopend
2011-06-11 22:21 . 2011-06-12 20:50 -------- d-----w- k:\documents and settings\W3\Application Data\Wireshark
2011-06-11 13:01 . 2011-06-11 13:01 -------- d-----w- k:\program files\WinPcap
2011-06-06 21:57 . 2011-06-06 21:57 388096 ----a-r- k:\documents and settings\W3\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 05:23 . 2011-06-06 05:23 -------- d-----w- k:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-29 07:11 . 2011-03-08 20:55 39984 ----a-w- k:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-03-08 20:55 21048 ----a-w- k:\windows\system32\drivers\mbam.sys
2011-04-14 12:01 . 2011-04-27 14:54 9344 ----a-w- k:\windows\system32\drivers\mfeclnk.sys
2011-04-14 12:01 . 2011-04-27 14:54 141792 ----a-w- k:\windows\system32\mfevtps.exe
2011-04-14 12:01 . 2011-04-27 14:54 95824 ----a-w- k:\windows\system32\drivers\mfeapfk.sys
2011-04-14 12:01 . 2011-04-27 14:54 88736 ----a-w- k:\windows\system32\drivers\mfendisk.sys
2011-04-14 12:01 . 2011-04-27 14:54 84488 ----a-w- k:\windows\system32\drivers\mferkdet.sys
2011-04-14 12:01 . 2011-04-27 14:54 84200 ----a-w- k:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 12:01 . 2011-04-27 14:54 56064 ----a-w- k:\windows\system32\drivers\cfwids.sys
2011-04-14 12:01 . 2011-04-27 14:54 314088 ----a-w- k:\windows\system32\drivers\mfefirek.sys
2011-04-14 12:01 . 2010-06-27 14:50 52320 ----a-w- k:\windows\system32\drivers\mfebopk.sys
2011-04-14 12:01 . 2010-06-27 14:50 153280 ----a-w- k:\windows\system32\drivers\mfeavfk.sys
2011-04-14 12:01 . 2009-11-04 14:54 387480 ----a-w- k:\windows\system32\drivers\mfehidk.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[-] 2003-05-30 08:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . k:\windows\system32\d3d9.dll
.
k:\windows\System32\wscntfy.exe ... is niet aanwezig !!
k:\windows\System32\xmlprov.dll ... is niet aanwezig !!
.
((((((((((((((((((((((((((((( SnapShot@2011-06-15_21.13.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 20:24 . 2011-06-16 20:24 16384 k:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2011-06-16 23:03 . 2011-06-16 23:03 16384 k:\windows\Temp\Perflib_Perfdata_798.dat
+ 2011-06-16 23:02 . 2011-06-16 23:02 16384 k:\windows\Temp\Perflib_Perfdata_6c.dat
+ 2003-11-16 23:31 . 2011-06-15 21:15 70902 k:\windows\system32\perfc013.dat
- 2003-11-16 23:31 . 2011-06-06 21:18 70902 k:\windows\system32\perfc013.dat
+ 2003-11-16 23:29 . 2011-06-15 21:15 53986 k:\windows\system32\perfc009.dat
- 2003-11-16 23:29 . 2011-06-06 21:18 53986 k:\windows\system32\perfc009.dat
+ 2011-06-08 13:50 . 2011-06-16 20:35 32768 k:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-08 13:50 . 2011-06-15 20:37 32768 k:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-11-16 22:54 . 2011-06-15 20:37 32768 k:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2003-11-16 22:54 . 2011-06-16 20:35 32768 k:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2003-11-16 22:54 . 2011-06-15 20:37 32768 k:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2003-11-16 22:54 . 2011-06-16 20:35 32768 k:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2003-11-16 23:31 . 2011-06-06 21:18 445904 k:\windows\system32\perfh013.dat
+ 2003-11-16 23:31 . 2011-06-15 21:15 445904 k:\windows\system32\perfh013.dat
- 2003-11-16 23:29 . 2011-06-06 21:18 384020 k:\windows\system32\perfh009.dat
+ 2003-11-16 23:29 . 2011-06-15 21:15 384020 k:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"FreeRAM XP"="d:\freeram xp pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mcui_exe"="k:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="k:\windows\System32\CTFMON.EXE" [2002-09-11 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2002-09-11 12:00 13312 ----a-w- k:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-03-07 12:16 184408 ----a-w- d:\executive software\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2003-02-26 11:00 139347 ----a-w- k:\program files\Network Associates\Common Framework\UpdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 03:41 1122304 ----a-w- k:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- k:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack]
2008-09-18 10:51 42393 ----a-w- d:\dodatki\Total CMA Pack\Total CMA Pack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2006-05-11 23:32 86016 ----a-w- d:\highcriteria\TotalRecorder\TotRecSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
.
R0 PQV2i;PQV2i;k:\windows\system32\drivers\PQV2i.sys [29-7-2004 4:33 138780]
R0 trm3x5;trm3x5;k:\windows\system32\drivers\trm3x5.s ys [5-5-2000 1:51 22016]
R1 mfetdi2k;McAfee Inc. mfetdi2k;k:\windows\system32\drivers\mfetdi2k.sys [27-4-2011 16:54 84200]
R1 PQIMount;PQIMount;k:\windows\system32\drivers\PQIM ount.sys [29-7-2004 5:13 46779]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"k:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27-4-2011 16:54 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"k:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27-4-2011 16:54 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"k:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27-4-2011 16:54 271480]
R2 mfefire;McAfee Firewall Core Service;k:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [27-4-2011 16:54 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;k:\windows\system32\mfevtps.exe [27-4-2011 16:54 141792]
R2 NPF;NetGroup Packet Filter Driver;k:\windows\system32\drivers\npf.sys [25-6-2010 19:07 35088]
R2 PCLinkBridge;USB-USB Network Bridge;k:\windows\system32\drivers\Pro2000.sys [20-3-2004 20:11 6566]
R3 cfwids;McAfee Inc. cfwids;k:\windows\system32\drivers\cfwids.sys [27-4-2011 16:54 56064]
R3 mfefirek;McAfee Inc. mfefirek;k:\windows\system32\drivers\mfefirek.sys [27-4-2011 16:54 314088]
R3 mfendiskmp;mfendiskmp;k:\windows\system32\drivers\ mfendisk.sys [27-4-2011 16:54 88736]
S2 USB2000;USB-USB Network Bridge Driver;k:\windows\system32\drivers\usb2000.sys [20-3-2004 20:11 12822]
S3 MBAMSwissArmy;MBAMSwissArmy;k:\windows\system32\dr ivers\mbamswissarmy.sys [8-3-2011 22:55 39984]
S3 McAWFwk;McAfee Activation Service;k:\progra~1\mcafee\msc\mcawfwk.exe [27-4-2011 16:57 198904]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;k:\windows\system32\drivers\mfendisk.sys [27-4-2011 16:54 88736]
S3 mferkdet;McAfee Inc. mferkdet;k:\windows\system32\drivers\mferkdet.sys [27-4-2011 16:54 84488]
S3 NIC2000;USB-USB Network Bridge Adapter;k:\windows\system32\drivers\NIC2000.SYS [20-3-2004 20:11 5766]
S3 tnt1tr6;tnt1tr6;k:\windows\system32\drivers\tnt1tr 6.sys [17-11-2003 22:50 48022]
S3 tnt8208;tnt8208;k:\windows\system32\drivers\tnt820 8.sys [17-11-2003 22:50 35505]
S3 tntcapi;tntcapi;k:\windows\system32\drivers\tntcap i.sys [17-11-2003 22:50 162230]
S3 tntdss1;tntdss1;k:\windows\system32\drivers\tntdss 1.sys [17-11-2003 22:50 97222]
S3 tnthdlc;tnthdlc;k:\windows\system32\drivers\tnthdl c.sys [17-11-2003 22:50 43090]
S3 tntkrn;tntkrn;k:\windows\system32\drivers\tntkrn.s ys [17-11-2003 22:50 67663]
S3 tnts0cfg;tnts0cfg;k:\windows\system32\drivers\tnts 0cfg.sys [17-11-2003 22:50 65132]
S3 tnts0usb;tnts0usb;k:\windows\system32\drivers\tnts 0usb.sys [17-11-2003 22:50 150044]
S3 tntt30;tntt30;k:\windows\system32\drivers\tntt30.s ys [17-11-2003 22:50 354588]
S3 tntv110;tntv110;k:\windows\system32\drivers\tntv11 0.sys [17-11-2003 22:50 29862]
S3 tntwan;tntwan;k:\windows\system32\drivers\tntwan.s ys [17-11-2003 22:50 52505]
S4 McOobeSv;McAfee OOBE Service;"k:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27-4-2011 16:54 271480]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mfeavfk01
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
mSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - k:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://k:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://k:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
FF - ProfilePath - k:\documents and settings\W3\Application Data\Mozilla\Firefox\Profiles\p16clst2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - proxy.xs4all.nl
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - k:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - k:\program files\McAfee\SiteAdvisor
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 01:05
Windows 5.1.2600 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1548)
k:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(1604)
k:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(620)
k:\windows\System32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\executive software\Diskeeper\DkService.exe
k:\windows\System32\GEARSec.exe
k:\program files\Java\jre6\bin\jqs.exe
k:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
k:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
k:\windows\System32\devldr32.exe
k:\windows\System32\wdfmgr.exe
k:\program files\Common Files\McAfee\SystemCore\mcshield.exe
k:\windows\System32\wbem\wmiapsrv.exe
k:\progra~1\mcafee.com\agent\mcupdate.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-06-17 01:12:12 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-16 23:11
ComboFix2.txt 2011-06-15 21:23
.
Pre-Run: 95.875.072 bytes beschikbaar
Post-Run: 199.385.088 bytes beschikbaar
.
winxpsp1_nl_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\="Microsoft Windows"
.
- - End Of File - - AA01C18711DDB4FFD2B230DA020C5680
EvelineGirl 17 June 2011, 12:13 Het lijkt erop dat er hier meer aan de hand is. Sommigen Windows bestanden zijn geinfecteerd of ontbreken. De problemen komen duidelijk van deze computer. Is een herinstallatie van deze een optie?
dogegg 17 June 2011, 22:20 Dit lijkt inderdaad de beste optie; ik was toch al van plan om Linux op deze computer te zetten (naast Windows). Omdat de computer al wat ouder is, is hij bij sommige programma's erg traag onder Windows.
EvelineGirl 19 June 2011, 18:03 Dat lijkt me ook de beste optie. De andere computers lijken me allemaal schoon. Deze geeft de problemen.:)
dogegg 20 June 2011, 13:32 Prima. Ik ben de verdachte computer al opnieuw aan het installeren.
Heel erg bedankt voor de ondersteuning.
Met vriendelijke groet,
Dogegg
EvelineGirl 20 June 2011, 13:43 Graag gedaan en succes! :)
|
|