Volledige versie bekijken : Herhaaldelijke pogingen tot scannen met hijackthis mislukken
Shinma 16 October 2011, 23:22 Goedenavond,
Naar aanleiding van mijn opstartpost (http://www.minatica.be/threads/77031-Advies-bij-het-verwijderen-van-een-hardnekkige-rootkit) in het ander forumgedeelte post ik hier verder. Ik heb ondertussen al een aantal pogingen ondernomen om mijn systeem te scannen met MBAM en hijackthis. Maar telkens zonder succes. Er zijn echter wel een aantal andere scans gelukt. TDSS killer vond "Rootkit.Win32.ZAccess.e" en met hijackthis wist ik de opstartprocessen te scannen. Deze log kan ik plaatsen mocht dit nodig zijn. Alle hulp is zeker welkom.
Bedankt ;)
EvelineGirl 17 October 2011, 12:36 Hallo,
1.
Wil je het logje van TDSSKiller ook even hier plakken aub.
2.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Succes,
Eveline.
Shinma 17 October 2011, 17:10 Dag EvelineGirl,
Bedankt om me te helpen met dit probleem. de beide logfiles vind u dus in de post. Zoals gevraagd. Echter heb ik geen report gesaved van mijn eerdere scans met TDSS. En ik hoop dat de huidige log geen valse info verschaft want ik heb eerst combofix gedraait en had dan pas gezien dat u ook een TDSS report vroeg. Bij deze laatste scan is dus geen melding meer gegeven van de ZeroAccess rootkit.
TDSS log:
16:59:27.0970 3868 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
16:59:28.0095 3868 ================================================== ==========
16:59:28.0095 3868 Current date / time: 2011/10/17 16:59:28.0095
16:59:28.0095 3868 SystemInfo:
16:59:28.0095 3868
16:59:28.0095 3868 OS Version: 6.1.7600 ServicePack: 0.0
16:59:28.0095 3868 Product type: Workstation
16:59:28.0095 3868 ComputerName: DESKTOPBOVEN
16:59:28.0095 3868 UserName: Jens Sierens
16:59:28.0095 3868 Windows directory: C:\Windows
16:59:28.0095 3868 System windows directory: C:\Windows
16:59:28.0095 3868 Processor architecture: Intel x86
16:59:28.0095 3868 Number of processors: 2
16:59:28.0095 3868 Page size: 0x1000
16:59:28.0095 3868 Boot type: Normal boot
16:59:28.0095 3868 ================================================== ==========
16:59:28.0922 3868 Initialize success
16:59:52.0275 2736 ================================================== ==========
16:59:52.0275 2736 Scan started
16:59:52.0275 2736 Mode: Manual;
16:59:52.0275 2736 ================================================== ==========
16:59:53.0227 2736 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:59:53.0227 2736 1394ohci - ok
16:59:53.0383 2736 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:59:53.0383 2736 ACPI - ok
16:59:53.0539 2736 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:59:53.0539 2736 AcpiPmi - ok
16:59:53.0726 2736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:53.0726 2736 adp94xx - ok
16:59:53.0898 2736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:59:53.0898 2736 adpahci - ok
16:59:54.0054 2736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:59:54.0054 2736 adpu320 - ok
16:59:54.0225 2736 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:59:54.0241 2736 AFD - ok
16:59:54.0272 2736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:59:54.0272 2736 agp440 - ok
16:59:54.0444 2736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:59:54.0444 2736 aic78xx - ok
16:59:54.0631 2736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:59:54.0631 2736 aliide - ok
16:59:54.0678 2736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:59:54.0678 2736 amdagp - ok
16:59:54.0740 2736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:59:54.0740 2736 amdide - ok
16:59:54.0912 2736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:59:54.0912 2736 AmdK8 - ok
16:59:54.0943 2736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:59:54.0943 2736 AmdPPM - ok
16:59:55.0099 2736 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:59:55.0099 2736 amdsata - ok
16:59:55.0224 2736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:55.0224 2736 amdsbs - ok
16:59:55.0255 2736 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:59:55.0255 2736 amdxata - ok
16:59:55.0411 2736 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:59:55.0411 2736 AppID - ok
16:59:55.0598 2736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:59:55.0598 2736 arc - ok
16:59:55.0629 2736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:59:55.0629 2736 arcsas - ok
16:59:55.0894 2736 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
16:59:55.0894 2736 AsIO - ok
16:59:56.0082 2736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:56.0082 2736 AsyncMac - ok
16:59:56.0097 2736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:59:56.0097 2736 atapi - ok
16:59:56.0378 2736 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
16:59:56.0456 2736 atikmdag - ok
16:59:56.0612 2736 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:59:56.0612 2736 AtiPcie - ok
16:59:56.0815 2736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:59:56.0830 2736 b06bdrv - ok
16:59:56.0986 2736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:59:57.0002 2736 b57nd60x - ok
16:59:57.0111 2736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:59:57.0111 2736 Beep - ok
16:59:57.0283 2736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:57.0283 2736 blbdrive - ok
16:59:57.0454 2736 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:59:57.0454 2736 bowser - ok
16:59:57.0532 2736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:57.0532 2736 BrFiltLo - ok
16:59:57.0595 2736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:57.0610 2736 BrFiltUp - ok
16:59:57.0751 2736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:59:57.0751 2736 Brserid - ok
16:59:57.0766 2736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:57.0766 2736 BrSerWdm - ok
16:59:57.0782 2736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:57.0782 2736 BrUsbMdm - ok
16:59:57.0798 2736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:57.0798 2736 BrUsbSer - ok
16:59:57.0922 2736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:57.0938 2736 BTHMODEM - ok
16:59:58.0188 2736 catchme - ok
16:59:58.0453 2736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:59:58.0453 2736 cdfs - ok
16:59:58.0765 2736 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:59:58.0765 2736 cdrom - ok
16:59:59.0108 2736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:59:59.0124 2736 circlass - ok
16:59:59.0358 2736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:59:59.0373 2736 CLFS - ok
16:59:59.0716 2736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:59.0716 2736 CmBatt - ok
16:59:59.0935 2736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:59:59.0935 2736 cmdide - ok
17:00:00.0169 2736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:00:00.0169 2736 CNG - ok
17:00:00.0294 2736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:00:00.0294 2736 Compbatt - ok
17:00:00.0403 2736 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:00:00.0403 2736 CompositeBus - ok
17:00:00.0496 2736 cpuz135 - ok
17:00:00.0590 2736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:00:00.0590 2736 crcdisk - ok
17:00:00.0762 2736 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
17:00:00.0777 2736 CSC - ok
17:00:01.0074 2736 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
17:00:01.0074 2736 DfsC - ok
17:00:01.0152 2736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:00:01.0167 2736 discache - ok
17:00:01.0448 2736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:00:01.0448 2736 Disk - ok
17:00:01.0932 2736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:00:01.0932 2736 drmkaud - ok
17:00:02.0337 2736 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
17:00:02.0353 2736 DXGKrnl - ok
17:00:02.0774 2736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:00:02.0836 2736 ebdrv - ok
17:00:03.0070 2736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:00:03.0070 2736 elxstor - ok
17:00:03.0258 2736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
17:00:03.0258 2736 ErrDev - ok
17:00:03.0445 2736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:00:03.0445 2736 exfat - ok
17:00:03.0570 2736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:00:03.0570 2736 fastfat - ok
17:00:03.0741 2736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:00:03.0741 2736 fdc - ok
17:00:03.0819 2736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:00:03.0835 2736 FileInfo - ok
17:00:03.0960 2736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:00:03.0960 2736 Filetrace - ok
17:00:04.0100 2736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:00:04.0100 2736 flpydisk - ok
17:00:04.0116 2736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:00:04.0116 2736 FltMgr - ok
17:00:04.0147 2736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:00:04.0147 2736 FsDepends - ok
17:00:04.0209 2736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:00:04.0209 2736 Fs_Rec - ok
17:00:04.0381 2736 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
17:00:04.0381 2736 fvevol - ok
17:00:04.0537 2736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:00:04.0537 2736 gagp30kx - ok
17:00:04.0786 2736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:00:04.0786 2736 hcw85cir - ok
17:00:04.0896 2736 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
17:00:04.0896 2736 HdAudAddService - ok
17:00:05.0005 2736 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:00:05.0005 2736 HDAudBus - ok
17:00:05.0098 2736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:00:05.0098 2736 HidBatt - ok
17:00:05.0192 2736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:00:05.0192 2736 HidBth - ok
17:00:05.0395 2736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:00:05.0395 2736 HidIr - ok
17:00:05.0598 2736 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
17:00:05.0598 2736 HidUsb - ok
17:00:05.0722 2736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:00:05.0738 2736 HpSAMD - ok
17:00:05.0894 2736 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
17:00:05.0894 2736 HTTP - ok
17:00:05.0910 2736 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
17:00:05.0910 2736 hwpolicy - ok
17:00:06.0097 2736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:00:06.0112 2736 i8042prt - ok
17:00:06.0331 2736 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
17:00:06.0346 2736 iaStorV - ok
17:00:06.0440 2736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:00:06.0440 2736 iirsp - ok
17:00:06.0471 2736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
17:00:06.0471 2736 intelide - ok
17:00:06.0627 2736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:00:06.0627 2736 intelppm - ok
17:00:06.0674 2736 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:00:06.0690 2736 IpFilterDriver - ok
17:00:06.0752 2736 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:00:06.0768 2736 IPMIDRV - ok
17:00:06.0830 2736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:00:06.0830 2736 IPNAT - ok
17:00:06.0955 2736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:00:06.0955 2736 IRENUM - ok
17:00:07.0048 2736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
17:00:07.0048 2736 isapnp - ok
17:00:07.0158 2736 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
17:00:07.0158 2736 iScsiPrt - ok
17:00:07.0329 2736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:00:07.0329 2736 kbdclass - ok
17:00:07.0501 2736 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
17:00:07.0501 2736 kbdhid - ok
17:00:07.0688 2736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
17:00:07.0688 2736 KSecDD - ok
17:00:07.0719 2736 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
17:00:07.0719 2736 KSecPkg - ok
17:00:07.0891 2736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:00:07.0891 2736 lltdio - ok
17:00:08.0062 2736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:00:08.0062 2736 LSI_FC - ok
17:00:08.0234 2736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:00:08.0234 2736 LSI_SAS - ok
17:00:08.0390 2736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:00:08.0390 2736 LSI_SAS2 - ok
17:00:08.0452 2736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:00:08.0468 2736 LSI_SCSI - ok
17:00:08.0608 2736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:00:08.0624 2736 luafv - ok
17:00:08.0749 2736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:00:08.0749 2736 megasas - ok
17:00:08.0920 2736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:00:08.0920 2736 MegaSR - ok
17:00:09.0108 2736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:00:09.0108 2736 Modem - ok
17:00:09.0264 2736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:00:09.0264 2736 monitor - ok
17:00:09.0451 2736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:00:09.0451 2736 mouclass - ok
17:00:09.0607 2736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:00:09.0607 2736 mouhid - ok
17:00:09.0638 2736 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
17:00:09.0638 2736 mountmgr - ok
17:00:09.0654 2736 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
17:00:09.0654 2736 mpio - ok
17:00:09.0685 2736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:00:09.0685 2736 mpsdrv - ok
17:00:09.0716 2736 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
17:00:09.0716 2736 MRxDAV - ok
17:00:09.0872 2736 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:00:09.0872 2736 mrxsmb - ok
17:00:09.0934 2736 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:00:09.0950 2736 mrxsmb10 - ok
17:00:09.0981 2736 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:00:09.0981 2736 mrxsmb20 - ok
17:00:10.0106 2736 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
17:00:10.0106 2736 msahci - ok
17:00:10.0153 2736 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
17:00:10.0153 2736 msdsm - ok
17:00:10.0293 2736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:00:10.0293 2736 Msfs - ok
17:00:10.0371 2736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:00:10.0371 2736 mshidkmdf - ok
17:00:10.0496 2736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
17:00:10.0496 2736 msisadrv - ok
17:00:10.0668 2736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:00:10.0668 2736 MSKSSRV - ok
17:00:10.0777 2736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:00:10.0777 2736 MSPCLOCK - ok
17:00:10.0855 2736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:00:10.0870 2736 MSPQM - ok
17:00:10.0933 2736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:00:10.0948 2736 MsRPC - ok
17:00:11.0073 2736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
17:00:11.0073 2736 mssmbios - ok
17:00:11.0229 2736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:00:11.0245 2736 MSTEE - ok
17:00:11.0385 2736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:00:11.0432 2736 MTConfig - ok
17:00:11.0650 2736 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
17:00:11.0650 2736 MTsensor - ok
17:00:11.0666 2736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:00:11.0682 2736 Mup - ok
17:00:11.0822 2736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:00:11.0838 2736 NativeWifiP - ok
17:00:11.0994 2736 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
17:00:12.0009 2736 NDIS - ok
17:00:12.0150 2736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:00:12.0165 2736 NdisCap - ok
17:00:12.0181 2736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:00:12.0181 2736 NdisTapi - ok
17:00:12.0306 2736 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
17:00:12.0306 2736 Ndisuio - ok
17:00:12.0352 2736 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
17:00:12.0352 2736 NdisWan - ok
17:00:12.0368 2736 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
17:00:12.0368 2736 NDProxy - ok
17:00:12.0477 2736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:00:12.0477 2736 NetBIOS - ok
17:00:12.0524 2736 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:00:12.0524 2736 NetBT - ok
17:00:12.0727 2736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:00:12.0727 2736 nfrd960 - ok
17:00:12.0820 2736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:00:12.0820 2736 Npfs - ok
17:00:12.0852 2736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:00:12.0852 2736 nsiproxy - ok
17:00:12.0898 2736 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
17:00:12.0914 2736 Ntfs - ok
17:00:12.0945 2736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:00:12.0945 2736 Null - ok
17:00:13.0101 2736 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
17:00:13.0101 2736 nvraid - ok
17:00:13.0210 2736 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
17:00:13.0210 2736 nvstor - ok
17:00:13.0335 2736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
17:00:13.0335 2736 nv_agp - ok
17:00:13.0429 2736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
17:00:13.0429 2736 ohci1394 - ok
17:00:13.0647 2736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:00:13.0647 2736 Parport - ok
17:00:13.0663 2736 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
17:00:13.0663 2736 partmgr - ok
17:00:13.0678 2736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:00:13.0678 2736 Parvdm - ok
17:00:13.0756 2736 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
17:00:13.0756 2736 pci - ok
17:00:13.0834 2736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
17:00:13.0834 2736 pciide - ok
17:00:13.0928 2736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:00:13.0928 2736 pcmcia - ok
17:00:14.0006 2736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:00:14.0006 2736 pcw - ok
17:00:14.0162 2736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:00:14.0178 2736 PEAUTH - ok
17:00:14.0334 2736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:00:14.0334 2736 PptpMiniport - ok
17:00:14.0396 2736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:00:14.0396 2736 Processor - ok
17:00:14.0521 2736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:00:14.0521 2736 Psched - ok
17:00:14.0661 2736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:00:14.0692 2736 ql2300 - ok
17:00:14.0817 2736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:00:14.0817 2736 ql40xx - ok
17:00:14.0911 2736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:00:14.0911 2736 QWAVEdrv - ok
17:00:14.0926 2736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:00:14.0926 2736 RasAcd - ok
17:00:14.0958 2736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:00:14.0958 2736 RasAgileVpn - ok
17:00:15.0051 2736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:00:15.0051 2736 Rasl2tp - ok
17:00:15.0067 2736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:00:15.0067 2736 RasPppoe - ok
17:00:15.0098 2736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:00:15.0114 2736 RasSstp - ok
17:00:15.0176 2736 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
17:00:15.0192 2736 rdbss - ok
17:00:15.0192 2736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:00:15.0207 2736 rdpbus - ok
17:00:15.0285 2736 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:00:15.0285 2736 RDPCDD - ok
17:00:15.0332 2736 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
17:00:15.0332 2736 RDPDR - ok
17:00:15.0488 2736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:00:15.0504 2736 RDPENCDD - ok
17:00:15.0504 2736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:00:15.0519 2736 RDPREFMP - ok
17:00:15.0535 2736 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
17:00:15.0535 2736 RDPWD - ok
17:00:15.0628 2736 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
17:00:15.0628 2736 rdyboost - ok
17:00:15.0660 2736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:00:15.0691 2736 rspndr - ok
17:00:15.0816 2736 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
17:00:15.0831 2736 RT61 - ok
17:00:15.0925 2736 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:00:15.0925 2736 RTL8167 - ok
17:00:15.0956 2736 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
17:00:15.0956 2736 s3cap - ok
17:00:16.0050 2736 SASDIFSV - ok
17:00:16.0081 2736 SASKUTIL - ok
17:00:16.0237 2736 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
17:00:16.0237 2736 sbp2port - ok
17:00:16.0393 2736 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
17:00:16.0393 2736 scfilter - ok
17:00:16.0471 2736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:00:16.0471 2736 secdrv - ok
17:00:16.0627 2736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:00:16.0627 2736 Serenum - ok
17:00:16.0674 2736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:00:16.0674 2736 sermouse - ok
17:00:16.0705 2736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:00:16.0705 2736 sffdisk - ok
17:00:16.0736 2736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:00:16.0736 2736 sffp_mmc - ok
17:00:16.0752 2736 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:00:16.0752 2736 sffp_sd - ok
17:00:16.0767 2736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:00:16.0767 2736 sfloppy - ok
17:00:16.0814 2736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
17:00:16.0830 2736 sisagp - ok
17:00:16.0876 2736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:00:16.0876 2736 SiSRaid2 - ok
17:00:17.0001 2736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:00:17.0001 2736 SiSRaid4 - ok
17:00:17.0048 2736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:00:17.0048 2736 Smb - ok
17:00:17.0220 2736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:00:17.0220 2736 spldr - ok
17:00:17.0282 2736 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
17:00:17.0298 2736 srv - ok
17:00:17.0422 2736 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
17:00:17.0438 2736 srv2 - ok
17:00:17.0563 2736 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
17:00:17.0578 2736 srvnet - ok
17:00:17.0734 2736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:00:17.0734 2736 stexstor - ok
17:00:17.0812 2736 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:00:17.0812 2736 storflt - ok
17:00:17.0937 2736 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
17:00:17.0937 2736 storvsc - ok
17:00:17.0968 2736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
17:00:17.0968 2736 swenum - ok
17:00:18.0202 2736 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
17:00:18.0202 2736 Tcpip - ok
17:00:18.0390 2736 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
17:00:18.0405 2736 TCPIP6 - ok
17:00:18.0452 2736 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
17:00:18.0452 2736 tcpipreg - ok
17:00:18.0561 2736 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
17:00:18.0561 2736 TDPIPE - ok
17:00:18.0577 2736 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
17:00:18.0577 2736 TDTCP - ok
17:00:18.0592 2736 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
17:00:18.0608 2736 tdx - ok
17:00:18.0624 2736 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
17:00:18.0624 2736 TermDD - ok
17:00:18.0826 2736 tmrkb (7e2887341a3164dedc9b89082c24aeca) C:\Windows\system32\DRIVERS\tmrkb.sys
17:00:18.0826 2736 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 7e2887341a3164dedc9b89082c24aeca, Fake md5: b44d1e95a4c70853230a2e1cd0dac0b9
17:00:18.0826 2736 tmrkb ( ForgedFile.Multi.Generic ) - warning
17:00:18.0826 2736 tmrkb - detected ForgedFile.Multi.Generic (1)
17:00:18.0982 2736 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:00:18.0982 2736 tssecsrv - ok
17:00:19.0107 2736 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
17:00:19.0123 2736 tunnel - ok
17:00:19.0170 2736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:00:19.0185 2736 uagp35 - ok
17:00:19.0216 2736 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
17:00:19.0216 2736 udfs - ok
17:00:19.0248 2736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:00:19.0248 2736 uliagpkx - ok
17:00:19.0404 2736 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
17:00:19.0404 2736 umbus - ok
17:00:19.0450 2736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:00:19.0450 2736 UmPass - ok
17:00:19.0606 2736 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
17:00:19.0606 2736 usbaudio - ok
17:00:19.0653 2736 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
17:00:19.0653 2736 usbccgp - ok
17:00:19.0809 2736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
17:00:19.0809 2736 usbcir - ok
17:00:19.0840 2736 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
17:00:19.0856 2736 usbehci - ok
17:00:20.0012 2736 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
17:00:20.0012 2736 usbhub - ok
17:00:20.0043 2736 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
17:00:20.0043 2736 usbohci - ok
17:00:20.0121 2736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:00:20.0121 2736 usbprint - ok
17:00:20.0152 2736 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:00:20.0152 2736 USBSTOR - ok
17:00:20.0184 2736 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
17:00:20.0184 2736 usbuhci - ok
17:00:20.0308 2736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:00:20.0308 2736 vdrvroot - ok
17:00:20.0402 2736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:00:20.0402 2736 vga - ok
17:00:20.0480 2736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:00:20.0480 2736 VgaSave - ok
17:00:20.0558 2736 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
17:00:20.0558 2736 vhdmp - ok
17:00:20.0714 2736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
17:00:20.0714 2736 viaagp - ok
17:00:20.0745 2736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:00:20.0745 2736 ViaC7 - ok
17:00:20.0886 2736 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
17:00:20.0917 2736 VIAHdAudAddService - ok
17:00:21.0042 2736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
17:00:21.0042 2736 viaide - ok
17:00:21.0120 2736 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
17:00:21.0135 2736 vmbus - ok
17:00:21.0260 2736 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:00:21.0260 2736 VMBusHID - ok
17:00:21.0338 2736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
17:00:21.0338 2736 volmgr - ok
17:00:21.0447 2736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:00:21.0463 2736 volmgrx - ok
17:00:21.0510 2736 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
17:00:21.0510 2736 volsnap - ok
17:00:21.0728 2736 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
17:00:21.0759 2736 vpcbus - ok
17:00:21.0962 2736 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:00:21.0962 2736 vpcnfltr - ok
17:00:22.0087 2736 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
17:00:22.0087 2736 vpcusb - ok
17:00:22.0258 2736 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
17:00:22.0258 2736 vpcvmm - ok
17:00:22.0414 2736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:00:22.0414 2736 vsmraid - ok
17:00:22.0633 2736 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
17:00:22.0633 2736 VSPerfDrv100 - ok
17:00:22.0789 2736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:00:22.0789 2736 vwifibus - ok
17:00:22.0976 2736 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:00:22.0976 2736 wacmoumonitor - ok
17:00:23.0007 2736 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:00:23.0007 2736 wacommousefilter - ok
17:00:23.0038 2736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:00:23.0038 2736 WacomPen - ok
17:00:23.0194 2736 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:00:23.0194 2736 wacomvhid - ok
17:00:23.0366 2736 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:00:23.0366 2736 WANARP - ok
17:00:23.0366 2736 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:00:23.0366 2736 Wanarpv6 - ok
17:00:23.0553 2736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:00:23.0553 2736 Wd - ok
17:00:23.0584 2736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:00:23.0584 2736 Wdf01000 - ok
17:00:23.0756 2736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:00:23.0756 2736 WfpLwf - ok
17:00:23.0772 2736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:00:23.0772 2736 WIMMount - ok
17:00:23.0959 2736 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
17:00:23.0959 2736 WinDriver6 - ok
17:00:24.0177 2736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:00:24.0177 2736 WmiAcpi - ok
17:00:24.0349 2736 WRkrn (6f759df9b7b1ddd22febe80cd942b54f) C:\Windows\system32\drivers\WRkrn.sys
17:00:24.0349 2736 WRkrn - ok
17:00:24.0411 2736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:00:24.0411 2736 ws2ifsl - ok
17:00:24.0458 2736 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:00:24.0474 2736 WudfPf - ok
17:00:24.0630 2736 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:00:24.0630 2736 WUDFRd - ok
17:00:24.0692 2736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:00:24.0692 2736 \Device\Harddisk0\DR0 - ok
17:00:24.0708 2736 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
17:00:24.0708 2736 \Device\Harddisk1\DR1 - ok
17:00:24.0708 2736 Boot (0x1200) (71301cf578259c44eac051a30ed79edd) \Device\Harddisk0\DR0\Partition0
17:00:24.0723 2736 \Device\Harddisk0\DR0\Partition0 - ok
17:00:24.0723 2736 Boot (0x1200) (2746959d8da5bc6d6b27c080fc47f0e3) \Device\Harddisk0\DR0\Partition1
17:00:24.0723 2736 \Device\Harddisk0\DR0\Partition1 - ok
17:00:24.0723 2736 Boot (0x1200) (1b11360251bf637005d28619ac9fa751) \Device\Harddisk1\DR1\Partition0
17:00:24.0723 2736 \Device\Harddisk1\DR1\Partition0 - ok
17:00:24.0739 2736 Boot (0x1200) (b1fbf230aa5a079fd8c945ff08808f03) \Device\Harddisk1\DR1\Partition1
17:00:24.0739 2736 \Device\Harddisk1\DR1\Partition1 - ok
17:00:24.0739 2736 ================================================== ==========
17:00:24.0739 2736 Scan finished
17:00:24.0739 2736 ================================================== ==========
17:00:24.0754 3840 Detected object count: 1
17:00:24.0754 3840 Actual detected object count: 1
17:00:35.0144 3840 tmrkb ( ForgedFile.Multi.Generic ) - skipped by user
17:00:35.0144 3840 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Skip
ComboFix log:
ComboFix 11-10-16.03 - Jens Sierens 17/10/2011 16:19:05.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1043.18.3327.2457 [GMT 2:00]
Gestart vanuit: c:\users\Jens Sierens\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jens Sierens\AppData\Roaming\Jeotqo
c:\users\Jens Sierens\AppData\Roaming\Jeotqo\geedq.puj
c:\windows\$NtUninstallKB27545$
c:\windows\$NtUninstallKB27545$\100569496\@
c:\windows\$NtUninstallKB27545$\100569496\L\xadqgn nk
c:\windows\$NtUninstallKB27545$\100569496\loader.t lb
c:\windows\$NtUninstallKB27545$\100569496\U\@00000 001
c:\windows\$NtUninstallKB27545$\100569496\U\@00000 0c0
c:\windows\$NtUninstallKB27545$\100569496\U\@00000 0cb
c:\windows\$NtUninstallKB27545$\100569496\U\@00000 0cf
c:\windows\$NtUninstallKB27545$\100569496\U\@80000 000
c:\windows\$NtUninstallKB27545$\100569496\U\@80000 0c0
c:\windows\$NtUninstallKB27545$\100569496\U\@80000 0cb
c:\windows\$NtUninstallKB27545$\100569496\U\@80000 0cf
c:\windows\$NtUninstallKB27545$\3854956871
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\system32\
c:\windows\system32\c_11982.nls
.
Besmet exemplaar van c:\windows\system32\drivers\netbt.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\18e2c83e4 2cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324 d55864070\netbt.sys
.
Besmet exemplaar van c:\windows\system32\atiesrxx.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cl_ 87324.inf_x86_neutral_b52c10eae430a1c8\B_86988\ati esrxx.exe
.
Besmet exemplaar van c:\windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
.
.
Besmet exemplaar van c:\program files\Tablet\Pen\Pen_Tablet.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy2_!Program Files!Tablet!Pen!Pen_Tablet.exe
.
Besmet exemplaar van c:\program files\Tablet\Pen\Pen_TouchService.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy2_!Program Files!Tablet!Pen!Pen_TouchService.exe
.
Besmet exemplaar van c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy2_!Program Files!Common Files!microsoft shared!Windows Live!WLIDSVC.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_5fe9198
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-17 to 2011-10-17 ))))))))))))))))))))))))))))))
.
.
2011-10-17 14:44 . 2011-10-17 14:46 -------- d-----w- c:\users\Jens Sierens\AppData\Local\temp
2011-10-17 14:44 . 2011-10-17 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 14:44 . 2011-03-28 18:31 1713536 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2011-10-17 14:23 . 2011-10-17 14:23 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{162B1EC0-1BB4-4A6A-8899-7DA50E276F6E}\offreg.dll
2011-10-17 14:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-10-16 20:11 . 2011-10-16 20:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-10-16 20:11 . 2011-10-16 20:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-16 20:10 . 2011-10-16 20:10 388096 ----a-r- c:\users\Jens Sierens\AppData\Roaming\Microsoft\Installer\{45A66 726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-16 20:10 . 2011-10-16 20:10 -------- d-----w- c:\program files\Trend Micro
2011-10-16 17:39 . 2011-10-16 17:39 -------- d-----w- c:\program files\HJT
2011-10-16 15:22 . 2011-10-16 15:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-16 15:18 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{162B1EC0-1BB4-4A6A-8899-7DA50E276F6E}\mpengine.dll
2011-10-16 13:40 . 2011-10-16 13:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-16 13:40 . 2011-10-16 13:40 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\SUPERAntiSpyware.com
2011-10-14 20:32 . 2011-10-16 17:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-14 20:32 . 2011-10-14 20:32 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\Malwarebytes
2011-10-14 20:32 . 2011-10-14 20:32 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 20:31 . 2011-10-16 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 20:02 . 2011-10-16 19:28 48016 --sha-w- c:\windows\system32\c_11982.nl_
2011-10-14 19:41 . 2011-10-14 19:41 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-10-14 19:41 . 2011-10-14 19:41 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-10-14 19:41 . 2011-10-14 19:59 -------- d-----w- c:\programdata\WRData
2011-10-14 19:41 . 2011-10-14 19:41 -------- d-----w- c:\program files\Webroot
2011-10-09 20:48 . 2011-10-09 20:48 -------- d-sh--w- c:\users\Jens Sierens\AppData\Local\05fe9198
2011-10-08 19:28 . 2011-10-08 19:28 -------- d-----w- c:\program files\Advanced File Organizer
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\DCoder Image Source
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\7-Zip
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\FFMPEG Core Files
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\SHOUTcast Source
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\CD Audio Reader Filter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\OpenSource AVI Splitter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\Gabest MPEG Splitter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\DScaler5
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\AC3Filter
2011-10-03 21:25 . 2009-08-11 19:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\Bass Audio Decoder
2011-10-03 21:24 . 2011-10-12 22:59 -------- d-----w- c:\programdata\Zoom Player
2011-10-03 21:24 . 2011-10-03 21:24 -------- d-----w- c:\program files\Zoom Player
2011-09-28 20:37 . 2011-09-28 20:42 -------- d-----w- c:\program files\Inkscape
2011-09-28 20:14 . 2011-09-28 20:14 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\WTablet
2011-09-28 20:14 . 2011-09-08 15:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-09-28 20:14 . 2011-09-08 15:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-09-28 20:14 . 2011-09-08 15:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-09-28 20:13 . 2011-09-08 15:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-09-28 20:13 . 2011-09-08 15:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2011-09-28 20:13 . 2011-09-08 15:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2011-09-28 20:13 . 2011-09-08 15:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-09-28 20:13 . 2011-09-28 20:14 -------- d-----w- c:\program files\Tablet
2011-09-26 19:53 . 2011-09-26 19:53 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\BitTorrent
2011-09-26 19:53 . 2011-09-26 19:53 -------- d-----w- c:\users\Jens Sierens\AppData\Local\BitTorrent
2011-09-26 19:51 . 2011-09-26 19:51 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\uTorrent
2011-09-26 19:51 . 2011-09-26 19:51 -------- d-----w- c:\users\Jens Sierens\AppData\Local\uTorrent
2011-09-25 13:38 . 2011-09-27 20:33 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-09-25 13:22 . 2011-09-25 13:22 -------- d-----w- c:\program files\Adobe Media Player
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-10-16 19:21 . 2010-10-19 17:05 295936 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2011-10-16 18:30 . 2011-06-16 08:57 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-16 15:22 . 2009-07-13 23:53 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-09-18 01:11 . 2010-10-09 14:46 1415680 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\Re sourceCache.dll
2011-07-20 20:10 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-10-14 599616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg&inst=NzctNjI0NjY1MzE5LVFJWDErNC1YMjAxMCsyLUxJQysyM i1GTDEwKzEtU1AxKzEtVFVHKzMtU1VEKzEtUzFJKzEtU1UzKzE tRERUKzQ1NDUxLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Jens Sierens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Jens Sierens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Star tup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jens Sierens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
path=c:\users\Jens Sierens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 15:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R1 SASDIFSV;SASDIFSV;c:\users\JENSSI~1\AppData\Local\ Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\JENSSI~1\AppData\Local\ Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-02-03 8192]
R2 tmrkb;tmrkb;c:\windows\system32\DRIVERS\tmrkb.sys [2011-10-16 65808]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-10-14 599616]
R3 AVRZU;AVRZU;c:\users\JENSSI~1\AppData\Local\Temp\A VRZU.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x3 2.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.s ys [2011-09-08 10752]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-10-14 106312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2009-06-10 66384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:62000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jens Sierens\AppData\Roaming\Mozilla\Firefox\Profiles\l dg5rby9.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb3660a&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=nl&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62000
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-21069410.sys
SafeBoot-25256155.sys
SafeBoot-29504207.sys
SafeBoot-57272184.sys
SafeBoot-klmdb.sys
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1443393807-4273532130-1213093711-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,c8,2c,a7,c5,18,ef,aa,fe,72,80,8c,0b,9c,8a, 09,a4,d3,f2,09,e8,
f6,2c,64,d4,78,a4,07,3a,4e,23,81,c2,ee,2c,87,f5,a6 ,e7,c8,c8,89,2c,7c,2f,d4,\
"rkeysecu"=hex:5c,de,45,b9,14,cf,66,c0,06,25,22,8d,d9,37,8b, bc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sdclt.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-10-17 16:51:46 - machine werd herstart
ComboFix-quarantined-files.txt 2011-10-17 14:51
.
Pre-Run: 50.702.991.360 bytes beschikbaar
Post-Run: 50.224.832.512 bytes beschikbaar
.
- - End Of File - - 908662F077CCBF7858070DF18C6E1771
Alvast nogmaals bedankt. Ik wacht in spanning een volgende stap af :p
EvelineGirl 17 October 2011, 17:30 Hallo,
1.
Download ProxyFix (http://www.malwareinfo.nl/tools/ProxyFix.exe) naar het bureaublad.
Dubbelklik op "ProxyFix.exe" om de tool te starten.
Vista en Windows 7 rechtsklik "Uitvoeren als Administrator"
Geef ik het keuzescherm de letter "D" op en druk op enter.
Plaat de inhoud van het kladblok bestand wat is geopend in het volgende bericht.
2.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) naar het bureaublad.
Dubbelklik op "aswMBR.exe" om de tool te starten.
Vista en Windows 7 gebruikers: Reschtsklik -> uitvoeren als Administrator.
Klik bij het volgende venster op "Nee"
http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png
Klik op de knop "scan"
http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif
Als de scan gereed is klikt u op de knop "save log"
http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif
Plaats dit log bestand in het volgende bericht.
Succes,
Eveline.
Shinma 17 October 2011, 18:31 ProxyFix v 2.0 © by Maxstar
ma 17/10/2011 - 18:23:44,29
----------Internet Explorer----------
"ProxyEnable"=dword:00000000
"ProxyServer"="0"
----------Firefox----------
----------E.O.F----------
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-17 18:26:18
-----------------------------
18:26:18.698 OS Version: Windows 6.1.7600
18:26:18.698 Number of processors: 2 586 0x6B02
18:26:18.698 ComputerName: DESKTOPBOVEN UserName: Jens Sierens
18:26:21.802 Initialize success
18:26:45.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:26:45.407 Disk 0 Vendor: ST3160318AS CC38 Size: 152627MB BusType: 3
18:26:45.407 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
18:26:45.422 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
18:26:47.450 Disk 0 MBR read successfully
18:26:47.450 Disk 0 MBR scan
18:26:47.466 Disk 0 Windows 7 default MBR code
18:26:47.466 Disk 0 scanning sectors +312578048
18:26:47.544 Disk 0 scanning C:\Windows\system32\drivers
18:26:58.807 Service scanning
18:26:59.868 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
18:27:00.398 Modules scanning
18:27:07.153 Disk 0 trace - called modules:
18:27:07.169 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:27:07.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713880]
18:27:07.184 3 CLASSPNP.SYS[83b4359e] -> nt!IofCallDriver -> [0x86720400]
18:27:07.184 5 ACPI.sys[833ab3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86714030]
18:27:07.200 Scan finished successfully
18:27:30.818 Disk 0 MBR has been saved successfully to "C:\Users\Jens Sierens\Desktop\cleanuplogs\MBR.dat"
18:27:30.834 The log file has been saved successfully to "C:\Users\Jens Sierens\Desktop\cleanuplogs\aswMBR_log.txt"
EvelineGirl 17 October 2011, 19:53 Wil je nu TDSSkiller nog een keer laten scannen?
Shinma 17 October 2011, 20:08 20:05:25.0680 3996 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
20:05:25.0820 3996 ================================================== ==========
20:05:25.0820 3996 Current date / time: 2011/10/17 20:05:25.0820
20:05:25.0820 3996 SystemInfo:
20:05:25.0820 3996
20:05:25.0820 3996 OS Version: 6.1.7600 ServicePack: 0.0
20:05:25.0820 3996 Product type: Workstation
20:05:25.0820 3996 ComputerName: DESKTOPBOVEN
20:05:25.0820 3996 UserName: Jens Sierens
20:05:25.0820 3996 Windows directory: C:\Windows
20:05:25.0820 3996 System windows directory: C:\Windows
20:05:25.0820 3996 Processor architecture: Intel x86
20:05:25.0820 3996 Number of processors: 2
20:05:25.0820 3996 Page size: 0x1000
20:05:25.0820 3996 Boot type: Normal boot
20:05:25.0820 3996 ================================================== ==========
20:05:33.0121 3996 Initialize success
20:05:44.0478 2964 ================================================== ==========
20:05:44.0478 2964 Scan started
20:05:44.0478 2964 Mode: Manual;
20:05:44.0478 2964 ================================================== ==========
20:05:45.0086 2964 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:05:45.0086 2964 1394ohci - ok
20:05:45.0258 2964 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:05:45.0258 2964 ACPI - ok
20:05:45.0414 2964 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:05:45.0414 2964 AcpiPmi - ok
20:05:45.0601 2964 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:05:45.0601 2964 adp94xx - ok
20:05:45.0772 2964 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:05:45.0772 2964 adpahci - ok
20:05:45.0944 2964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:05:45.0944 2964 adpu320 - ok
20:05:46.0116 2964 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:05:46.0116 2964 AFD - ok
20:05:46.0147 2964 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:05:46.0162 2964 agp440 - ok
20:05:46.0318 2964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:05:46.0318 2964 aic78xx - ok
20:05:46.0506 2964 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:05:46.0506 2964 aliide - ok
20:05:46.0646 2964 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:05:46.0662 2964 amdagp - ok
20:05:46.0724 2964 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:05:46.0724 2964 amdide - ok
20:05:46.0927 2964 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:05:46.0927 2964 AmdK8 - ok
20:05:47.0052 2964 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:05:47.0052 2964 AmdPPM - ok
20:05:47.0223 2964 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:05:47.0223 2964 amdsata - ok
20:05:47.0379 2964 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:05:47.0395 2964 amdsbs - ok
20:05:47.0489 2964 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:05:47.0489 2964 amdxata - ok
20:05:47.0598 2964 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:05:47.0598 2964 AppID - ok
20:05:47.0785 2964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:05:47.0785 2964 arc - ok
20:05:47.0801 2964 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:05:47.0801 2964 arcsas - ok
20:05:47.0957 2964 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
20:05:47.0972 2964 AsIO - ok
20:05:48.0159 2964 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:48.0159 2964 AsyncMac - ok
20:05:48.0191 2964 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:05:48.0191 2964 atapi - ok
20:05:48.0503 2964 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:05:48.0534 2964 atikmdag - ok
20:05:48.0705 2964 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:05:48.0705 2964 AtiPcie - ok
20:05:48.0908 2964 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:05:48.0924 2964 b06bdrv - ok
20:05:49.0080 2964 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:05:49.0095 2964 b57nd60x - ok
20:05:49.0251 2964 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:05:49.0267 2964 Beep - ok
20:05:49.0314 2964 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:05:49.0314 2964 blbdrive - ok
20:05:49.0454 2964 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:05:49.0454 2964 bowser - ok
20:05:49.0470 2964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:05:49.0470 2964 BrFiltLo - ok
20:05:49.0595 2964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:05:49.0595 2964 BrFiltUp - ok
20:05:49.0813 2964 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:05:49.0813 2964 Brserid - ok
20:05:49.0891 2964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:49.0891 2964 BrSerWdm - ok
20:05:49.0953 2964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:49.0953 2964 BrUsbMdm - ok
20:05:50.0047 2964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:50.0047 2964 BrUsbSer - ok
20:05:50.0172 2964 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:05:50.0172 2964 BTHMODEM - ok
20:05:50.0297 2964 catchme - ok
20:05:50.0468 2964 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:05:50.0468 2964 cdfs - ok
20:05:50.0640 2964 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:05:50.0640 2964 cdrom - ok
20:05:50.0811 2964 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:05:50.0811 2964 circlass - ok
20:05:50.0905 2964 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:05:50.0905 2964 CLFS - ok
20:05:51.0077 2964 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:51.0077 2964 CmBatt - ok
20:05:51.0155 2964 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:05:51.0155 2964 cmdide - ok
20:05:51.0279 2964 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:05:51.0279 2964 CNG - ok
20:05:51.0420 2964 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:05:51.0420 2964 Compbatt - ok
20:05:51.0513 2964 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:05:51.0513 2964 CompositeBus - ok
20:05:51.0638 2964 cpuz135 - ok
20:05:51.0716 2964 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:05:51.0716 2964 crcdisk - ok
20:05:51.0903 2964 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:05:51.0919 2964 CSC - ok
20:05:52.0106 2964 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:05:52.0106 2964 DfsC - ok
20:05:52.0137 2964 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:05:52.0137 2964 discache - ok
20:05:52.0293 2964 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:05:52.0293 2964 Disk - ok
20:05:52.0481 2964 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:05:52.0481 2964 drmkaud - ok
20:05:52.0559 2964 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:05:52.0559 2964 DXGKrnl - ok
20:05:52.0793 2964 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:05:52.0824 2964 ebdrv - ok
20:05:52.0995 2964 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:05:52.0995 2964 elxstor - ok
20:05:53.0027 2964 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:05:53.0027 2964 ErrDev - ok
20:05:53.0198 2964 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:05:53.0198 2964 exfat - ok
20:05:53.0339 2964 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:05:53.0339 2964 fastfat - ok
20:05:53.0495 2964 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:05:53.0495 2964 fdc - ok
20:05:53.0588 2964 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:05:53.0588 2964 FileInfo - ok
20:05:53.0697 2964 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:05:53.0697 2964 Filetrace - ok
20:05:53.0978 2964 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:53.0994 2964 flpydisk - ok
20:05:54.0150 2964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:05:54.0150 2964 FltMgr - ok
20:05:54.0290 2964 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:05:54.0306 2964 FsDepends - ok
20:05:54.0384 2964 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:05:54.0399 2964 Fs_Rec - ok
20:05:54.0602 2964 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:05:54.0602 2964 fvevol - ok
20:05:54.0758 2964 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:05:54.0758 2964 gagp30kx - ok
20:05:54.0930 2964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:05:54.0930 2964 hcw85cir - ok
20:05:55.0055 2964 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:05:55.0055 2964 HdAudAddService - ok
20:05:55.0195 2964 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:05:55.0195 2964 HDAudBus - ok
20:05:55.0242 2964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:05:55.0242 2964 HidBatt - ok
20:05:55.0367 2964 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:05:55.0367 2964 HidBth - ok
20:05:55.0429 2964 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:05:55.0429 2964 HidIr - ok
20:05:55.0585 2964 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:05:55.0585 2964 HidUsb - ok
20:05:55.0741 2964 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:05:55.0757 2964 HpSAMD - ok
20:05:55.0928 2964 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:05:55.0944 2964 HTTP - ok
20:05:56.0069 2964 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:05:56.0069 2964 hwpolicy - ok
20:05:56.0240 2964 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:05:56.0240 2964 i8042prt - ok
20:05:56.0412 2964 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:05:56.0412 2964 iaStorV - ok
20:05:56.0537 2964 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:05:56.0537 2964 iirsp - ok
20:05:56.0615 2964 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:05:56.0615 2964 intelide - ok
20:05:56.0755 2964 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:05:56.0755 2964 intelppm - ok
20:05:56.0895 2964 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:56.0895 2964 IpFilterDriver - ok
20:05:57.0051 2964 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:05:57.0051 2964 IPMIDRV - ok
20:05:57.0067 2964 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:05:57.0067 2964 IPNAT - ok
20:05:57.0223 2964 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:05:57.0223 2964 IRENUM - ok
20:05:57.0301 2964 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:05:57.0301 2964 isapnp - ok
20:05:57.0441 2964 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:05:57.0441 2964 iScsiPrt - ok
20:05:57.0597 2964 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:05:57.0597 2964 kbdclass - ok
20:05:57.0753 2964 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:05:57.0753 2964 kbdhid - ok
20:05:57.0941 2964 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:05:57.0941 2964 KSecDD - ok
20:05:57.0972 2964 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
20:05:57.0972 2964 KSecPkg - ok
20:05:58.0143 2964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:05:58.0143 2964 lltdio - ok
20:05:58.0331 2964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:58.0331 2964 LSI_FC - ok
20:05:58.0487 2964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:58.0487 2964 LSI_SAS - ok
20:05:58.0643 2964 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:58.0643 2964 LSI_SAS2 - ok
20:05:58.0814 2964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:58.0814 2964 LSI_SCSI - ok
20:05:59.0033 2964 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:05:59.0033 2964 luafv - ok
20:05:59.0204 2964 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:05:59.0204 2964 megasas - ok
20:05:59.0376 2964 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:59.0376 2964 MegaSR - ok
20:05:59.0563 2964 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:05:59.0579 2964 Modem - ok
20:05:59.0735 2964 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:05:59.0735 2964 monitor - ok
20:05:59.0891 2964 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:05:59.0891 2964 mouclass - ok
20:06:00.0047 2964 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:06:00.0062 2964 mouhid - ok
20:06:00.0078 2964 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:06:00.0078 2964 mountmgr - ok
20:06:00.0203 2964 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:06:00.0203 2964 mpio - ok
20:06:00.0281 2964 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:06:00.0281 2964 mpsdrv - ok
20:06:00.0359 2964 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:06:00.0359 2964 MRxDAV - ok
20:06:00.0530 2964 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:00.0530 2964 mrxsmb - ok
20:06:00.0655 2964 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:00.0655 2964 mrxsmb10 - ok
20:06:00.0686 2964 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:00.0702 2964 mrxsmb20 - ok
20:06:00.0827 2964 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:06:00.0827 2964 msahci - ok
20:06:00.0905 2964 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:06:00.0905 2964 msdsm - ok
20:06:01.0061 2964 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:06:01.0061 2964 Msfs - ok
20:06:01.0139 2964 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:06:01.0139 2964 mshidkmdf - ok
20:06:01.0279 2964 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:06:01.0279 2964 msisadrv - ok
20:06:01.0466 2964 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:06:01.0466 2964 MSKSSRV - ok
20:06:01.0607 2964 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:01.0622 2964 MSPCLOCK - ok
20:06:01.0731 2964 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:06:01.0731 2964 MSPQM - ok
20:06:01.0856 2964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:06:01.0856 2964 MsRPC - ok
20:06:01.0965 2964 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:06:01.0965 2964 mssmbios - ok
20:06:02.0106 2964 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:06:02.0106 2964 MSTEE - ok
20:06:02.0231 2964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:06:02.0231 2964 MTConfig - ok
20:06:02.0371 2964 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
20:06:02.0371 2964 MTsensor - ok
20:06:02.0433 2964 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:06:02.0433 2964 Mup - ok
20:06:02.0558 2964 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:06:02.0558 2964 NativeWifiP - ok
20:06:02.0730 2964 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:06:02.0730 2964 NDIS - ok
20:06:02.0886 2964 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:06:02.0886 2964 NdisCap - ok
20:06:03.0057 2964 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:03.0057 2964 NdisTapi - ok
20:06:03.0213 2964 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:03.0213 2964 Ndisuio - ok
20:06:03.0260 2964 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:03.0260 2964 NdisWan - ok
20:06:03.0385 2964 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:06:03.0385 2964 NDProxy - ok
20:06:03.0494 2964 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:06:03.0494 2964 NetBIOS - ok
20:06:03.0650 2964 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:06:03.0666 2964 NetBT - ok
20:06:03.0837 2964 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:06:03.0837 2964 nfrd960 - ok
20:06:03.0931 2964 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:06:03.0931 2964 Npfs - ok
20:06:03.0962 2964 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:06:03.0978 2964 nsiproxy - ok
20:06:04.0227 2964 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:06:04.0243 2964 Ntfs - ok
20:06:04.0321 2964 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:06:04.0321 2964 Null - ok
20:06:04.0461 2964 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:06:04.0461 2964 nvraid - ok
20:06:04.0617 2964 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:06:04.0617 2964 nvstor - ok
20:06:04.0695 2964 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:06:04.0695 2964 nv_agp - ok
20:06:04.0789 2964 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:06:04.0789 2964 ohci1394 - ok
20:06:04.0992 2964 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:06:05.0007 2964 Parport - ok
20:06:05.0039 2964 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:06:05.0039 2964 partmgr - ok
20:06:05.0163 2964 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:06:05.0163 2964 Parvdm - ok
20:06:05.0288 2964 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:06:05.0288 2964 pci - ok
20:06:05.0351 2964 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:06:05.0351 2964 pciide - ok
20:06:05.0444 2964 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:06:05.0444 2964 pcmcia - ok
20:06:05.0538 2964 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:06:05.0538 2964 pcw - ok
20:06:05.0694 2964 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:06:05.0694 2964 PEAUTH - ok
20:06:06.0006 2964 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:06:06.0006 2964 PptpMiniport - ok
20:06:06.0037 2964 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:06:06.0037 2964 Processor - ok
20:06:06.0193 2964 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:06:06.0193 2964 Psched - ok
20:06:06.0240 2964 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:06:06.0255 2964 ql2300 - ok
20:06:06.0380 2964 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:06:06.0380 2964 ql40xx - ok
20:06:06.0443 2964 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:06:06.0443 2964 QWAVEdrv - ok
20:06:06.0567 2964 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:06:06.0567 2964 RasAcd - ok
20:06:06.0739 2964 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:06:06.0739 2964 RasAgileVpn - ok
20:06:06.0895 2964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:06.0895 2964 Rasl2tp - ok
20:06:07.0004 2964 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:07.0004 2964 RasPppoe - ok
20:06:07.0082 2964 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:06:07.0082 2964 RasSstp - ok
20:06:07.0098 2964 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:06:07.0098 2964 rdbss - ok
20:06:07.0113 2964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:06:07.0113 2964 rdpbus - ok
20:06:07.0238 2964 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:07.0238 2964 RDPCDD - ok
20:06:07.0269 2964 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:06:07.0269 2964 RDPDR - ok
20:06:07.0425 2964 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:06:07.0425 2964 RDPENCDD - ok
20:06:07.0441 2964 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:06:07.0441 2964 RDPREFMP - ok
20:06:07.0472 2964 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:06:07.0472 2964 RDPWD - ok
20:06:07.0628 2964 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:06:07.0628 2964 rdyboost - ok
20:06:07.0847 2964 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:06:07.0847 2964 rspndr - ok
20:06:08.0018 2964 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
20:06:08.0018 2964 RT61 - ok
20:06:08.0190 2964 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:06:08.0205 2964 RTL8167 - ok
20:06:08.0237 2964 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:06:08.0237 2964 s3cap - ok
20:06:08.0346 2964 SASDIFSV - ok
20:06:08.0361 2964 SASKUTIL - ok
20:06:08.0517 2964 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:06:08.0517 2964 sbp2port - ok
20:06:08.0689 2964 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:06:08.0689 2964 scfilter - ok
20:06:08.0814 2964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:06:08.0829 2964 secdrv - ok
20:06:09.0032 2964 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:06:09.0048 2964 Serenum - ok
20:06:09.0063 2964 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:06:09.0063 2964 sermouse - ok
20:06:09.0282 2964 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:06:09.0282 2964 sffdisk - ok
20:06:09.0297 2964 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:06:09.0297 2964 sffp_mmc - ok
20:06:09.0297 2964 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:06:09.0297 2964 sffp_sd - ok
20:06:09.0313 2964 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:09.0313 2964 sfloppy - ok
20:06:09.0453 2964 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:06:09.0469 2964 sisagp - ok
20:06:09.0578 2964 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:09.0578 2964 SiSRaid2 - ok
20:06:09.0641 2964 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:09.0641 2964 SiSRaid4 - ok
20:06:09.0765 2964 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:06:09.0765 2964 Smb - ok
20:06:09.0953 2964 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:06:09.0953 2964 spldr - ok
20:06:10.0015 2964 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:06:10.0015 2964 srv - ok
20:06:10.0155 2964 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:06:10.0155 2964 srv2 - ok
20:06:10.0249 2964 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:06:10.0249 2964 srvnet - ok
20:06:10.0421 2964 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:06:10.0421 2964 stexstor - ok
20:06:10.0467 2964 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:06:10.0467 2964 storflt - ok
20:06:10.0483 2964 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:06:10.0483 2964 storvsc - ok
20:06:10.0577 2964 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:06:10.0577 2964 swenum - ok
20:06:10.0857 2964 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
20:06:10.0873 2964 Tcpip - ok
20:06:11.0060 2964 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
20:06:11.0076 2964 TCPIP6 - ok
20:06:11.0123 2964 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:06:11.0123 2964 tcpipreg - ok
20:06:11.0154 2964 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:06:11.0154 2964 TDPIPE - ok
20:06:11.0279 2964 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:06:11.0279 2964 TDTCP - ok
20:06:11.0294 2964 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:06:11.0294 2964 tdx - ok
20:06:11.0372 2964 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:06:11.0372 2964 TermDD - ok
20:06:11.0575 2964 tmrkb (7e2887341a3164dedc9b89082c24aeca) C:\Windows\system32\DRIVERS\tmrkb.sys
20:06:11.0575 2964 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 7e2887341a3164dedc9b89082c24aeca, Fake md5: b44d1e95a4c70853230a2e1cd0dac0b9
20:06:11.0575 2964 tmrkb ( ForgedFile.Multi.Generic ) - warning
20:06:11.0575 2964 tmrkb - detected ForgedFile.Multi.Generic (1)
20:06:11.0747 2964 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:11.0747 2964 tssecsrv - ok
20:06:11.0903 2964 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:06:11.0918 2964 tunnel - ok
20:06:11.0934 2964 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:06:11.0949 2964 uagp35 - ok
20:06:12.0074 2964 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:06:12.0074 2964 udfs - ok
20:06:12.0199 2964 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:06:12.0199 2964 uliagpkx - ok
20:06:12.0324 2964 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:06:12.0324 2964 umbus - ok
20:06:12.0402 2964 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:06:12.0402 2964 UmPass - ok
20:06:12.0573 2964 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:06:12.0573 2964 usbaudio - ok
20:06:12.0620 2964 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:12.0620 2964 usbccgp - ok
20:06:12.0729 2964 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:06:12.0729 2964 usbcir - ok
20:06:12.0807 2964 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
20:06:12.0807 2964 usbehci - ok
20:06:12.0963 2964 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
20:06:12.0963 2964 usbhub - ok
20:06:12.0995 2964 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
20:06:12.0995 2964 usbohci - ok
20:06:13.0088 2964 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:06:13.0088 2964 usbprint - ok
20:06:13.0151 2964 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:13.0151 2964 USBSTOR - ok
20:06:13.0244 2964 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
20:06:13.0244 2964 usbuhci - ok
20:06:13.0369 2964 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:06:13.0369 2964 vdrvroot - ok
20:06:13.0478 2964 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:13.0478 2964 vga - ok
20:06:13.0494 2964 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:06:13.0494 2964 VgaSave - ok
20:06:13.0541 2964 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:06:13.0541 2964 vhdmp - ok
20:06:13.0619 2964 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:06:13.0619 2964 viaagp - ok
20:06:13.0697 2964 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:06:13.0697 2964 ViaC7 - ok
20:06:13.0837 2964 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
20:06:13.0853 2964 VIAHdAudAddService - ok
20:06:13.0931 2964 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:06:13.0931 2964 viaide - ok
20:06:13.0977 2964 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:06:13.0977 2964 vmbus - ok
20:06:14.0009 2964 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:06:14.0009 2964 VMBusHID - ok
20:06:14.0087 2964 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:06:14.0087 2964 volmgr - ok
20:06:14.0118 2964 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:06:14.0118 2964 volmgrx - ok
20:06:14.0211 2964 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:06:14.0211 2964 volsnap - ok
20:06:14.0399 2964 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
20:06:14.0399 2964 vpcbus - ok
20:06:14.0570 2964 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:06:14.0570 2964 vpcnfltr - ok
20:06:14.0742 2964 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
20:06:14.0742 2964 vpcusb - ok
20:06:14.0898 2964 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
20:06:14.0913 2964 vpcvmm - ok
20:06:15.0069 2964 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:06:15.0069 2964 vsmraid - ok
20:06:15.0288 2964 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
20:06:15.0288 2964 VSPerfDrv100 - ok
20:06:15.0444 2964 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:06:15.0444 2964 vwifibus - ok
20:06:15.0631 2964 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:06:15.0631 2964 wacmoumonitor - ok
20:06:15.0662 2964 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
20:06:15.0662 2964 wacommousefilter - ok
20:06:15.0803 2964 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:06:15.0803 2964 WacomPen - ok
20:06:15.0943 2964 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
20:06:15.0943 2964 wacomvhid - ok
20:06:16.0068 2964 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:16.0068 2964 WANARP - ok
20:06:16.0083 2964 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:16.0083 2964 Wanarpv6 - ok
20:06:16.0271 2964 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:06:16.0271 2964 Wd - ok
20:06:16.0302 2964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:06:16.0302 2964 Wdf01000 - ok
20:06:16.0473 2964 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:16.0473 2964 WfpLwf - ok
20:06:16.0489 2964 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:06:16.0489 2964 WIMMount - ok
20:06:16.0676 2964 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
20:06:16.0692 2964 WinDriver6 - ok
20:06:16.0910 2964 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:06:16.0910 2964 WmiAcpi - ok
20:06:17.0066 2964 WRkrn (6f759df9b7b1ddd22febe80cd942b54f) C:\Windows\system32\drivers\WRkrn.sys
20:06:17.0066 2964 WRkrn - ok
20:06:17.0113 2964 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:06:17.0113 2964 ws2ifsl - ok
20:06:17.0238 2964 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:06:17.0238 2964 WudfPf - ok
20:06:17.0394 2964 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:17.0394 2964 WUDFRd - ok
20:06:17.0503 2964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:06:17.0519 2964 \Device\Harddisk0\DR0 - ok
20:06:17.0519 2964 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
20:06:17.0519 2964 \Device\Harddisk1\DR1 - ok
20:06:17.0534 2964 Boot (0x1200) (71301cf578259c44eac051a30ed79edd) \Device\Harddisk0\DR0\Partition0
20:06:17.0534 2964 \Device\Harddisk0\DR0\Partition0 - ok
20:06:17.0534 2964 Boot (0x1200) (2746959d8da5bc6d6b27c080fc47f0e3) \Device\Harddisk0\DR0\Partition1
20:06:17.0534 2964 \Device\Harddisk0\DR0\Partition1 - ok
20:06:17.0550 2964 Boot (0x1200) (1b11360251bf637005d28619ac9fa751) \Device\Harddisk1\DR1\Partition0
20:06:17.0550 2964 \Device\Harddisk1\DR1\Partition0 - ok
20:06:17.0550 2964 Boot (0x1200) (b1fbf230aa5a079fd8c945ff08808f03) \Device\Harddisk1\DR1\Partition1
20:06:17.0550 2964 \Device\Harddisk1\DR1\Partition1 - ok
20:06:17.0550 2964 ================================================== ==========
20:06:17.0550 2964 Scan finished
20:06:17.0550 2964 ================================================== ==========
20:06:17.0565 3760 Detected object count: 1
20:06:17.0565 3760 Actual detected object count: 1
20:06:29.0983 3760 C:\Windows\system32\DRIVERS\tmrkb.sys - copied to quarantine
20:06:29.0983 3760 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Quarantine
EvelineGirl 17 October 2011, 20:19 'Copied to quarantine.'
Herstart de computer en doe de scan nog eens.
Ik ga alvast iets voor bereiden.
Shinma 17 October 2011, 20:28 Even ter duideliijkheid? Is er een specifieke actie die ik moet ondernemen bij deze threat? Ik krijg dezelfde melding. Log volgt onmiddelijk
edit: nvm, tdsskiller heeft al beslist. hier de log:
20:24:05.0843 2996 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
20:24:05.0983 2996 ================================================== ==========
20:24:05.0983 2996 Current date / time: 2011/10/17 20:24:05.0983
20:24:05.0983 2996 SystemInfo:
20:24:05.0983 2996
20:24:05.0983 2996 OS Version: 6.1.7600 ServicePack: 0.0
20:24:05.0983 2996 Product type: Workstation
20:24:05.0983 2996 ComputerName: DESKTOPBOVEN
20:24:05.0983 2996 UserName: Jens Sierens
20:24:05.0983 2996 Windows directory: C:\Windows
20:24:05.0983 2996 System windows directory: C:\Windows
20:24:05.0983 2996 Processor architecture: Intel x86
20:24:05.0983 2996 Number of processors: 2
20:24:05.0983 2996 Page size: 0x1000
20:24:05.0983 2996 Boot type: Normal boot
20:24:05.0983 2996 ================================================== ==========
20:24:07.0153 2996 Initialize success
20:24:14.0750 2560 ================================================== ==========
20:24:14.0750 2560 Scan started
20:24:14.0750 2560 Mode: Manual;
20:24:14.0750 2560 ================================================== ==========
20:24:15.0952 2560 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:15.0952 2560 1394ohci - ok
20:24:16.0123 2560 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:16.0123 2560 ACPI - ok
20:24:16.0279 2560 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:16.0279 2560 AcpiPmi - ok
20:24:16.0466 2560 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:16.0466 2560 adp94xx - ok
20:24:16.0638 2560 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:16.0654 2560 adpahci - ok
20:24:16.0810 2560 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:16.0825 2560 adpu320 - ok
20:24:17.0012 2560 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:24:17.0028 2560 AFD - ok
20:24:17.0044 2560 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:24:17.0059 2560 agp440 - ok
20:24:17.0215 2560 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:17.0215 2560 aic78xx - ok
20:24:17.0402 2560 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:24:17.0402 2560 aliide - ok
20:24:17.0496 2560 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:24:17.0496 2560 amdagp - ok
20:24:17.0558 2560 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:24:17.0558 2560 amdide - ok
20:24:17.0699 2560 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:17.0699 2560 AmdK8 - ok
20:24:17.0714 2560 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:17.0714 2560 AmdPPM - ok
20:24:17.0886 2560 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:24:17.0886 2560 am
Shinma 17 October 2011, 20:31 Dat was hem niet volledig; Mijn excuses.
20:24:05.0843 2996 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
20:24:05.0983 2996 ================================================== ==========
20:24:05.0983 2996 Current date / time: 2011/10/17 20:24:05.0983
20:24:05.0983 2996 SystemInfo:
20:24:05.0983 2996
20:24:05.0983 2996 OS Version: 6.1.7600 ServicePack: 0.0
20:24:05.0983 2996 Product type: Workstation
20:24:05.0983 2996 ComputerName: DESKTOPBOVEN
20:24:05.0983 2996 UserName: Jens Sierens
20:24:05.0983 2996 Windows directory: C:\Windows
20:24:05.0983 2996 System windows directory: C:\Windows
20:24:05.0983 2996 Processor architecture: Intel x86
20:24:05.0983 2996 Number of processors: 2
20:24:05.0983 2996 Page size: 0x1000
20:24:05.0983 2996 Boot type: Normal boot
20:24:05.0983 2996 ================================================== ==========
20:24:07.0153 2996 Initialize success
20:24:14.0750 2560 ================================================== ==========
20:24:14.0750 2560 Scan started
20:24:14.0750 2560 Mode: Manual;
20:24:14.0750 2560 ================================================== ==========
20:24:15.0952 2560 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:15.0952 2560 1394ohci - ok
20:24:16.0123 2560 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:16.0123 2560 ACPI - ok
20:24:16.0279 2560 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:16.0279 2560 AcpiPmi - ok
20:24:16.0466 2560 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:16.0466 2560 adp94xx - ok
20:24:16.0638 2560 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:16.0654 2560 adpahci - ok
20:24:16.0810 2560 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:16.0825 2560 adpu320 - ok
20:24:17.0012 2560 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:24:17.0028 2560 AFD - ok
20:24:17.0044 2560 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:24:17.0059 2560 agp440 - ok
20:24:17.0215 2560 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:17.0215 2560 aic78xx - ok
20:24:17.0402 2560 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:24:17.0402 2560 aliide - ok
20:24:17.0496 2560 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:24:17.0496 2560 amdagp - ok
20:24:17.0558 2560 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:24:17.0558 2560 amdide - ok
20:24:17.0699 2560 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:17.0699 2560 AmdK8 - ok
20:24:17.0714 2560 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:17.0714 2560 AmdPPM - ok
20:24:17.0886 2560 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:24:17.0886 2560 amdsata - ok
20:24:18.0042 2560 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:18.0058 2560 amdsbs - ok
20:24:18.0151 2560 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:24:18.0151 2560 amdxata - ok
20:24:18.0323 2560 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:24:18.0323 2560 AppID - ok
20:24:18.0619 2560 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:24:18.0619 2560 arc - ok
20:24:18.0713 2560 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:18.0713 2560 arcsas - ok
20:24:18.0884 2560 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
20:24:18.0884 2560 AsIO - ok
20:24:19.0087 2560 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:19.0087 2560 AsyncMac - ok
20:24:19.0150 2560 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:24:19.0165 2560 atapi - ok
20:24:19.0430 2560 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:19.0508 2560 atikmdag - ok
20:24:19.0680 2560 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:24:19.0680 2560 AtiPcie - ok
20:24:19.0883 2560 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:24:19.0883 2560 b06bdrv - ok
20:24:20.0054 2560 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:24:20.0054 2560 b57nd60x - ok
20:24:20.0179 2560 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:24:20.0179 2560 Beep - ok
20:24:20.0335 2560 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:20.0335 2560 blbdrive - ok
20:24:20.0507 2560 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:24:20.0507 2560 bowser - ok
20:24:20.0585 2560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:20.0585 2560 BrFiltLo - ok
20:24:20.0647 2560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:20.0647 2560 BrFiltUp - ok
20:24:20.0819 2560 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:24:20.0819 2560 Brserid - ok
20:24:20.0834 2560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:20.0834 2560 BrSerWdm - ok
20:24:20.0850 2560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:20.0850 2560 BrUsbMdm - ok
20:24:20.0975 2560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:20.0975 2560 BrUsbSer - ok
20:24:21.0037 2560 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:21.0037 2560 BTHMODEM - ok
20:24:21.0162 2560 catchme - ok
20:24:21.0318 2560 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:21.0318 2560 cdfs - ok
20:24:21.0490 2560 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:21.0490 2560 cdrom - ok
20:24:21.0708 2560 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:24:21.0708 2560 circlass - ok
20:24:21.0848 2560 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:24:21.0848 2560 CLFS - ok
20:24:22.0067 2560 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:22.0082 2560 CmBatt - ok
20:24:22.0223 2560 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:24:22.0223 2560 cmdide - ok
20:24:22.0363 2560 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:24:22.0363 2560 CNG - ok
20:24:22.0535 2560 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:22.0535 2560 Compbatt - ok
20:24:22.0706 2560 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:22.0706 2560 CompositeBus - ok
20:24:22.0816 2560 cpuz135 - ok
20:24:22.0894 2560 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:22.0894 2560 crcdisk - ok
20:24:23.0065 2560 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:24:23.0065 2560 CSC - ok
20:24:23.0533 2560 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:24:23.0549 2560 DfsC - ok
20:24:23.0767 2560 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:24:23.0767 2560 discache - ok
20:24:24.0001 2560 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:24:24.0001 2560 Disk - ok
20:24:24.0188 2560 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:24:24.0188 2560 drmkaud - ok
20:24:24.0282 2560 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:24.0282 2560 DXGKrnl - ok
20:24:24.0516 2560 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:24:24.0578 2560 ebdrv - ok
20:24:24.0750 2560 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:24.0766 2560 elxstor - ok
20:24:24.0781 2560 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:24:24.0781 2560 ErrDev - ok
20:24:24.0953 2560 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:24:24.0953 2560 exfat - ok
20:24:24.0984 2560 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:24:24.0984 2560 fastfat - ok
20:24:25.0140 2560 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:24:25.0140 2560 fdc - ok
20:24:25.0171 2560 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:24:25.0171 2560 FileInfo - ok
20:24:25.0296 2560 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:24:25.0296 2560 Filetrace - ok
20:24:25.0343 2560 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:25.0358 2560 flpydisk - ok
20:24:25.0452 2560 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:24:25.0468 2560 FltMgr - ok
20:24:25.0546 2560 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:24:25.0561 2560 FsDepends - ok
20:24:25.0624 2560 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:25.0624 2560 Fs_Rec - ok
20:24:26.0014 2560 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:26.0045 2560 fvevol - ok
20:24:26.0326 2560 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:26.0341 2560 gagp30kx - ok
20:24:26.0825 2560 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:24:26.0856 2560 hcw85cir - ok
20:24:27.0308 2560 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:24:27.0324 2560 HdAudAddService - ok
20:24:27.0558 2560 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:27.0558 2560 HDAudBus - ok
20:24:27.0761 2560 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:27.0761 2560 HidBatt - ok
20:24:27.0995 2560 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:27.0995 2560 HidBth - ok
20:24:28.0260 2560 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:24:28.0276 2560 HidIr - ok
20:24:28.0572 2560 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:28.0588 2560 HidUsb - ok
20:24:28.0931 2560 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:28.0946 2560 HpSAMD - ok
20:24:29.0305 2560 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:24:29.0321 2560 HTTP - ok
20:24:29.0555 2560 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:24:29.0555 2560 hwpolicy - ok
20:24:29.0773 2560 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:29.0773 2560 i8042prt - ok
20:24:29.0945 2560 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:24:29.0945 2560 iaStorV - ok
20:24:30.0116 2560 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:30.0116 2560 iirsp - ok
20:24:30.0226 2560 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:24:30.0226 2560 intelide - ok
20:24:30.0366 2560 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:30.0382 2560 intelppm - ok
20:24:30.0444 2560 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:30.0444 2560 IpFilterDriver - ok
20:24:30.0584 2560 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:30.0600 2560 IPMIDRV - ok
20:24:30.0678 2560 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:30.0678 2560 IPNAT - ok
20:24:30.0834 2560 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:30.0834 2560 IRENUM - ok
20:24:30.0896 2560 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:24:30.0896 2560 isapnp - ok
20:24:31.0021 2560 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:31.0021 2560 iScsiPrt - ok
20:24:31.0193 2560 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:31.0193 2560 kbdclass - ok
20:24:31.0364 2560 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:31.0380 2560 kbdhid - ok
20:24:31.0567 2560 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:24:31.0567 2560 KSecDD - ok
20:24:31.0661 2560 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:31.0676 2560 KSecPkg - ok
20:24:31.0817 2560 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:31.0817 2560 lltdio - ok
20:24:31.0879 2560 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:31.0879 2560 LSI_FC - ok
20:24:31.0957 2560 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:31.0957 2560 LSI_SAS - ok
20:24:32.0113 2560 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:32.0113 2560 LSI_SAS2 - ok
20:24:32.0191 2560 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:32.0191 2560 LSI_SCSI - ok
20:24:32.0347 2560 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:32.0347 2560 luafv - ok
20:24:32.0441 2560 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:32.0456 2560 megasas - ok
20:24:32.0706 2560 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:32.0722 2560 MegaSR - ok
20:24:32.0987 2560 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:32.0987 2560 Modem - ok
20:24:33.0158 2560 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:33.0158 2560 monitor - ok
20:24:33.0361 2560 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:33.0361 2560 mouclass - ok
20:24:33.0548 2560 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:33.0548 2560 mouhid - ok
20:24:33.0720 2560 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:24:33.0720 2560 mountmgr - ok
20:24:33.0907 2560 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:24:33.0923 2560 mpio - ok
20:24:34.0126 2560 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:34.0126 2560 mpsdrv - ok
20:24:34.0297 2560 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:24:34.0297 2560 MRxDAV - ok
20:24:34.0516 2560 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:34.0516 2560 mrxsmb - ok
20:24:34.0687 2560 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:34.0687 2560 mrxsmb10 - ok
20:24:34.0874 2560 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:34.0874 2560 mrxsmb20 - ok
20:24:35.0046 2560 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:24:35.0046 2560 msahci - ok
20:24:35.0218 2560 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:24:35.0218 2560 msdsm - ok
20:24:35.0592 2560 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:35.0608 2560 Msfs - ok
20:24:35.0779 2560 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:35.0795 2560 mshidkmdf - ok
20:24:35.0888 2560 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:35.0888 2560 msisadrv - ok
20:24:36.0076 2560 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:36.0076 2560 MSKSSRV - ok
20:24:36.0216 2560 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:36.0232 2560 MSPCLOCK - ok
20:24:36.0388 2560 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:36.0388 2560 MSPQM - ok
20:24:36.0528 2560 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:36.0528 2560 MsRPC - ok
20:24:36.0668 2560 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:36.0668 2560 mssmbios - ok
20:24:36.0856 2560 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:36.0871 2560 MSTEE - ok
20:24:37.0012 2560 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:37.0012 2560 MTConfig - ok
20:24:37.0168 2560 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
20:24:37.0168 2560 MTsensor - ok
20:24:37.0324 2560 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:37.0339 2560 Mup - ok
20:24:37.0495 2560 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:37.0511 2560 NativeWifiP - ok
20:24:37.0729 2560 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:24:37.0745 2560 NDIS - ok
20:24:37.0916 2560 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:37.0932 2560 NdisCap - ok
20:24:38.0104 2560 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:38.0104 2560 NdisTapi - ok
20:24:38.0306 2560 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:38.0306 2560 Ndisuio - ok
20:24:38.0447 2560 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:38.0462 2560 NdisWan - ok
20:24:38.0681 2560 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:24:38.0712 2560 NDProxy - ok
20:24:38.0977 2560 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:38.0993 2560 NetBIOS - ok
20:24:39.0258 2560 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:24:39.0258 2560 NetBT - ok
20:24:39.0570 2560 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:39.0601 2560 nfrd960 - ok
20:24:39.0820 2560 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:39.0820 2560 Npfs - ok
20:24:39.0913 2560 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:39.0929 2560 nsiproxy - ok
20:24:40.0116 2560 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:24:40.0132 2560 Ntfs - ok
20:24:40.0272 2560 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:40.0272 2560 Null - ok
20:24:40.0444 2560 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:24:40.0459 2560 nvraid - ok
20:24:40.0646 2560 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:24:40.0646 2560 nvstor - ok
20:24:40.0756 2560 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:40.0771 2560 nv_agp - ok
20:24:40.0880 2560 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:40.0880 2560 ohci1394 - ok
20:24:41.0130 2560 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:41.0146 2560 Parport - ok
20:24:41.0270 2560 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:24:41.0270 2560 partmgr - ok
20:24:41.0411 2560 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:41.0411 2560 Parvdm - ok
20:24:41.0551 2560 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:24:41.0567 2560 pci - ok
20:24:41.0707 2560 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:24:41.0707 2560 pciide - ok
20:24:41.0863 2560 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:41.0863 2560 pcmcia - ok
20:24:42.0004 2560 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:42.0004 2560 pcw - ok
20:24:42.0160 2560 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:42.0191 2560 PEAUTH - ok
20:24:42.0409 2560 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0409 2560 PptpMiniport - ok
20:24:42.0550 2560 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0550 2560 Processor - ok
20:24:42.0768 2560 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:42.0768 2560 Psched - ok
20:24:43.0220 2560 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:43.0267 2560 ql2300 - ok
20:24:43.0876 2560 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:43.0907 2560 ql40xx - ok
20:24:44.0453 2560 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:44.0468 2560 QWAVEdrv - ok
20:24:44.0921 2560 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:44.0952 2560 RasAcd - ok
20:24:45.0170 2560 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:45.0170 2560 RasAgileVpn - ok
20:24:45.0592 2560 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:45.0607 2560 Rasl2tp - ok
20:24:46.0044 2560 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:46.0044 2560 RasPppoe - ok
20:24:46.0418 2560 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:46.0418 2560 RasSstp - ok
20:24:46.0637 2560 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:46.0637 2560 rdbss - ok
20:24:46.0824 2560 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:46.0824 2560 rdpbus - ok
20:24:47.0011 2560 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:47.0011 2560 RDPCDD - ok
20:24:47.0261 2560 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:24:47.0276 2560 RDPDR - ok
20:24:47.0510 2560 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:47.0588 2560 RDPENCDD - ok
20:24:47.0807 2560 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:47.0807 2560 RDPREFMP - ok
20:24:48.0041 2560 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:24:48.0041 2560 RDPWD - ok
20:24:48.0275 2560 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:24:48.0290 2560 rdyboost - ok
20:24:48.0540 2560 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:48.0540 2560 rspndr - ok
20:24:48.0712 2560 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
20:24:48.0712 2560 RT61 - ok
20:24:48.0992 2560 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:24:49.0008 2560 RTL8167 - ok
20:24:49.0180 2560 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:49.0195 2560 s3cap - ok
20:24:49.0289 2560 SASDIFSV - ok
20:24:49.0382 2560 SASKUTIL - ok
20:24:49.0554 2560 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:49.0554 2560 sbp2port - ok
20:24:49.0726 2560 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:49.0726 2560 scfilter - ok
20:24:49.0788 2560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:49.0788 2560 secdrv - ok
20:24:49.0991 2560 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:49.0991 2560 Serenum - ok
20:24:50.0069 2560 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:50.0069 2560 sermouse - ok
20:24:50.0225 2560 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:50.0225 2560 sffdisk - ok
20:24:50.0303 2560 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:50.0303 2560 sffp_mmc - ok
20:24:50.0381 2560 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:50.0381 2560 sffp_sd - ok
20:24:50.0428 2560 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:50.0428 2560 sfloppy - ok
20:24:50.0537 2560 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:24:50.0537 2560 sisagp - ok
20:24:50.0693 2560 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:50.0693 2560 SiSRaid2 - ok
20:24:50.0818 2560 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:50.0818 2560 SiSRaid4 - ok
20:24:50.0974 2560 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:50.0989 2560 Smb - ok
20:24:51.0161 2560 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:51.0161 2560 spldr - ok
20:24:51.0348 2560 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:24:51.0348 2560 srv - ok
20:24:51.0488 2560 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:24:51.0504 2560 srv2 - ok
20:24:51.0644 2560 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:51.0644 2560 srvnet - ok
20:24:51.0816 2560 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:51.0816 2560 stexstor - ok
20:24:51.0972 2560 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:51.0972 2560 storflt - ok
20:24:52.0112 2560 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:24:52.0112 2560 storvsc - ok
20:24:52.0190 2560 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:24:52.0190 2560 swenum - ok
20:24:52.0487 2560 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
20:24:52.0502 2560 Tcpip - ok
20:24:52.0768 2560 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:52.0783 2560 TCPIP6 - ok
20:24:53.0017 2560 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:24:53.0017 2560 tcpipreg - ok
20:24:53.0282 2560 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:24:53.0282 2560 TDPIPE - ok
20:24:53.0516 2560 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:24:53.0516 2560 TDTCP - ok
20:24:53.0735 2560 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:24:53.0766 2560 tdx - ok
20:24:54.0047 2560 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:24:54.0047 2560 TermDD - ok
20:24:54.0374 2560 tmrkb (7e2887341a3164dedc9b89082c24aeca) C:\Windows\system32\DRIVERS\tmrkb.sys
20:24:54.0374 2560 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 7e2887341a3164dedc9b89082c24aeca, Fake md5: b44d1e95a4c70853230a2e1cd0dac0b9
20:24:54.0374 2560 tmrkb ( ForgedFile.Multi.Generic ) - warning
20:24:54.0374 2560 tmrkb - detected ForgedFile.Multi.Generic (1)
20:24:54.0671 2560 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:54.0686 2560 tssecsrv - ok
20:24:54.0920 2560 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:54.0920 2560 tunnel - ok
20:24:55.0139 2560 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:55.0139 2560 uagp35 - ok
20:24:55.0513 2560 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:24:55.0513 2560 udfs - ok
20:24:55.0794 2560 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:55.0794 2560 uliagpkx - ok
20:24:56.0075 2560 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:24:56.0090 2560 umbus - ok
20:24:56.0371 2560 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:56.0371 2560 UmPass - ok
20:24:56.0714 2560 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:24:56.0730 2560 usbaudio - ok
20:24:56.0933 2560 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:56.0933 2560 usbccgp - ok
20:24:57.0182 2560 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:24:57.0198 2560 usbcir - ok
20:24:57.0338 2560 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
20:24:57.0338 2560 usbehci - ok
20:24:57.0619 2560 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:57.0635 2560 usbhub - ok
20:24:57.0884 2560 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
20:24:57.0884 2560 usbohci - ok
20:24:58.0118 2560 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:58.0134 2560 usbprint - ok
20:24:58.0384 2560 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:58.0399 2560 USBSTOR - ok
20:24:58.0571 2560 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
20:24:58.0586 2560 usbuhci - ok
20:24:58.0758 2560 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:58.0774 2560 vdrvroot - ok
20:24:59.0023 2560 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:59.0039 2560 vga - ok
20:24:59.0242 2560 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:59.0257 2560 VgaSave - ok
20:24:59.0382 2560 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:59.0382 2560 vhdmp - ok
20:24:59.0663 2560 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:24:59.0678 2560 viaagp - ok
20:24:59.0803 2560 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:59.0819 2560 ViaC7 - ok
20:25:00.0053 2560 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
20:25:00.0100 2560 VIAHdAudAddService - ok
20:25:00.0287 2560 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:25:00.0287 2560 viaide - ok
20:25:00.0521 2560 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:25:00.0521 2560 vmbus - ok
20:25:00.0770 2560 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:25:00.0786 2560 VMBusHID - ok
20:25:01.0098 2560 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:25:01.0098 2560 volmgr - ok
20:25:01.0301 2560 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:25:01.0316 2560 volmgrx - ok
20:25:01.0519 2560 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:25:01.0535 2560 volsnap - ok
20:25:01.0722 2560 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
20:25:01.0722 2560 vpcbus - ok
20:25:01.0894 2560 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:25:01.0894 2560 vpcnfltr - ok
20:25:02.0112 2560 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
20:25:02.0128 2560 vpcusb - ok
20:25:02.0455 2560 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
20:25:02.0455 2560 vpcvmm - ok
20:25:02.0705 2560 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:25:02.0720 2560 vsmraid - ok
20:25:03.0001 2560 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
20:25:03.0110 2560 VSPerfDrv100 - ok
20:25:03.0344 2560 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:25:03.0344 2560 vwifibus - ok
20:25:03.0610 2560 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:25:03.0610 2560 wacmoumonitor - ok
20:25:03.0797 2560 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
20:25:03.0812 2560 wacommousefilter - ok
20:25:04.0000 2560 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:25:04.0000 2560 WacomPen - ok
20:25:04.0202 2560 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
20:25:04.0202 2560 wacomvhid - ok
20:25:04.0390 2560 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:04.0390 2560 WANARP - ok
20:25:04.0405 2560 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:04.0405 2560 Wanarpv6 - ok
20:25:04.0686 2560 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:25:04.0702 2560 Wd - ok
20:25:04.0904 2560 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:25:04.0920 2560 Wdf01000 - ok
20:25:05.0170 2560 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:25:05.0185 2560 WfpLwf - ok
20:25:05.0341 2560 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:25:05.0357 2560 WIMMount - ok
20:25:05.0591 2560 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
20:25:05.0591 2560 WinDriver6 - ok
20:25:05.0918 2560 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:05.0918 2560 WmiAcpi - ok
20:25:06.0152 2560 WRkrn (6f759df9b7b1ddd22febe80cd942b54f) C:\Windows\system32\drivers\WRkrn.sys
20:25:06.0152 2560 WRkrn - ok
20:25:06.0355 2560 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:06.0371 2560 ws2ifsl - ok
20:25:06.0636 2560 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:25:06.0667 2560 WudfPf - ok
20:25:07.0026 2560 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:07.0042 2560 WUDFRd - ok
20:25:07.0135 2560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:25:07.0166 2560 \Device\Harddisk0\DR0 - ok
20:25:07.0182 2560 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
20:25:07.0182 2560 \Device\Harddisk1\DR1 - ok
20:25:07.0182 2560 Boot (0x1200) (71301cf578259c44eac051a30ed79edd) \Device\Harddisk0\DR0\Partition0
20:25:07.0182 2560 \Device\Harddisk0\DR0\Partition0 - ok
20:25:07.0198 2560 Boot (0x1200) (2746959d8da5bc6d6b27c080fc47f0e3) \Device\Harddisk0\DR0\Partition1
20:25:07.0198 2560 \Device\Harddisk0\DR0\Partition1 - ok
20:25:07.0213 2560 Boot (0x1200) (1b11360251bf637005d28619ac9fa751) \Device\Harddisk1\DR1\Partition0
20:25:07.0213 2560 \Device\Harddisk1\DR1\Partition0 - ok
20:25:07.0229 2560 Boot (0x1200) (b1fbf230aa5a079fd8c945ff08808f03) \Device\Harddisk1\DR1\Partition1
20:25:07.0244 2560 \Device\Harddisk1\DR1\Partition1 - ok
20:25:07.0244 2560 ================================================== ==========
20:25:07.0244 2560 Scan finished
20:25:07.0244 2560 ================================================== ==========
20:25:07.0260 2756 Detected object count: 1
20:25:07.0260 2756 Actual detected object count: 1
20:25:43.0655 2756 tmrkb ( ForgedFile.Multi.Generic ) - skipped by user
20:25:43.0655 2756 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Skip
EvelineGirl 17 October 2011, 21:02 Het is niet geheel zonder risico's.
Eerst je belangrijke bestanden backuppen voordat je dit gaat uitvoeren.
Print de instructies uit of gebruik een andere computer.
Herstart nu de computer.
Tijdens het opstarten van de computer druk je op de F8 toets.
Hierdoor wordt het menu Geavanceerde opstartopties getoont.
Selecteer Uw computer herstellen en druk op Enter om de keuze te bevestigen.
De bestanden worden geladen.
Selecteer de juiste toetsenbordindeling.
Druk op Volgende.
Kies een login met Administratorrechten en geef het bijbehorende wachtwoord in, heeft u geen password dan drukt u hier op enter.
Bevestig met OK.
Het scherm Opties voor systeemherstel verschijnt.
Je ziet bovenaan staan : Microsoft Windows 7 op (C: Lokale schijf
(is de vetgedrukte letter anders bij jou dan vervang je deze in onderstaand commando (c: wordt dan anders)
Selecteer de optie Opdrachtprompt.
Achter de prompt tik je dit in:
cd /d C:\windows
Druk op Enter.
Daarna tik je in:
/FixMbr
Druk op Enter.
Als er gevraagd wordt om de MBR te overschrijven bevestigd u dit met "J" (Ja) of "Y" (Yes).
Wanneer dit klaar is typ je:
EXIT
Druk op Enter.
Herstart de computer en start je windows.
Laat TDSSKiller nu nog eens scannen post het resultaat.
Succes,
Eveline.
Shinma 17 October 2011, 22:38 Wanneer ik het "fixmbr" ingeef krijg ik als antwoord dat de opdracht niet herkend word. toen ik met bootrec.exe probeerde had ik ook geen succes, het antwoord was toen dat de opdracht voltooid was.
Is het veilig om mijn backups op een afzonderlijke partitie op dezelfde schijf te bewaren? of ben ik in dit geval beter af met een andere schijf? Anders zal ik pas morgen een backup kunnen nemen.
In ieder geval al bedankt voor de geboden hulp.
EvelineGirl 18 October 2011, 11:01 Je kunt het beste een andere schijf hiervoor gebruiken. Of alles op cd's en dvd's zetten bijvoorbeeld of externe schijf.
Ik heb mijn bericht hierboven gewijzigt; fixmbr moet /fixmbr zijn.
Shinma 18 October 2011, 21:47 De MBR herstellen is niet gelukt via het prompt venster. Ik heb de exacte commando's ingegeven en gedubbelcheckt of ik wel op de juiste partitie werkte. Deze is in mijn geval E:\. Deze opdracht bleef hij echter straal negeren. Via bootrec geprobeerd, daar gaf hij het antwoord dat de opdracht al voltooid was. Zonder verdere keuzes. Omdat ik ook eens via een partitieprogramma wou proberen in windows zelf heb ik PartitionWizard de MBR laten rebuilden. Ik vrees echter dat dit niet het benodigde resultaat geeft. Tot slot dan maar TDSS laten lopen en hij vind nog steeds dezelfde medium risk threat:
21:39:01.0121 3368 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
21:39:01.0589 3368 ================================================== ==========
21:39:01.0589 3368 Current date / time: 2011/10/18 21:39:01.0589
21:39:01.0589 3368 SystemInfo:
21:39:01.0589 3368
21:39:01.0589 3368 OS Version: 6.1.7600 ServicePack: 0.0
21:39:01.0589 3368 Product type: Workstation
21:39:01.0589 3368 ComputerName: DESKTOPBOVEN
21:39:01.0589 3368 UserName: Jens Sierens
21:39:01.0589 3368 Windows directory: C:\Windows
21:39:01.0589 3368 System windows directory: C:\Windows
21:39:01.0589 3368 Processor architecture: Intel x86
21:39:01.0589 3368 Number of processors: 2
21:39:01.0589 3368 Page size: 0x1000
21:39:01.0589 3368 Boot type: Normal boot
21:39:01.0589 3368 ================================================== ==========
21:39:02.0587 3368 Initialize success
21:39:07.0189 3404 ================================================== ==========
21:39:07.0189 3404 Scan started
21:39:07.0189 3404 Mode: Manual;
21:39:07.0189 3404 ================================================== ==========
21:39:08.0562 3404 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:39:08.0562 3404 1394ohci - ok
21:39:08.0765 3404 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:39:08.0765 3404 ACPI - ok
21:39:08.0968 3404 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:39:08.0968 3404 AcpiPmi - ok
21:39:09.0155 3404 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:09.0171 3404 adp94xx - ok
21:39:09.0467 3404 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:39:09.0467 3404 adpahci - ok
21:39:09.0654 3404 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:39:09.0654 3404 adpu320 - ok
21:39:09.0826 3404 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:39:09.0841 3404 AFD - ok
21:39:09.0997 3404 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:39:09.0997 3404 agp440 - ok
21:39:10.0200 3404 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:39:10.0216 3404 aic78xx - ok
21:39:10.0372 3404 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:39:10.0372 3404 aliide - ok
21:39:10.0528 3404 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:39:10.0528 3404 amdagp - ok
21:39:10.0575 3404 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:39:10.0575 3404 amdide - ok
21:39:10.0809 3404 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:39:10.0809 3404 AmdK8 - ok
21:39:11.0027 3404 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:39:11.0027 3404 AmdPPM - ok
21:39:11.0261 3404 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:39:11.0277 3404 amdsata - ok
21:39:11.0589 3404 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:11.0604 3404 amdsbs - ok
21:39:11.0776 3404 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:39:11.0776 3404 amdxata - ok
21:39:12.0072 3404 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:39:12.0088 3404 AppID - ok
21:39:12.0306 3404 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:39:12.0322 3404 arc - ok
21:39:12.0384 3404 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:39:12.0400 3404 arcsas - ok
21:39:12.0571 3404 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
21:39:12.0571 3404 AsIO - ok
21:39:12.0852 3404 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:12.0868 3404 AsyncMac - ok
21:39:13.0024 3404 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:39:13.0024 3404 atapi - ok
21:39:13.0305 3404 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:13.0398 3404 atikmdag - ok
21:39:13.0585 3404 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:39:13.0585 3404 AtiPcie - ok
21:39:13.0851 3404 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:39:13.0866 3404 b06bdrv - ok
21:39:14.0147 3404 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:39:14.0178 3404 b57nd60x - ok
21:39:14.0381 3404 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:39:14.0381 3404 Beep - ok
21:39:14.0490 3404 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:14.0490 3404 blbdrive - ok
21:39:14.0646 3404 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:39:14.0646 3404 bowser - ok
21:39:14.0740 3404 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:14.0740 3404 BrFiltLo - ok
21:39:14.0911 3404 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:14.0911 3404 BrFiltUp - ok
21:39:15.0161 3404 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:39:15.0192 3404 Brserid - ok
21:39:15.0364 3404 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:15.0364 3404 BrSerWdm - ok
21:39:15.0504 3404 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:15.0504 3404 BrUsbMdm - ok
21:39:15.0660 3404 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:15.0660 3404 BrUsbSer - ok
21:39:15.0832 3404 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:15.0832 3404 BTHMODEM - ok
21:39:16.0003 3404 catchme - ok
21:39:16.0191 3404 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:16.0206 3404 cdfs - ok
21:39:16.0393 3404 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:39:16.0393 3404 cdrom - ok
21:39:16.0612 3404 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:39:16.0612 3404 circlass - ok
21:39:16.0768 3404 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:39:16.0768 3404 CLFS - ok
21:39:16.0955 3404 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:16.0955 3404 CmBatt - ok
21:39:17.0111 3404 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:39:17.0111 3404 cmdide - ok
21:39:17.0298 3404 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:39:17.0298 3404 CNG - ok
21:39:17.0439 3404 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:39:17.0439 3404 Compbatt - ok
21:39:17.0610 3404 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:39:17.0610 3404 CompositeBus - ok
21:39:17.0735 3404 cpuz135 - ok
21:39:17.0829 3404 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:17.0829 3404 crcdisk - ok
21:39:18.0031 3404 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:39:18.0031 3404 CSC - ok
21:39:18.0203 3404 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:39:18.0203 3404 DfsC - ok
21:39:18.0265 3404 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:39:18.0265 3404 discache - ok
21:39:18.0453 3404 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:39:18.0453 3404 Disk - ok
21:39:18.0624 3404 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:39:18.0624 3404 drmkaud - ok
21:39:18.0733 3404 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:18.0733 3404 DXGKrnl - ok
21:39:18.0967 3404 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:39:19.0045 3404 ebdrv - ok
21:39:19.0264 3404 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:39:19.0264 3404 elxstor - ok
21:39:19.0420 3404 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:39:19.0420 3404 ErrDev - ok
21:39:19.0576 3404 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:39:19.0576 3404 exfat - ok
21:39:19.0732 3404 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:39:19.0732 3404 fastfat - ok
21:39:19.0903 3404 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:39:19.0903 3404 fdc - ok
21:39:19.0981 3404 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:39:19.0981 3404 FileInfo - ok
21:39:20.0137 3404 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:39:20.0137 3404 Filetrace - ok
21:39:20.0278 3404 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:20.0278 3404 flpydisk - ok
21:39:20.0418 3404 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:39:20.0434 3404 FltMgr - ok
21:39:20.0574 3404 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:39:20.0574 3404 FsDepends - ok
21:39:20.0715 3404 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:20.0715 3404 Fs_Rec - ok
21:39:20.0933 3404 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:39:20.0933 3404 fvevol - ok
21:39:21.0120 3404 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:21.0120 3404 gagp30kx - ok
21:39:21.0307 3404 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:39:21.0307 3404 hcw85cir - ok
21:39:21.0526 3404 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:39:21.0541 3404 HdAudAddService - ok
21:39:21.0682 3404 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:39:21.0697 3404 HDAudBus - ok
21:39:21.0838 3404 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:21.0838 3404 HidBatt - ok
21:39:21.0963 3404 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:39:21.0978 3404 HidBth - ok
21:39:22.0150 3404 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:39:22.0150 3404 HidIr - ok
21:39:22.0384 3404 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:22.0384 3404 HidUsb - ok
21:39:22.0555 3404 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:39:22.0571 3404 HpSAMD - ok
21:39:22.0727 3404 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:39:22.0743 3404 HTTP - ok
21:39:22.0883 3404 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:39:22.0883 3404 hwpolicy - ok
21:39:23.0055 3404 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:39:23.0055 3404 i8042prt - ok
21:39:23.0242 3404 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:39:23.0242 3404 iaStorV - ok
21:39:23.0413 3404 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:39:23.0429 3404 iirsp - ok
21:39:23.0554 3404 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:39:23.0554 3404 intelide - ok
21:39:23.0725 3404 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:39:23.0725 3404 intelppm - ok
21:39:23.0881 3404 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:23.0881 3404 IpFilterDriver - ok
21:39:24.0022 3404 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:39:24.0022 3404 IPMIDRV - ok
21:39:24.0100 3404 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:39:24.0100 3404 IPNAT - ok
21:39:24.0318 3404 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:39:24.0318 3404 IRENUM - ok
21:39:24.0443 3404 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:39:24.0459 3404 isapnp - ok
21:39:24.0599 3404 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:39:24.0599 3404 iScsiPrt - ok
21:39:24.0771 3404 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:39:24.0771 3404 kbdclass - ok
21:39:24.0958 3404 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:39:24.0973 3404 kbdhid - ok
21:39:25.0161 3404 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
21:39:25.0161 3404 KSecDD - ok
21:39:25.0301 3404 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
21:39:25.0301 3404 KSecPkg - ok
21:39:25.0504 3404 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:25.0504 3404 lltdio - ok
21:39:25.0675 3404 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:25.0691 3404 LSI_FC - ok
21:39:25.0863 3404 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:25.0863 3404 LSI_SAS - ok
21:39:26.0050 3404 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:26.0065 3404 LSI_SAS2 - ok
21:39:26.0206 3404 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:26.0206 3404 LSI_SCSI - ok
21:39:26.0268 3404 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:39:26.0268 3404 luafv - ok
21:39:26.0299 3404 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:39:26.0299 3404 megasas - ok
21:39:26.0377 3404 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:26.0377 3404 MegaSR - ok
21:39:26.0611 3404 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:39:26.0611 3404 Modem - ok
21:39:26.0814 3404 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:39:26.0814 3404 monitor - ok
21:39:26.0986 3404 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:26.0986 3404 mouclass - ok
21:39:27.0173 3404 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:27.0173 3404 mouhid - ok
21:39:27.0345 3404 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:39:27.0345 3404 mountmgr - ok
21:39:27.0485 3404 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:39:27.0501 3404 mpio - ok
21:39:27.0641 3404 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:39:27.0641 3404 mpsdrv - ok
21:39:27.0781 3404 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:39:27.0781 3404 MRxDAV - ok
21:39:27.0953 3404 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:27.0953 3404 mrxsmb - ok
21:39:28.0093 3404 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:28.0093 3404 mrxsmb10 - ok
21:39:28.0249 3404 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:28.0249 3404 mrxsmb20 - ok
21:39:28.0390 3404 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:39:28.0405 3404 msahci - ok
21:39:28.0483 3404 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:39:28.0483 3404 msdsm - ok
21:39:28.0702 3404 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:39:28.0702 3404 Msfs - ok
21:39:28.0889 3404 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:28.0889 3404 mshidkmdf - ok
21:39:29.0029 3404 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:39:29.0029 3404 msisadrv - ok
21:39:29.0201 3404 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:29.0201 3404 MSKSSRV - ok
21:39:29.0404 3404 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:29.0404 3404 MSPCLOCK - ok
21:39:29.0607 3404 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:39:29.0607 3404 MSPQM - ok
21:39:29.0747 3404 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:39:29.0747 3404 MsRPC - ok
21:39:29.0903 3404 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:39:29.0903 3404 mssmbios - ok
21:39:30.0090 3404 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:39:30.0090 3404 MSTEE - ok
21:39:30.0106 3404 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:30.0106 3404 MTConfig - ok
21:39:30.0293 3404 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
21:39:30.0293 3404 MTsensor - ok
21:39:30.0449 3404 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:39:30.0449 3404 Mup - ok
21:39:30.0543 3404 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:30.0558 3404 NativeWifiP - ok
21:39:30.0761 3404 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:39:30.0792 3404 NDIS - ok
21:39:30.0933 3404 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:30.0933 3404 NdisCap - ok
21:39:31.0120 3404 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:31.0135 3404 NdisTapi - ok
21:39:31.0307 3404 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:31.0307 3404 Ndisuio - ok
21:39:31.0447 3404 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:31.0447 3404 NdisWan - ok
21:39:31.0588 3404 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:39:31.0603 3404 NDProxy - ok
21:39:31.0744 3404 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:39:31.0744 3404 NetBIOS - ok
21:39:31.0900 3404 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:39:31.0900 3404 NetBT - ok
21:39:32.0181 3404 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:32.0181 3404 nfrd960 - ok
21:39:32.0368 3404 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:39:32.0368 3404 Npfs - ok
21:39:32.0493 3404 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:39:32.0493 3404 nsiproxy - ok
21:39:32.0664 3404 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:39:32.0695 3404 Ntfs - ok
21:39:32.0820 3404 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:39:32.0836 3404 Null - ok
21:39:32.0961 3404 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:39:32.0976 3404 nvraid - ok
21:39:33.0132 3404 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:39:33.0132 3404 nvstor - ok
21:39:33.0288 3404 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:39:33.0304 3404 nv_agp - ok
21:39:33.0413 3404 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:39:33.0413 3404 ohci1394 - ok
21:39:33.0631 3404 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:39:33.0647 3404 Parport - ok
21:39:33.0647 3404 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:39:33.0663 3404 partmgr - ok
21:39:33.0663 3404 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:39:33.0678 3404 Parvdm - ok
21:39:33.0741 3404 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:39:33.0741 3404 pci - ok
21:39:33.0756 3404 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:39:33.0756 3404 pciide - ok
21:39:33.0897 3404 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:33.0897 3404 pcmcia - ok
21:39:34.0006 3404 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:39:34.0006 3404 pcw - ok
21:39:34.0131 3404 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:39:34.0146 3404 PEAUTH - ok
21:39:34.0365 3404 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:34.0365 3404 PptpMiniport - ok
21:39:34.0489 3404 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:39:34.0505 3404 Processor - ok
21:39:34.0692 3404 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:39:34.0692 3404 Psched - ok
21:39:34.0848 3404 pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\Windows\system32\pwdrvio.sys
21:39:34.0864 3404 pwdrvio - ok
21:39:35.0082 3404 pwdspio (cdc5704308222400ad606bcf87b006a5) C:\Windows\system32\pwdspio.sys
21:39:35.0098 3404 pwdspio - ok
21:39:35.0301 3404 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:39:35.0316 3404 ql2300 - ok
21:39:35.0488 3404 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:35.0488 3404 ql40xx - ok
21:39:35.0628 3404 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:39:35.0628 3404 QWAVEdrv - ok
21:39:35.0769 3404 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:35.0784 3404 RasAcd - ok
21:39:35.0940 3404 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:35.0940 3404 RasAgileVpn - ok
21:39:36.0112 3404 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:36.0112 3404 Rasl2tp - ok
21:39:36.0283 3404 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:36.0283 3404 RasPppoe - ok
21:39:36.0346 3404 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:36.0346 3404 RasSstp - ok
21:39:36.0471 3404 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:36.0486 3404 rdbss - ok
21:39:36.0627 3404 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:36.0627 3404 rdpbus - ok
21:39:36.0705 3404 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:36.0705 3404 RDPCDD - ok
21:39:36.0814 3404 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:39:36.0814 3404 RDPDR - ok
21:39:36.0970 3404 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:39:36.0985 3404 RDPENCDD - ok
21:39:37.0095 3404 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:39:37.0110 3404 RDPREFMP - ok
21:39:37.0235 3404 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:39:37.0235 3404 RDPWD - ok
21:39:37.0407 3404 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:39:37.0407 3404 rdyboost - ok
21:39:37.0609 3404 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:37.0609 3404 rspndr - ok
21:39:37.0765 3404 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
21:39:37.0765 3404 RT61 - ok
21:39:37.0921 3404 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:39:37.0921 3404 RTL8167 - ok
21:39:38.0093 3404 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:39:38.0093 3404 s3cap - ok
21:39:38.0218 3404 SASDIFSV - ok
21:39:38.0358 3404 SASKUTIL - ok
21:39:38.0530 3404 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:39:38.0545 3404 sbp2port - ok
21:39:38.0748 3404 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:38.0748 3404 scfilter - ok
21:39:38.0826 3404 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:39:38.0842 3404 secdrv - ok
21:39:38.0998 3404 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:39:39.0013 3404 Serenum - ok
21:39:39.0169 3404 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:39.0185 3404 sermouse - ok
21:39:39.0325 3404 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:39:39.0325 3404 sffdisk - ok
21:39:39.0450 3404 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:39:39.0450 3404 sffp_mmc - ok
21:39:39.0591 3404 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:39:39.0591 3404 sffp_sd - ok
21:39:39.0669 3404 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:39.0669 3404 sfloppy - ok
21:39:39.0871 3404 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:39:39.0871 3404 sisagp - ok
21:39:40.0027 3404 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:40.0027 3404 SiSRaid2 - ok
21:39:40.0059 3404 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:40.0059 3404 SiSRaid4 - ok
21:39:40.0183 3404 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:39:40.0199 3404 Smb - ok
21:39:40.0324 3404 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:39:40.0324 3404 spldr - ok
21:39:40.0480 3404 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:39:40.0480 3404 srv - ok
21:39:40.0667 3404 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:39:40.0667 3404 srv2 - ok
21:39:40.0807 3404 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:40.0807 3404 srvnet - ok
21:39:40.0979 3404 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:40.0979 3404 stexstor - ok
21:39:41.0104 3404 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:39:41.0104 3404 storflt - ok
21:39:41.0275 3404 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:39:41.0275 3404 storvsc - ok
21:39:41.0338 3404 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:39:41.0338 3404 swenum - ok
21:39:41.0619 3404 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
21:39:41.0650 3404 Tcpip - ok
21:39:41.0899 3404 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:41.0899 3404 TCPIP6 - ok
21:39:42.0055 3404 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:39:42.0055 3404 tcpipreg - ok
21:39:42.0118 3404 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:39:42.0133 3404 TDPIPE - ok
21:39:42.0274 3404 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:39:42.0274 3404 TDTCP - ok
21:39:42.0399 3404 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:39:42.0399 3404 tdx - ok
21:39:42.0461 3404 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:39:42.0461 3404 TermDD - ok
21:39:42.0648 3404 tmrkb (7e2887341a3164dedc9b89082c24aeca) C:\Windows\system32\DRIVERS\tmrkb.sys
21:39:42.0648 3404 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 7e2887341a3164dedc9b89082c24aeca, Fake md5: b44d1e95a4c70853230a2e1cd0dac0b9
21:39:42.0648 3404 tmrkb ( ForgedFile.Multi.Generic ) - warning
21:39:42.0648 3404 tmrkb - detected ForgedFile.Multi.Generic (1)
21:39:42.0820 3404 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:42.0820 3404 tssecsrv - ok
21:39:42.0976 3404 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:42.0976 3404 tunnel - ok
21:39:43.0007 3404 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:43.0007 3404 uagp35 - ok
21:39:43.0023 3404 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:39:43.0023 3404 udfs - ok
21:39:43.0225 3404 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:39:43.0225 3404 uliagpkx - ok
21:39:43.0397 3404 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:39:43.0397 3404 umbus - ok
21:39:43.0553 3404 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:39:43.0553 3404 UmPass - ok
21:39:43.0725 3404 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:39:43.0740 3404 usbaudio - ok
21:39:43.0865 3404 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:43.0865 3404 usbccgp - ok
21:39:44.0021 3404 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:39:44.0037 3404 usbcir - ok
21:39:44.0130 3404 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:44.0130 3404 usbehci - ok
21:39:44.0302 3404 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:44.0302 3404 usbhub - ok
21:39:44.0427 3404 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
21:39:44.0427 3404 usbohci - ok
21:39:44.0536 3404 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:44.0536 3404 usbprint - ok
21:39:44.0629 3404 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:44.0629 3404 USBSTOR - ok
21:39:44.0770 3404 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
21:39:44.0770 3404 usbuhci - ok
21:39:44.0941 3404 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:39:44.0941 3404 vdrvroot - ok
21:39:45.0113 3404 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:45.0113 3404 vga - ok
21:39:45.0191 3404 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:39:45.0207 3404 VgaSave - ok
21:39:45.0222 3404 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:39:45.0222 3404 vhdmp - ok
21:39:45.0363 3404 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:39:45.0378 3404 viaagp - ok
21:39:45.0394 3404 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:39:45.0394 3404 ViaC7 - ok
21:39:45.0612 3404 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
21:39:45.0643 3404 VIAHdAudAddService - ok
21:39:45.0768 3404 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:39:45.0768 3404 viaide - ok
21:39:45.0815 3404 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:39:45.0815 3404 vmbus - ok
21:39:45.0831 3404 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:39:45.0846 3404 VMBusHID - ok
21:39:46.0002 3404 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:39:46.0002 3404 volmgr - ok
21:39:46.0096 3404 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:39:46.0096 3404 volmgrx - ok
21:39:46.0189 3404 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:39:46.0205 3404 volsnap - ok
21:39:46.0314 3404 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
21:39:46.0314 3404 vpcbus - ok
21:39:46.0548 3404 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:39:46.0548 3404 vpcnfltr - ok
21:39:46.0704 3404 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
21:39:46.0704 3404 vpcusb - ok
21:39:46.0876 3404 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
21:39:46.0876 3404 vpcvmm - ok
21:39:47.0047 3404 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:47.0047 3404 vsmraid - ok
21:39:47.0266 3404 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
21:39:47.0375 3404 VSPerfDrv100 - ok
21:39:47.0578 3404 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:39:47.0593 3404 vwifibus - ok
21:39:47.0765 3404 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
21:39:47.0781 3404 wacmoumonitor - ok
21:39:47.0999 3404 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:39:47.0999 3404 wacommousefilter - ok
21:39:48.0217 3404 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:48.0233 3404 WacomPen - ok
21:39:48.0514 3404 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
21:39:48.0514 3404 wacomvhid - ok
21:39:48.0763 3404 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:48.0779 3404 WANARP - ok
21:39:48.0795 3404 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:48.0795 3404 Wanarpv6 - ok
21:39:49.0138 3404 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:39:49.0153 3404 Wd - ok
21:39:49.0341 3404 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:39:49.0341 3404 Wdf01000 - ok
21:39:49.0559 3404 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:49.0559 3404 WfpLwf - ok
21:39:49.0684 3404 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:39:49.0684 3404 WIMMount - ok
21:39:49.0887 3404 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
21:39:49.0902 3404 WinDriver6 - ok
21:39:50.0136 3404 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:39:50.0136 3404 WmiAcpi - ok
21:39:50.0355 3404 WRkrn (6f759df9b7b1ddd22febe80cd942b54f) C:\Windows\system32\drivers\WRkrn.sys
21:39:50.0355 3404 WRkrn - ok
21:39:50.0464 3404 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:50.0464 3404 ws2ifsl - ok
21:39:50.0620 3404 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:39:50.0620 3404 WudfPf - ok
21:39:50.0807 3404 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:50.0807 3404 WUDFRd - ok
21:39:50.0869 3404 MBR (0x1B8) (f46767ae2998ea7510ca3750adfc1357) \Device\Harddisk0\DR0
21:39:51.0025 3404 \Device\Harddisk0\DR0 - ok
21:39:51.0041 3404 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
21:39:51.0041 3404 \Device\Harddisk1\DR1 - ok
21:39:51.0041 3404 Boot (0x1200) (71301cf578259c44eac051a30ed79edd) \Device\Harddisk0\DR0\Partition0
21:39:51.0041 3404 \Device\Harddisk0\DR0\Partition0 - ok
21:39:51.0057 3404 Boot (0x1200) (2746959d8da5bc6d6b27c080fc47f0e3) \Device\Harddisk0\DR0\Partition1
21:39:51.0057 3404 \Device\Harddisk0\DR0\Partition1 - ok
21:39:51.0057 3404 Boot (0x1200) (1b11360251bf637005d28619ac9fa751) \Device\Harddisk1\DR1\Partition0
21:39:51.0057 3404 \Device\Harddisk1\DR1\Partition0 - ok
21:39:51.0072 3404 Boot (0x1200) (b1fbf230aa5a079fd8c945ff08808f03) \Device\Harddisk1\DR1\Partition1
21:39:51.0072 3404 \Device\Harddisk1\DR1\Partition1 - ok
21:39:51.0072 3404 ================================================== ==========
21:39:51.0072 3404 Scan finished
21:39:51.0072 3404 ================================================== ==========
21:39:51.0088 3296 Detected object count: 1
21:39:51.0088 3296 Actual detected object count: 1
21:39:54.0801 3296 tmrkb ( ForgedFile.Multi.Generic ) - skipped by user
21:39:54.0801 3296 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Skip
Ik hoop dat hier in ieder geval nog iets aan te doen is. We zijn nu al zover gekomen en de rootkit lijkt me toch verwijderd te zijn?
EvelineGirl 19 October 2011, 13:11 Ik ben er nog niet gerust op. Deze melding komt toch elke keer weer terug. ook al staat er nu geen ZAcces meer achter. Iets zegt me dat het nog niet lekker zit.
We proberen dit:
1.
Start aswMBR.exe opnieuw.
Vista en windows 7 -> Rechtsklik uitvoeren als Administrator.
Klik bij het volgende venster op "Nee"
http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png
Klik op de knop "scan"
http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif
Klik nu op de knop "Fix" of "FixMBR"
http://www.imgdumper.nl/uploads4/4e4b9479e4779/4e4b9479e3bc2-aswMBRfix.png
Herstart hierna de computer en laat aswMBR nogmaals scannen en plaats hiervan het nieuwe logje.
2.
Nu nogmaals TDSSKiller laten scannen.
3.
Blijft het hetzelfde dan denk ik dat we wel safe zitten. Dan mag je een online scan met ESET uitvoeren:
Ga naar de site van de ESET Online Scanner (http://www.eset.com/onlinescan/)
Klik op de knop ESET Online Scanner
Zet een vinkje bij YES, I accept the Terms of Use
Klik op Start
Sta het ActiveX control toe om te installeren.
Klik op "Advanced settings"
Zet een vinkje bij de volgende opties:
Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Klik op Start
De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
Je mag het venster sluiten wanneer de scan klaar is.
Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt
Kopieer en plak de inhoud van dit logje in je volgende bericht.
Shinma 19 October 2011, 20:07 Dag EvelineGirl,
Hier ben ik weer met nieuwe resultaten. In volgorde zoals hierboven vermeld.
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-19 15:40:53
-----------------------------
15:40:53.300 OS Version: Windows 6.1.7600
15:40:53.300 Number of processors: 2 586 0x6B02
15:40:53.300 ComputerName: DESKTOPBOVEN UserName: Jens Sierens
15:40:59.088 Initialize success
15:41:04.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:41:04.627 Disk 0 Vendor: ST3160318AS CC38 Size: 152627MB BusType: 3
15:41:04.627 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
15:41:04.643 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
15:41:06.671 Disk 0 MBR read successfully
15:41:06.687 Disk 0 MBR scan
15:41:06.687 Disk 0 Windows 7 default MBR code
15:41:06.687 Disk 0 scanning sectors +312578048
15:41:06.780 Disk 0 scanning C:\Windows\system32\drivers
15:41:14.315 Service scanning
15:41:18.075 Modules scanning
15:41:35.593 Disk 0 trace - called modules:
15:41:35.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
15:41:35.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8625e030]
15:41:35.625 3 CLASSPNP.SYS[8bddf59e] -> nt!IofCallDriver -> [0x86718408]
15:41:35.625 5 ACPI.sys[8383d3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86713908]
15:41:35.640 Scan finished successfully
15:41:54.017 Disk 0 MBR has been saved successfully to "C:\Users\Jens Sierens\Desktop\cleanuplogs\MBR.dat"
15:41:54.017 The log file has been saved successfully to "C:\Users\Jens Sierens\Desktop\cleanuplogs\aswMBR.txt"
15:43:03.0369 3924 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
15:43:03.0462 3924 ================================================== ==========
15:43:03.0462 3924 Current date / time: 2011/10/19 15:43:03.0462
15:43:03.0462 3924 SystemInfo:
15:43:03.0462 3924
15:43:03.0462 3924 OS Version: 6.1.7600 ServicePack: 0.0
15:43:03.0462 3924 Product type: Workstation
15:43:03.0462 3924 ComputerName: DESKTOPBOVEN
15:43:03.0462 3924 UserName: Jens Sierens
15:43:03.0462 3924 Windows directory: C:\Windows
15:43:03.0462 3924 System windows directory: C:\Windows
15:43:03.0462 3924 Processor architecture: Intel x86
15:43:03.0462 3924 Number of processors: 2
15:43:03.0462 3924 Page size: 0x1000
15:43:03.0462 3924 Boot type: Normal boot
15:43:03.0462 3924 ================================================== ==========
15:43:04.0398 3924 Initialize success
15:43:16.0270 2220 ================================================== ==========
15:43:16.0270 2220 Scan started
15:43:16.0270 2220 Mode: Manual;
15:43:16.0270 2220 ================================================== ==========
15:43:17.0190 2220 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:17.0190 2220 1394ohci - ok
15:43:17.0299 2220 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:43:17.0315 2220 ACPI - ok
15:43:17.0471 2220 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:43:17.0471 2220 AcpiPmi - ok
15:43:17.0643 2220 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:17.0643 2220 adp94xx - ok
15:43:17.0799 2220 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:17.0799 2220 adpahci - ok
15:43:17.0955 2220 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:17.0955 2220 adpu320 - ok
15:43:18.0126 2220 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:43:18.0126 2220 AFD - ok
15:43:18.0157 2220 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:43:18.0157 2220 agp440 - ok
15:43:18.0298 2220 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:43:18.0313 2220 aic78xx - ok
15:43:18.0469 2220 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:43:18.0469 2220 aliide - ok
15:43:18.0547 2220 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:43:18.0547 2220 amdagp - ok
15:43:18.0625 2220 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:43:18.0625 2220 amdide - ok
15:43:18.0813 2220 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:18.0813 2220 AmdK8 - ok
15:43:18.0828 2220 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:18.0828 2220 AmdPPM - ok
15:43:19.0000 2220 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:43:19.0000 2220 amdsata - ok
15:43:19.0156 2220 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:19.0156 2220 amdsbs - ok
15:43:19.0187 2220 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:43:19.0187 2220 amdxata - ok
15:43:19.0343 2220 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:43:19.0343 2220 AppID - ok
15:43:19.0530 2220 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:43:19.0530 2220 arc - ok
15:43:19.0530 2220 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:43:19.0530 2220 arcsas - ok
15:43:19.0686 2220 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
15:43:19.0686 2220 AsIO - ok
15:43:19.0858 2220 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:19.0858 2220 AsyncMac - ok
15:43:19.0873 2220 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:43:19.0873 2220 atapi - ok
15:43:20.0107 2220 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:20.0185 2220 atikmdag - ok
15:43:20.0341 2220 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:43:20.0341 2220 AtiPcie - ok
15:43:20.0529 2220 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:43:20.0544 2220 b06bdrv - ok
15:43:20.0700 2220 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:43:20.0700 2220 b57nd60x - ok
15:43:20.0856 2220 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:43:20.0856 2220 Beep - ok
15:43:20.0965 2220 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:20.0965 2220 blbdrive - ok
15:43:21.0043 2220 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:43:21.0043 2220 bowser - ok
15:43:21.0137 2220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:21.0137 2220 BrFiltLo - ok
15:43:21.0215 2220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:21.0215 2220 BrFiltUp - ok
15:43:21.0371 2220 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:43:21.0371 2220 Brserid - ok
15:43:21.0433 2220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:21.0433 2220 BrSerWdm - ok
15:43:21.0511 2220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:21.0511 2220 BrUsbMdm - ok
15:43:21.0574 2220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:21.0574 2220 BrUsbSer - ok
15:43:21.0652 2220 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:21.0652 2220 BTHMODEM - ok
15:43:21.0761 2220 catchme - ok
15:43:21.0933 2220 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:21.0933 2220 cdfs - ok
15:43:22.0104 2220 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:22.0104 2220 cdrom - ok
15:43:22.0198 2220 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:43:22.0198 2220 circlass - ok
15:43:22.0229 2220 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:43:22.0229 2220 CLFS - ok
15:43:22.0401 2220 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:22.0401 2220 CmBatt - ok
15:43:22.0416 2220 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:43:22.0416 2220 cmdide - ok
15:43:22.0557 2220 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:43:22.0557 2220 CNG - ok
15:43:22.0572 2220 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:43:22.0572 2220 Compbatt - ok
15:43:22.0728 2220 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:43:22.0728 2220 CompositeBus - ok
15:43:22.0853 2220 cpuz135 - ok
15:43:22.0931 2220 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:22.0931 2220 crcdisk - ok
15:43:23.0118 2220 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:43:23.0118 2220 CSC - ok
15:43:23.0290 2220 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:43:23.0290 2220 DfsC - ok
15:43:23.0321 2220 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:43:23.0321 2220 discache - ok
15:43:23.0493 2220 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:43:23.0493 2220 Disk - ok
15:43:23.0649 2220 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:43:23.0649 2220 drmkaud - ok
15:43:23.0742 2220 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:23.0758 2220 DXGKrnl - ok
15:43:23.0945 2220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:43:23.0992 2220 ebdrv - ok
15:43:24.0163 2220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:43:24.0163 2220 elxstor - ok
15:43:24.0195 2220 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:43:24.0195 2220 ErrDev - ok
15:43:24.0366 2220 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:43:24.0366 2220 exfat - ok
15:43:24.0491 2220 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:43:24.0491 2220 fastfat - ok
15:43:24.0647 2220 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:43:24.0647 2220 fdc - ok
15:43:24.0678 2220 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:43:24.0678 2220 FileInfo - ok
15:43:24.0819 2220 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:43:24.0819 2220 Filetrace - ok
15:43:24.0943 2220 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:24.0943 2220 flpydisk - ok
15:43:25.0053 2220 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:43:25.0068 2220 FltMgr - ok
15:43:25.0193 2220 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:43:25.0193 2220 FsDepends - ok
15:43:25.0209 2220 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:25.0209 2220 Fs_Rec - ok
15:43:25.0396 2220 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:43:25.0396 2220 fvevol - ok
15:43:25.0521 2220 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:25.0521 2220 gagp30kx - ok
15:43:25.0708 2220 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:43:25.0708 2220 hcw85cir - ok
15:43:25.0833 2220 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:43:25.0848 2220 HdAudAddService - ok
15:43:25.0942 2220 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:25.0942 2220 HDAudBus - ok
15:43:26.0098 2220 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:26.0098 2220 HidBatt - ok
15:43:26.0285 2220 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:43:26.0285 2220 HidBth - ok
15:43:26.0441 2220 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:43:26.0457 2220 HidIr - ok
15:43:26.0659 2220 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:43:26.0659 2220 HidUsb - ok
15:43:26.0862 2220 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:43:26.0862 2220 HpSAMD - ok
15:43:27.0034 2220 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:43:27.0065 2220 HTTP - ok
15:43:27.0221 2220 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:43:27.0221 2220 hwpolicy - ok
15:43:27.0393 2220 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:27.0393 2220 i8042prt - ok
15:43:27.0642 2220 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:43:27.0642 2220 iaStorV - ok
15:43:27.0814 2220 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:43:27.0814 2220 iirsp - ok
15:43:28.0017 2220 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:43:28.0017 2220 intelide - ok
15:43:28.0344 2220 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:28.0344 2220 intelppm - ok
15:43:28.0578 2220 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:28.0578 2220 IpFilterDriver - ok
15:43:28.0812 2220 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:43:28.0812 2220 IPMIDRV - ok
15:43:29.0062 2220 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:43:29.0062 2220 IPNAT - ok
15:43:29.0218 2220 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:43:29.0218 2220 IRENUM - ok
15:43:29.0405 2220 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:43:29.0405 2220 isapnp - ok
15:43:29.0608 2220 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:29.0608 2220 iScsiPrt - ok
15:43:29.0779 2220 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:29.0779 2220 kbdclass - ok
15:43:30.0091 2220 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:30.0091 2220 kbdhid - ok
15:43:30.0279 2220 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:43:30.0279 2220 KSecDD - ok
15:43:30.0528 2220 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
15:43:30.0528 2220 KSecPkg - ok
15:43:30.0715 2220 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:30.0715 2220 lltdio - ok
15:43:30.0949 2220 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:30.0949 2220 LSI_FC - ok
15:43:31.0183 2220 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:31.0183 2220 LSI_SAS - ok
15:43:31.0386 2220 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:31.0386 2220 LSI_SAS2 - ok
15:43:31.0542 2220 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:31.0542 2220 LSI_SCSI - ok
15:43:31.0792 2220 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:43:31.0792 2220 luafv - ok
15:43:31.0917 2220 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:43:31.0917 2220 megasas - ok
15:43:32.0182 2220 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:32.0275 2220 MegaSR - ok
15:43:32.0478 2220 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:43:32.0478 2220 Modem - ok
15:43:32.0665 2220 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:43:32.0665 2220 monitor - ok
15:43:32.0821 2220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:32.0821 2220 mouclass - ok
15:43:32.0993 2220 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:43:32.0993 2220 mouhid - ok
15:43:33.0165 2220 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:43:33.0180 2220 mountmgr - ok
15:43:33.0258 2220 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:43:33.0274 2220 mpio - ok
15:43:33.0430 2220 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:43:33.0430 2220 mpsdrv - ok
15:43:33.0508 2220 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:43:33.0523 2220 MRxDAV - ok
15:43:33.0601 2220 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:33.0601 2220 mrxsmb - ok
15:43:33.0711 2220 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:33.0711 2220 mrxsmb10 - ok
15:43:33.0851 2220 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:33.0867 2220 mrxsmb20 - ok
15:43:34.0007 2220 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:43:34.0007 2220 msahci - ok
15:43:34.0163 2220 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:43:34.0163 2220 msdsm - ok
15:43:34.0350 2220 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:43:34.0350 2220 Msfs - ok
15:43:34.0506 2220 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:43:34.0506 2220 mshidkmdf - ok
15:43:34.0647 2220 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:43:34.0647 2220 msisadrv - ok
15:43:34.0881 2220 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:34.0881 2220 MSKSSRV - ok
15:43:35.0052 2220 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:35.0052 2220 MSPCLOCK - ok
15:43:35.0224 2220 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:43:35.0224 2220 MSPQM - ok
15:43:35.0411 2220 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:43:35.0427 2220 MsRPC - ok
15:43:35.0629 2220 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:35.0629 2220 mssmbios - ok
15:43:35.0848 2220 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:43:35.0848 2220 MSTEE - ok
15:43:36.0019 2220 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:36.0019 2220 MTConfig - ok
15:43:36.0409 2220 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
15:43:36.0409 2220 MTsensor - ok
15:43:36.0675 2220 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:43:36.0675 2220 Mup - ok
15:43:36.0893 2220 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:36.0893 2220 NativeWifiP - ok
15:43:37.0127 2220 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:43:37.0143 2220 NDIS - ok
15:43:37.0314 2220 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:37.0314 2220 NdisCap - ok
15:43:37.0533 2220 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:37.0533 2220 NdisTapi - ok
15:43:37.0923 2220 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:37.0923 2220 Ndisuio - ok
15:43:38.0172 2220 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:38.0172 2220 NdisWan - ok
15:43:38.0391 2220 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:43:38.0391 2220 NDProxy - ok
15:43:38.0656 2220 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:43:38.0656 2220 NetBIOS - ok
15:43:38.0874 2220 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:43:38.0874 2220 NetBT - ok
15:43:39.0202 2220 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:39.0202 2220 nfrd960 - ok
15:43:39.0451 2220 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:43:39.0451 2220 Npfs - ok
15:43:39.0576 2220 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:43:39.0576 2220 nsiproxy - ok
15:43:39.0732 2220 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:43:39.0763 2220 Ntfs - ok
15:43:39.0888 2220 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:43:39.0888 2220 Null - ok
15:43:40.0107 2220 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:43:40.0122 2220 nvraid - ok
15:43:40.0465 2220 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:43:40.0481 2220 nvstor - ok
15:43:40.0715 2220 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:43:40.0715 2220 nv_agp - ok
15:43:40.0887 2220 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:40.0887 2220 ohci1394 - ok
15:43:41.0121 2220 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:43:41.0121 2220 Parport - ok
15:43:41.0261 2220 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:43:41.0277 2220 partmgr - ok
15:43:41.0417 2220 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:43:41.0417 2220 Parvdm - ok
15:43:41.0542 2220 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:43:41.0542 2220 pci - ok
15:43:41.0698 2220 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:43:41.0698 2220 pciide - ok
15:43:41.0838 2220 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:41.0838 2220 pcmcia - ok
15:43:41.0979 2220 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:43:41.0994 2220 pcw - ok
15:43:42.0150 2220 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:43:42.0166 2220 PEAUTH - ok
15:43:42.0618 2220 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:43:42.0618 2220 PptpMiniport - ok
15:43:42.0774 2220 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:43:42.0774 2220 Processor - ok
15:43:42.0961 2220 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:43:42.0961 2220 Psched - ok
15:43:43.0117 2220 pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\Windows\system32\pwdrvio.sys
15:43:43.0133 2220 pwdrvio - ok
15:43:43.0320 2220 pwdspio (cdc5704308222400ad606bcf87b006a5) C:\Windows\system32\pwdspio.sys
15:43:43.0336 2220 pwdspio - ok
15:43:43.0523 2220 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:43:43.0554 2220 ql2300 - ok
15:43:43.0726 2220 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:43.0726 2220 ql40xx - ok
15:43:43.0882 2220 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:43:43.0882 2220 QWAVEdrv - ok
15:43:43.0897 2220 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:43:43.0897 2220 RasAcd - ok
15:43:44.0100 2220 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:44.0100 2220 RasAgileVpn - ok
15:43:44.0287 2220 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:44.0287 2220 Rasl2tp - ok
15:43:44.0443 2220 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:44.0443 2220 RasPppoe - ok
15:43:44.0646 2220 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:43:44.0646 2220 RasSstp - ok
15:43:44.0677 2220 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:43:44.0677 2220 rdbss - ok
15:43:44.0693 2220 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:44.0693 2220 rdpbus - ok
15:43:44.0709 2220 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:44.0709 2220 RDPCDD - ok
15:43:44.0818 2220 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:43:44.0818 2220 RDPDR - ok
15:43:45.0021 2220 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:43:45.0021 2220 RDPENCDD - ok
15:43:45.0208 2220 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:43:45.0208 2220 RDPREFMP - ok
15:43:45.0348 2220 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:43:45.0348 2220 RDPWD - ok
15:43:45.0504 2220 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:43:45.0504 2220 rdyboost - ok
15:43:45.0723 2220 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:43:45.0723 2220 rspndr - ok
15:43:45.0894 2220 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
15:43:45.0894 2220 RT61 - ok
15:43:46.0081 2220 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:43:46.0081 2220 RTL8167 - ok
15:43:46.0222 2220 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:43:46.0222 2220 s3cap - ok
15:43:46.0331 2220 SASDIFSV - ok
15:43:46.0487 2220 SASKUTIL - ok
15:43:46.0690 2220 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:43:46.0690 2220 sbp2port - ok
15:43:46.0893 2220 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:43:46.0893 2220 scfilter - ok
15:43:46.0986 2220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:43:46.0986 2220 secdrv - ok
15:43:47.0127 2220 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:43:47.0127 2220 Serenum - ok
15:43:47.0189 2220 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:43:47.0189 2220 sermouse - ok
15:43:47.0329 2220 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:47.0329 2220 sffdisk - ok
15:43:47.0485 2220 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:43:47.0485 2220 sffp_mmc - ok
15:43:47.0610 2220 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:47.0610 2220 sffp_sd - ok
15:43:47.0782 2220 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:47.0782 2220 sfloppy - ok
15:43:47.0907 2220 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:43:47.0907 2220 sisagp - ok
15:43:48.0063 2220 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:48.0063 2220 SiSRaid2 - ok
15:43:48.0094 2220 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:48.0094 2220 SiSRaid4 - ok
15:43:48.0312 2220 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:43:48.0312 2220 Smb - ok
15:43:48.0515 2220 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:43:48.0515 2220 spldr - ok
15:43:48.0562 2220 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:43:48.0577 2220 srv - ok
15:43:48.0718 2220 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:43:48.0718 2220 srv2 - ok
15:43:48.0874 2220 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:43:48.0874 2220 srvnet - ok
15:43:49.0030 2220 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:43:49.0030 2220 stexstor - ok
15:43:49.0201 2220 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:43:49.0201 2220 storflt - ok
15:43:49.0389 2220 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:43:49.0389 2220 storvsc - ok
15:43:49.0545 2220 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:43:49.0545 2220 swenum - ok
15:43:49.0794 2220 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
15:43:49.0825 2220 Tcpip - ok
15:43:50.0044 2220 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
15:43:50.0059 2220 TCPIP6 - ok
15:43:50.0215 2220 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:43:50.0215 2220 tcpipreg - ok
15:43:50.0309 2220 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:43:50.0309 2220 TDPIPE - ok
15:43:50.0403 2220 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:43:50.0403 2220 TDTCP - ok
15:43:50.0527 2220 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:43:50.0527 2220 tdx - ok
15:43:50.0637 2220 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:43:50.0637 2220 TermDD - ok
15:43:50.0839 2220 tmrkb (7e2887341a3164dedc9b89082c24aeca) C:\Windows\system32\DRIVERS\tmrkb.sys
15:43:50.0839 2220 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 7e2887341a3164dedc9b89082c24aeca, Fake md5: b44d1e95a4c70853230a2e1cd0dac0b9
15:43:50.0839 2220 tmrkb ( ForgedFile.Multi.Generic ) - warning
15:43:50.0839 2220 tmrkb - detected ForgedFile.Multi.Generic (1)
15:43:51.0011 2220 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:51.0027 2220 tssecsrv - ok
15:43:51.0183 2220 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:43:51.0183 2220 tunnel - ok
15:43:51.0198 2220 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:43:51.0198 2220 uagp35 - ok
15:43:51.0229 2220 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:43:51.0229 2220 udfs - ok
15:43:51.0417 2220 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:43:51.0417 2220 uliagpkx - ok
15:43:51.0541 2220 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:43:51.0541 2220 umbus - ok
15:43:51.0697 2220 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:43:51.0697 2220 UmPass - ok
15:43:51.0869 2220 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
15:43:51.0869 2220 usbaudio - ok
15:43:52.0025 2220 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:52.0025 2220 usbccgp - ok
15:43:52.0165 2220 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:43:52.0165 2220 usbcir - ok
15:43:52.0290 2220 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:43:52.0290 2220 usbehci - ok
15:43:52.0462 2220 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:43:52.0477 2220 usbhub - ok
15:43:52.0602 2220 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
15:43:52.0618 2220 usbohci - ok
15:43:52.0727 2220 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:43:52.0727 2220 usbprint - ok
15:43:52.0836 2220 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:52.0836 2220 USBSTOR - ok
15:43:52.0992 2220 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
15:43:52.0992 2220 usbuhci - ok
15:43:53.0148 2220 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:43:53.0148 2220 vdrvroot - ok
15:43:53.0320 2220 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:53.0320 2220 vga - ok
15:43:53.0382 2220 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:43:53.0382 2220 VgaSave - ok
15:43:53.0460 2220 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:43:53.0476 2220 vhdmp - ok
15:43:53.0616 2220 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:43:53.0616 2220 viaagp - ok
15:43:53.0694 2220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:43:53.0710 2220 ViaC7 - ok
15:43:53.0881 2220 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
15:43:53.0913 2220 VIAHdAudAddService - ok
15:43:53.0991 2220 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:43:53.0991 2220 viaide - ok
15:43:54.0037 2220 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:43:54.0037 2220 vmbus - ok
15:43:54.0147 2220 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:43:54.0147 2220 VMBusHID - ok
15:43:54.0162 2220 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:43:54.0178 2220 volmgr - ok
15:43:54.0256 2220 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:43:54.0256 2220 volmgrx - ok
15:43:54.0381 2220 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:43:54.0381 2220 volsnap - ok
15:43:54.0537 2220 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
15:43:54.0537 2220 vpcbus - ok
15:43:54.0693 2220 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:43:54.0693 2220 vpcnfltr - ok
15:43:54.0864 2220 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
15:43:54.0864 2220 vpcusb - ok
15:43:55.0036 2220 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
15:43:55.0036 2220 vpcvmm - ok
15:43:55.0207 2220 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:55.0207 2220 vsmraid - ok
15:43:55.0426 2220 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
15:43:55.0426 2220 VSPerfDrv100 - ok
15:43:55.0582 2220 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:43:55.0582 2220 vwifibus - ok
15:43:55.0800 2220 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:43:55.0800 2220 wacmoumonitor - ok
15:43:55.0972 2220 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:43:55.0972 2220 wacommousefilter - ok
15:43:56.0112 2220 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:43:56.0112 2220 WacomPen - ok
15:43:56.0331 2220 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:43:56.0331 2220 wacomvhid - ok
15:43:56.0502 2220 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:56.0502 2220 WANARP - ok
15:43:56.0518 2220 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:56.0518 2220 Wanarpv6 - ok
15:43:56.0705 2220 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:43:56.0705 2220 Wd - ok
15:43:56.0861 2220 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:43:56.0861 2220 Wdf01000 - ok
15:43:57.0095 2220 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:57.0095 2220 WfpLwf - ok
15:43:57.0111 2220 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:43:57.0111 2220 WIMMount - ok
15:43:57.0313 2220 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
15:43:57.0313 2220 WinDriver6 - ok
15:43:57.0516 2220 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:43:57.0516 2220 WmiAcpi - ok
15:43:57.0688 2220 WRkrn (6f759df9b7b1ddd22febe80cd942b54f) C:\Windows\system32\drivers\WRkrn.sys
15:43:57.0688 2220 WRkrn - ok
15:43:57.0719 2220 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:43:57.0719 2220 ws2ifsl - ok
15:43:57.0781 2220 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:43:57.0781 2220 WudfPf - ok
15:43:57.0984 2220 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:58.0000 2220 WUDFRd - ok
15:43:58.0109 2220 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
15:43:58.0109 2220 \Device\Harddisk0\DR0 - ok
15:43:58.0109 2220 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
15:43:58.0125 2220 \Device\Harddisk1\DR1 - ok
15:43:58.0125 2220 Boot (0x1200) (71301cf578259c44eac051a30ed79edd) \Device\Harddisk0\DR0\Partition0
15:43:58.0125 2220 \Device\Harddisk0\DR0\Partition0 - ok
15:43:58.0140 2220 Boot (0x1200) (2746959d8da5bc6d6b27c080fc47f0e3) \Device\Harddisk0\DR0\Partition1
15:43:58.0140 2220 \Device\Harddisk0\DR0\Partition1 - ok
15:43:58.0140 2220 Boot (0x1200) (1b11360251bf637005d28619ac9fa751) \Device\Harddisk1\DR1\Partition0
15:43:58.0140 2220 \Device\Harddisk1\DR1\Partition0 - ok
15:43:58.0156 2220 Boot (0x1200) (b1fbf230aa5a079fd8c945ff08808f03) \Device\Harddisk1\DR1\Partition1
15:43:58.0156 2220 \Device\Harddisk1\DR1\Partition1 - ok
15:43:58.0156 2220 ================================================== ==========
15:43:58.0156 2220 Scan finished
15:43:58.0156 2220 ================================================== ==========
15:43:58.0171 2180 Detected object count: 1
15:43:58.0171 2180 Actual detected object count: 1
15:44:07.0563 2180 tmrkb ( ForgedFile.Multi.Generic ) - skipped by user
15:44:07.0563 2180 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Skip
15:44:29.0746 2020 Deinitialize success
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=01107bb2dd84144fb660d188b677b40b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-19 05:50:58
# local_time=2011-10-19 07:50:58 (+0100, Romance (zomertijd))
# country="Belgium"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 236247 236247 0 0
# compatibility_mode=1032 16777214 0 1 410479 410479 0 0
# compatibility_mode=5893 16776573 100 94 341 71472056 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=228395
# found=18
# cleaned=17
# scan_time=14567
C:\Qoobox\Quarantine\C\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Spybot - Search & Destroy\SDWinSec.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Tablet\Pen\Pen_Tablet.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Tablet\Pen\Pen_TouchService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\d esktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Frame work\v4.0.30319\mscorsvw.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\atiesrxx.e xe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ne tbt.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\16.10.2011_17.20.54\susp0 000\svc0000\tsk0000.dta Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jens Sierens\AppData\Local\05fe9198\X Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jens Sierens\Downloads\IZArc4.1.6.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\atieclxx.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\Windows\System32\c_11982.nl_ a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e8 55897bcd6\netbt.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
M:\DESKTOPBOVEN\Backup Set 2011-10-02 190007\Backup Files 2011-10-02 190007\Backup files 3.zip Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
M:\DESKTOPBOVEN\Backup Set 2011-10-02 190007\Backup Files 2011-10-02 190007\Backup files 4.zip a variant of Win32/Keygen.BH application (deleted - quarantined) 00000000000000000000000000000000 C
M:\DESKTOPBOVEN\Backup Set 2011-10-02 190007\Backup Files 2011-10-16 190007\Backup files 1.zip Win32/Sirefef.DD trojan (deleted - quarantined) 00000000000000000000000000000000 C
N:\Downloads\IZArc4.1.6.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
Bij 1 gedecteerd bestand gaf hij een error. Voor de rest heeft ESET heel wat bedreigingen gevonden die mijn (ex-)virusscanner AVG blijkbaar over het hoofd zag. Tenzij deze allemaal het resultaat zijn van de zero access rootkit?
mvg.
EvelineGirl 19 October 2011, 20:45 Sommigen stonden al in qurantaine van Combofix en tdsskiller. De anderen bevinden zich op je M en N schijf hier gaat het om backup.zip files. Je had meerdere infecties aan boord.
Wil je combofix nog een keer laten scannen?
Laat deze eerst updaten als er een nieuwe versie beschikbaar is.
Plaats het logje.
Hoe gaat het eigenlijk inmiddels?
Shinma 19 October 2011, 20:55 Zo op het eerste en het tweede zicht lijken de problemen toch opgelost. De zoekacties via google worden in ieder geval niet meer omgeleid naar een of andere obscure website. Wat tijdens de infectie bijna altijd voorkwam. En de pc zelf lijkt ook terug responsiever te handelen. Ik ben nu de combofix scan aan het draaien en kan dadelijk resultaten posten ;)
EvelineGirl 19 October 2011, 20:57 Prima dan denk ik dat we nu bijna kunnen gaan afronden. :)
Shinma 19 October 2011, 21:08 ComboFix 11-10-19.06 - Jens Sierens 19/10/2011 20:54:16.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1043.18.3327.2285 [GMT 2:00]
Gestart vanuit: c:\users\Jens Sierens\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jens Sierens\AppData\Local\05fe9198\U
c:\users\Jens Sierens\AppData\Local\05fe9198\U\80000000.@
c:\users\Jens Sierens\AppData\Local\05fe9198\U\800000cb.@
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))
.
.
2011-10-19 19:00 . 2011-10-19 19:00 -------- d-----w- c:\users\Jens Sierens\AppData\Local\temp
2011-10-19 19:00 . 2011-10-19 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-19 13:46 . 2011-10-19 13:46 -------- d-----w- c:\program files\ESET
2011-10-19 13:42 . 2011-10-19 13:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB7366E-7CB9-4B3F-89DE-28DD245291AC}\offreg.dll
2011-10-18 19:50 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB7366E-7CB9-4B3F-89DE-28DD245291AC}\mpengine.dll
2011-10-18 16:19 . 2010-08-16 13:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-10-18 16:19 . 2010-08-16 13:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-10-18 16:19 . 2010-08-16 13:31 11104 ------w- c:\windows\system32\pwdspio.sys
2011-10-17 14:44 . 2011-03-28 18:31 1713536 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2011-10-17 14:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-10-16 20:11 . 2011-10-16 20:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-10-16 20:11 . 2011-10-16 20:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-16 20:10 . 2011-10-16 20:10 388096 ----a-r- c:\users\Jens Sierens\AppData\Roaming\Microsoft\Installer\{45A66 726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-16 20:10 . 2011-10-16 20:10 -------- d-----w- c:\program files\Trend Micro
2011-10-16 17:39 . 2011-10-16 17:39 -------- d-----w- c:\program files\HJT
2011-10-16 15:22 . 2011-10-17 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-16 13:40 . 2011-10-16 13:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-16 13:40 . 2011-10-16 13:40 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\SUPERAntiSpyware.com
2011-10-14 20:32 . 2011-10-16 17:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-14 20:32 . 2011-10-14 20:32 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\Malwarebytes
2011-10-14 20:32 . 2011-10-14 20:32 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 20:31 . 2011-10-16 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 19:41 . 2011-10-14 19:41 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-10-14 19:41 . 2011-10-14 19:41 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-10-14 19:41 . 2011-10-14 19:59 -------- d-----w- c:\programdata\WRData
2011-10-14 19:41 . 2011-10-14 19:41 -------- d-----w- c:\program files\Webroot
2011-10-09 20:48 . 2011-10-19 19:00 -------- d-sh--w- c:\users\Jens Sierens\AppData\Local\05fe9198
2011-10-08 19:28 . 2011-10-08 19:28 -------- d-----w- c:\program files\Advanced File Organizer
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\DCoder Image Source
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\7-Zip
2011-10-03 21:26 . 2011-10-03 21:26 -------- d-----w- c:\program files\FFMPEG Core Files
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\SHOUTcast Source
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\CD Audio Reader Filter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\OpenSource AVI Splitter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\Gabest MPEG Splitter
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\DScaler5
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\AC3Filter
2011-10-03 21:25 . 2009-08-11 19:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files\Bass Audio Decoder
2011-10-03 21:24 . 2011-10-17 19:09 -------- d-----w- c:\programdata\Zoom Player
2011-10-03 21:24 . 2011-10-03 21:24 -------- d-----w- c:\program files\Zoom Player
2011-09-28 20:37 . 2011-09-28 20:42 -------- d-----w- c:\program files\Inkscape
2011-09-28 20:14 . 2011-09-28 20:14 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\WTablet
2011-09-28 20:14 . 2011-09-08 15:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-09-28 20:14 . 2011-09-08 15:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-09-28 20:14 . 2011-09-08 15:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-09-28 20:13 . 2011-09-08 15:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-09-28 20:13 . 2011-09-08 15:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2011-09-28 20:13 . 2011-09-08 15:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2011-09-28 20:13 . 2011-09-08 15:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-09-28 20:13 . 2011-09-28 20:14 -------- d-----w- c:\program files\Tablet
2011-09-26 19:53 . 2011-09-26 19:53 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\BitTorrent
2011-09-26 19:53 . 2011-09-26 19:53 -------- d-----w- c:\users\Jens Sierens\AppData\Local\BitTorrent
2011-09-26 19:51 . 2011-09-26 19:51 -------- d-----w- c:\users\Jens Sierens\AppData\Roaming\uTorrent
2011-09-26 19:51 . 2011-09-26 19:51 -------- d-----w- c:\users\Jens Sierens\AppData\Local\uTorrent
2011-09-25 13:38 . 2011-09-27 20:33 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-09-25 13:22 . 2011-09-25 13:22 -------- d-----w- c:\program files\Adobe Media Player
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-10-16 19:21 . 2010-10-19 17:05 295936 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2011-10-16 18:30 . 2011-06-16 08:57 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-16 15:22 . 2009-07-13 23:53 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-09-18 01:11 . 2010-10-09 14:46 1415680 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\Re sourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-10-14 599616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg&inst=NzctNjI0NjY1MzE5LVFJWDErNC1YMjAxMCsyLUxJQysyM i1GTDEwKzEtU1AxKzEtVFVHKzMtU1VEKzEtUzFJKzEtU1UzKzE tRERUKzQ1NDUxLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Jens Sierens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Jens Sierens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Star tup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jens Sierens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
path=c:\users\Jens Sierens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 15:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R1 SASDIFSV;SASDIFSV;c:\users\JENSSI~1\AppData\Local\ Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\JENSSI~1\AppData\Local\ Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-02-03 8192]
R2 tmrkb;tmrkb;c:\windows\system32\DRIVERS\tmrkb.sys [2011-10-16 65808]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-10-14 599616]
R3 AVRZU;AVRZU;c:\users\JENSSI~1\AppData\Local\Temp\A VRZU.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x3 2.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.s ys [2011-09-08 10752]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-10-14 106312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2009-06-10 66384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 03660340
*Deregistered* - 03660340
*Deregistered* - aswMBR
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = 0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jens Sierens\AppData\Roaming\Mozilla\Firefox\Profiles\l dg5rby9.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb3660a&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=nl&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62000
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1443393807-4273532130-1213093711-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,c8,2c,a7,c5,18,ef,aa,fe,72,80,8c,0b,9c,8a, 09,a4,d3,f2,09,e8,
f6,2c,64,d4,78,a4,07,3a,4e,23,81,c2,ee,2c,87,f5,a6 ,e7,c8,c8,89,2c,7c,2f,d4,\
"rkeysecu"=hex:5c,de,45,b9,14,cf,66,c0,06,25,22,8d,d9,37,8b, bc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-10-19 21:02:22
ComboFix-quarantined-files.txt 2011-10-19 19:02
ComboFix2.txt 2011-10-17 14:51
.
Pre-Run: 65.808.302.080 bytes beschikbaar
Post-Run: 65.764.003.840 bytes beschikbaar
.
- - End Of File - - 10C447A2E74AD49946D392391F64B83F
Ziezo.
EvelineGirl 19 October 2011, 21:16 Lijkt me weer helemaal schoon.
1.
Verwijder Combofix volg de onderstaande instructies.
Ga naar Start
Kopieer en plak: Combofix /Uninstall in de startzoekbalk.
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
2.
Download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) (by OldTimer)
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
ALLEEN voor Vista en Windows7 Gebruikers! XP gebruikers moeten dubbelklikken op OTC.exe.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
Verder mag je alle losse logjes/pictogrammen verwijderen als deze nog niet verwijderd waren.
3.
Download of Update Ccleaner (http://www.piriform.com/ccleaner/download/slim)
Start CCleaner op.
Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK
4.
Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier (http://www.malwareinfo.nl/handigetips/updates.html) lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier (http://www.malwareinfo.nl/handleidingen/secunia.html)
Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=4142)
Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/artikelen/p2pnetwerken.html)
Meer informatie over het op to date houden van uw software en tips om herinfectie te voorkomen vind u oa hier:
http://www.malwareinfo.nl/handigetips/updates.html en hier: http://users.telenet.be/marcvn/spyware/1564073.htm
Voorkomen is immers beter dan genezen.
Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier (http://www.malwareinfo.nl/diversen/beveiligingssoftware.html)
5.
Voor als je nog geen nieuwe antivirus geinstalleerd hebt en iets anders wil dan AVG:
Download en installeer 1 van de onderstaande gratis virusscanner.
Avast (http://www.avast.com/eng/download-avast-home.html)
Antivir Avira (http://www.free-av.com/)
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/)
Succes,
Eveline.:D
Shinma 19 October 2011, 21:21 Zo, echt bedankt EvelineGirl. U bent een echte internetbabe wat mij betreft. ^^ En u levert nobel werk. Ik ga een nieuwe workflow oprichten om die rotzooi van mijn computer weg te houden. Heb je misschien nog een tip omtrent Spybot S&D? Deze doet dienst bij mij als vaste spyware blocker maar zijn er soms betere alternatieven?
Voor de rest nog eens bedankt.
EvelineGirl 20 October 2011, 12:23 Naast je antivirus is Spybot S&D wel een goede keuze. Daarnaast kan ik je Malwarebytes Anti Malware aanraden als extra spyware/malware scanner. Deze moet je echter wel zelf handmatig updaten voordat je een scan laat doen. Afhankelijk van je surf en download gedrag is 1x per maand voldoende. Maar uiteraard begint de preventie bij jezelf. ;)
|
|