Volledige versie bekijken : Volgens mijn interprovider heb ik last van een rootkit botnet
Kiereweed 16 December 2011, 21:53 Beste helper,
Volens mijn internetprovider heb ik last van een rootkit, ik heb va hen dan ook een mail hierover gekregen.
Ik heb nu malwarebytes en TFC gedraaid en zou graag willen dat iemand naar mijn hijackthis log kijkt, zodat mijn pcweer helemaal schoon is. :-)
Alvast bedankt
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:32, on 16-12-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Updates\Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira Antivir\Avira\AntiVir Desktop\sched.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avguard.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Acronis True Image\TrueImageMonitor.exe
D:\Acronis True Image\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\RoBoForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
D:\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Bureaublad\HJ2\HijackThis.e xe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Snagit\SnagitBHO.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\RoBoForm\roboform.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\RoBoForm\roboform.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Snagit\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Acronis True Image\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Acronis True Image\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [RoboForm] "D:\RoBoForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\UTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "D:\RoBoForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://D:\RoBoForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://D:\RoBoForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://D:\RoBoForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://D:\RoBoForm\RoboFormComShowToolbar.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoBoForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoBoForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoBoForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoBoForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoBoForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoBoForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira Antivir\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira Antivir\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 11917 bytes
Maxstar 17 December 2011, 11:16 Hoi,
1. Download
TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Let op!!! Windows Vista & 7
gebruikers dienen TDSSkiller als administrator uit te voeren
"Rechtermuisknop uitvoeren als",
Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
Start nu TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Selecteer de inhoud (log) en plaats deze in uw volgende bericht.
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
2. Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.com).
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.scr).
DDS - Infospyware (http://www.infospyware.net/sUBs/dds).
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Plaats het logje van TDSSkiller en DDS in het volgende bericht.
Groet Maxstar
Kiereweed 17 December 2011, 11:59 10:42:44.0937 4996 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
10:42:45.0015 4996 ================================================== ==========
10:42:45.0015 4996 Current date / time: 2011/12/17 10:42:45.0015
10:42:45.0015 4996 SystemInfo:
10:42:45.0015 4996
10:42:45.0015 4996 OS Version: 5.1.2600 ServicePack: 3.0
10:42:45.0015 4996 Product type: Workstation
10:42:45.0015 4996 ComputerName: WOEBIE
10:42:45.0015 4996 UserName: Woebie
10:42:45.0015 4996 Windows directory: C:\WINDOWS
10:42:45.0015 4996 System windows directory: C:\WINDOWS
10:42:45.0015 4996 Processor architecture: Intel x86
10:42:45.0015 4996 Number of processors: 2
10:42:45.0015 4996 Page size: 0x1000
10:42:45.0015 4996 Boot type: Normal boot
10:42:45.0015 4996 ================================================== ==========
10:42:46.0015 4996 Initialize success
10:42:51.0296 5388 ================================================== ==========
10:42:51.0296 5388 Scan started
10:42:51.0296 5388 Mode: Manual; SigCheck; TDLFS;
10:42:51.0296 5388 ================================================== ==========
10:42:51.0875 5388 41713991 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\41713991.sys
10:42:52.0093 5388 41713991 - ok
10:42:52.0109 5388 41713992 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\41713992.sys
10:42:52.0125 5388 41713992 - ok
10:42:52.0125 5388 Abiosdsk - ok
10:42:52.0140 5388 abp480n5 - ok
10:42:52.0171 5388 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
10:42:52.0281 5388 ac97intc - ok
10:42:52.0312 5388 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:42:52.0437 5388 ACPI - ok
10:42:52.0453 5388 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:42:52.0593 5388 ACPIEC - ok
10:42:52.0625 5388 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:42:54.0250 5388 adpu160m - ok
10:42:54.0265 5388 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
10:42:54.0281 5388 adpu320 ( UnsignedFile.Multi.Generic ) - warning
10:42:54.0281 5388 adpu320 - detected UnsignedFile.Multi.Generic (1)
10:42:54.0312 5388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:42:54.0421 5388 aec - ok
10:42:54.0515 5388 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
10:42:54.0578 5388 AFD - ok
10:42:54.0578 5388 Aha154x - ok
10:42:54.0609 5388 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:42:54.0750 5388 aic78u2 - ok
10:42:54.0765 5388 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:42:54.0906 5388 aic78xx - ok
10:42:54.0921 5388 AliIde - ok
10:42:54.0937 5388 amsint - ok
10:42:54.0953 5388 asc - ok
10:42:54.0968 5388 asc3350p - ok
10:42:54.0984 5388 asc3550 - ok
10:42:55.0031 5388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:42:55.0140 5388 AsyncMac - ok
10:42:55.0171 5388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:42:55.0296 5388 atapi - ok
10:42:55.0296 5388 Atdisk - ok
10:42:55.0328 5388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:42:55.0437 5388 Atmarpc - ok
10:42:55.0468 5388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:42:55.0578 5388 audstub - ok
10:42:55.0671 5388 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira Antivir\Avira\AntiVir Desktop\avgio.sys
10:42:55.0687 5388 avgio - ok
10:42:55.0765 5388 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:42:55.0781 5388 avgntflt - ok
10:42:55.0796 5388 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:42:55.0812 5388 avipbb - ok
10:42:55.0843 5388 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:42:55.0859 5388 b57w2k - ok
10:42:55.0906 5388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:42:56.0031 5388 Beep - ok
10:42:56.0062 5388 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
10:42:56.0078 5388 Blfp - ok
10:42:56.0109 5388 catchme - ok
10:42:56.0125 5388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:42:56.0296 5388 cbidf2k - ok
10:42:56.0296 5388 cd20xrnt - ok
10:42:56.0312 5388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:42:56.0453 5388 Cdaudio - ok
10:42:56.0468 5388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:42:56.0609 5388 Cdfs - ok
10:42:56.0671 5388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:42:56.0796 5388 Cdrom - ok
10:42:56.0796 5388 Changer - ok
10:42:56.0828 5388 CmdIde - ok
10:42:56.0843 5388 Cpqarray - ok
10:42:56.0843 5388 dac2w2k - ok
10:42:56.0859 5388 dac960nt - ok
10:42:56.0890 5388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:42:57.0000 5388 Disk - ok
10:42:57.0046 5388 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
10:42:57.0187 5388 dmboot - ok
10:42:57.0203 5388 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
10:42:57.0375 5388 dmio - ok
10:42:57.0406 5388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:42:57.0531 5388 dmload - ok
10:42:57.0562 5388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:42:57.0671 5388 DMusic - ok
10:42:57.0703 5388 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:42:57.0828 5388 dpti2o - ok
10:42:57.0843 5388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:42:57.0953 5388 drmkaud - ok
10:42:57.0984 5388 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:42:58.0125 5388 E100B - ok
10:42:58.0171 5388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:42:58.0296 5388 Fastfat - ok
10:42:58.0359 5388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:42:58.0484 5388 Fdc - ok
10:42:58.0484 5388 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
10:42:58.0609 5388 Fips - ok
10:42:58.0640 5388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:42:58.0765 5388 Flpydisk - ok
10:42:58.0796 5388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:42:58.0921 5388 FltMgr - ok
10:42:58.0953 5388 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:42:58.0968 5388 fssfltr - ok
10:42:59.0000 5388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:42:59.0140 5388 Fs_Rec - ok
10:42:59.0140 5388 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:42:59.0265 5388 Ftdisk - ok
10:42:59.0281 5388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:42:59.0296 5388 GEARAspiWDM - ok
10:42:59.0312 5388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:42:59.0437 5388 Gpc - ok
10:42:59.0546 5388 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
10:42:59.0562 5388 HdAudAddService - ok
10:42:59.0593 5388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:42:59.0734 5388 HDAudBus - ok
10:42:59.0765 5388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:42:59.0890 5388 HidUsb - ok
10:42:59.0906 5388 hpn - ok
10:42:59.0953 5388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:42:59.0968 5388 HTTP - ok
10:42:59.0984 5388 i2omgmt - ok
10:42:59.0984 5388 i2omp - ok
10:43:00.0015 5388 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:43:00.0156 5388 i8042prt - ok
10:43:00.0187 5388 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
10:43:00.0312 5388 i81x - ok
10:43:00.0406 5388 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
10:43:00.0515 5388 iAimFP0 - ok
10:43:00.0515 5388 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
10:43:00.0625 5388 iAimFP1 - ok
10:43:00.0625 5388 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
10:43:00.0734 5388 iAimFP2 - ok
10:43:00.0734 5388 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
10:43:00.0843 5388 iAimFP3 - ok
10:43:00.0843 5388 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
10:43:00.0953 5388 iAimFP4 - ok
10:43:00.0953 5388 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
10:43:01.0062 5388 iAimFP5 - ok
10:43:01.0062 5388 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
10:43:01.0171 5388 iAimFP6 - ok
10:43:01.0171 5388 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
10:43:01.0281 5388 iAimFP7 - ok
10:43:01.0296 5388 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
10:43:01.0406 5388 iAimTV0 - ok
10:43:01.0406 5388 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
10:43:01.0515 5388 iAimTV1 - ok
10:43:01.0531 5388 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
10:43:01.0625 5388 iAimTV3 - ok
10:43:01.0640 5388 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
10:43:01.0750 5388 iAimTV4 - ok
10:43:01.0765 5388 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
10:43:01.0859 5388 iAimTV5 - ok
10:43:01.0875 5388 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
10:43:01.0968 5388 iAimTV6 - ok
10:43:02.0031 5388 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:43:02.0078 5388 ialm - ok
10:43:02.0125 5388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:43:02.0250 5388 Imapi - ok
10:43:02.0265 5388 ini910u - ok
10:43:02.0343 5388 IntcAzAudAddService (38e36fd56f8cb7e8b9802531365856a4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:43:02.0453 5388 IntcAzAudAddService - ok
10:43:02.0531 5388 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:43:02.0671 5388 IntelIde - ok
10:43:02.0687 5388 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:43:02.0828 5388 intelppm - ok
10:43:02.0843 5388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:43:02.0953 5388 Ip6Fw - ok
10:43:02.0984 5388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:43:03.0109 5388 IpFilterDriver - ok
10:43:03.0140 5388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:43:03.0265 5388 IpInIp - ok
10:43:03.0296 5388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:43:03.0406 5388 IpNat - ok
10:43:03.0437 5388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:43:03.0562 5388 IPSec - ok
10:43:03.0625 5388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:43:03.0750 5388 IRENUM - ok
10:43:03.0765 5388 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:43:03.0890 5388 isapnp - ok
10:43:03.0921 5388 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:43:04.0046 5388 Kbdclass - ok
10:43:04.0062 5388 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:43:04.0187 5388 kbdhid - ok
10:43:04.0218 5388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:43:04.0343 5388 kmixer - ok
10:43:04.0359 5388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:43:04.0390 5388 KSecDD - ok
10:43:04.0421 5388 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
10:43:04.0437 5388 L8042Kbd - ok
10:43:04.0453 5388 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
10:43:04.0453 5388 L8042mou - ok
10:43:04.0468 5388 lbrtfdc - ok
10:43:04.0515 5388 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
10:43:04.0531 5388 LHidFilt - ok
10:43:04.0546 5388 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
10:43:04.0562 5388 LMouFilt - ok
10:43:04.0625 5388 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
10:43:04.0640 5388 LMouKE - ok
10:43:04.0671 5388 LUsbFilt (9bc5a8f08cc4770c95f9c55d992de929) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
10:43:04.0671 5388 LUsbFilt - ok
10:43:04.0718 5388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:43:04.0843 5388 mnmdd - ok
10:43:04.0859 5388 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
10:43:05.0000 5388 Modem - ok
10:43:05.0015 5388 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:43:05.0156 5388 Mouclass - ok
10:43:05.0156 5388 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:43:05.0296 5388 mouhid - ok
10:43:05.0312 5388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:43:05.0453 5388 MountMgr - ok
10:43:05.0453 5388 mraid35x - ok
10:43:05.0468 5388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:43:05.0578 5388 MRxDAV - ok
10:43:05.0625 5388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:43:05.0656 5388 MRxSmb - ok
10:43:05.0687 5388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:43:05.0812 5388 Msfs - ok
10:43:05.0906 5388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:43:06.0015 5388 MSKSSRV - ok
10:43:06.0046 5388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:43:06.0156 5388 MSPCLOCK - ok
10:43:06.0171 5388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:43:06.0328 5388 MSPQM - ok
10:43:06.0343 5388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:43:06.0500 5388 mssmbios - ok
10:43:06.0515 5388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:43:06.0578 5388 Mup - ok
10:43:06.0609 5388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:43:06.0734 5388 NDIS - ok
10:43:06.0765 5388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:43:06.0781 5388 NdisTapi - ok
10:43:06.0796 5388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:43:06.0921 5388 Ndisuio - ok
10:43:06.0953 5388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:43:07.0062 5388 NdisWan - ok
10:43:07.0078 5388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:43:07.0109 5388 NDProxy - ok
10:43:07.0187 5388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:43:07.0312 5388 NetBIOS - ok
10:43:07.0343 5388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:43:07.0453 5388 NetBT - ok
10:43:07.0484 5388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:43:07.0609 5388 Npfs - ok
10:43:07.0625 5388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:43:07.0765 5388 Ntfs - ok
10:43:07.0812 5388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:43:07.0937 5388 Null - ok
10:43:07.0968 5388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:43:08.0093 5388 NwlnkFlt - ok
10:43:08.0109 5388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:43:08.0234 5388 NwlnkFwd - ok
10:43:08.0250 5388 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys
10:43:08.0375 5388 P3 - ok
10:43:08.0390 5388 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
10:43:08.0515 5388 Parport - ok
10:43:08.0531 5388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:43:08.0640 5388 PartMgr - ok
10:43:08.0656 5388 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
10:43:08.0765 5388 ParVdm - ok
10:43:08.0828 5388 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
10:43:08.0953 5388 PCI - ok
10:43:08.0968 5388 PCIDump - ok
10:43:08.0984 5388 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:43:09.0109 5388 PCIIde - ok
10:43:09.0140 5388 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:43:09.0265 5388 Pcmcia - ok
10:43:09.0281 5388 PDCOMP - ok
10:43:09.0281 5388 PDFRAME - ok
10:43:09.0296 5388 PDRELI - ok
10:43:09.0312 5388 PDRFRAME - ok
10:43:09.0312 5388 perc2 - ok
10:43:09.0328 5388 perc2hib - ok
10:43:09.0359 5388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:43:09.0484 5388 PptpMiniport - ok
10:43:09.0500 5388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:43:09.0609 5388 PSched - ok
10:43:09.0625 5388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:43:09.0750 5388 Ptilink - ok
10:43:09.0765 5388 ql1080 - ok
10:43:09.0781 5388 Ql10wnt - ok
10:43:09.0796 5388 ql12160 - ok
10:43:09.0796 5388 ql1240 - ok
10:43:09.0812 5388 ql1280 - ok
10:43:09.0828 5388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:43:09.0937 5388 RasAcd - ok
10:43:09.0968 5388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:43:10.0093 5388 Rasl2tp - ok
10:43:10.0093 5388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:43:10.0218 5388 RasPppoe - ok
10:43:10.0218 5388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:43:10.0343 5388 Raspti - ok
10:43:10.0359 5388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:43:10.0468 5388 Rdbss - ok
10:43:10.0531 5388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:43:10.0656 5388 RDPCDD - ok
10:43:10.0671 5388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:43:10.0796 5388 rdpdr - ok
10:43:10.0828 5388 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:43:10.0859 5388 RDPWD - ok
10:43:10.0890 5388 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:43:11.0000 5388 redbook - ok
10:43:11.0125 5388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:43:11.0234 5388 Secdrv - ok
10:43:11.0265 5388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:43:11.0390 5388 serenum - ok
10:43:11.0406 5388 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
10:43:11.0531 5388 Serial - ok
10:43:11.0703 5388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:43:11.0828 5388 Sfloppy - ok
10:43:11.0843 5388 Simbad - ok
10:43:11.0890 5388 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
10:43:11.0906 5388 snapman - ok
10:43:11.0906 5388 Sparrow - ok
10:43:11.0937 5388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:43:12.0062 5388 splitter - ok
10:43:12.0062 5388 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
10:43:12.0203 5388 sr - ok
10:43:12.0234 5388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:43:12.0281 5388 Srv - ok
10:43:12.0312 5388 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:43:12.0328 5388 ssmdrv - ok
10:43:12.0343 5388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:43:12.0484 5388 swenum - ok
10:43:12.0484 5388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:43:12.0609 5388 swmidi - ok
10:43:12.0640 5388 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:43:12.0765 5388 symc810 - ok
10:43:12.0812 5388 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:43:12.0937 5388 symc8xx - ok
10:43:12.0968 5388 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
10:43:12.0968 5388 Symmpi ( UnsignedFile.Multi.Generic ) - warning
10:43:12.0968 5388 Symmpi - detected UnsignedFile.Multi.Generic (1)
10:43:13.0000 5388 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:43:13.0125 5388 sym_hi - ok
10:43:13.0125 5388 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:43:13.0250 5388 sym_u3 - ok
10:43:13.0281 5388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:43:13.0390 5388 sysaudio - ok
10:43:13.0437 5388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:43:13.0468 5388 Tcpip - ok
10:43:13.0515 5388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:43:13.0640 5388 TDPIPE - ok
10:43:13.0671 5388 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
10:43:13.0687 5388 tdrpman - ok
10:43:13.0718 5388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:43:13.0843 5388 TDTCP - ok
10:43:13.0906 5388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:43:14.0046 5388 TermDD - ok
10:43:14.0078 5388 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
10:43:14.0093 5388 tifsfilter - ok
10:43:14.0109 5388 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
10:43:14.0140 5388 timounter - ok
10:43:14.0140 5388 TosIde - ok
10:43:14.0187 5388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:43:14.0343 5388 Udfs - ok
10:43:14.0343 5388 ultra - ok
10:43:14.0390 5388 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:43:14.0406 5388 USBAAPL - ok
10:43:14.0421 5388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:43:14.0546 5388 usbccgp - ok
10:43:14.0562 5388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:43:14.0687 5388 usbehci - ok
10:43:14.0703 5388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:43:14.0828 5388 usbhub - ok
10:43:14.0859 5388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:43:14.0968 5388 usbscan - ok
10:43:15.0000 5388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:43:15.0109 5388 USBSTOR - ok
10:43:15.0187 5388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:43:15.0296 5388 usbuhci - ok
10:43:15.0328 5388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:43:15.0437 5388 VgaSave - ok
10:43:15.0453 5388 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:43:15.0593 5388 ViaIde - ok
10:43:15.0609 5388 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
10:43:15.0734 5388 VolSnap - ok
10:43:15.0765 5388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:43:15.0875 5388 Wanarp - ok
10:43:15.0921 5388 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:43:15.0937 5388 Wdf01000 - ok
10:43:15.0968 5388 WDICA - ok
10:43:16.0000 5388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:43:16.0125 5388 wdmaud - ok
10:43:16.0171 5388 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:43:16.0296 5388 WmiAcpi - ok
10:43:16.0343 5388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:43:16.0375 5388 WudfPf - ok
10:43:16.0437 5388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:43:16.0453 5388 WudfRd - ok
10:43:16.0484 5388 xcpip - ok
10:43:16.0500 5388 xpsec - ok
10:43:16.0515 5388 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
10:43:16.0515 5388 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
10:43:16.0515 5388 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
10:43:16.0531 5388 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:43:16.0531 5388 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:43:16.0546 5388 Boot (0x1200) (c2dcc2ff34b324546bb9ec7647d777c4) \Device\Harddisk0\DR0\Partition0
10:43:16.0546 5388 \Device\Harddisk0\DR0\Partition0 - ok
10:43:16.0562 5388 Boot (0x1200) (e8ce9520575b01c5e099cca1fe427eb9) \Device\Harddisk0\DR0\Partition1
10:43:16.0562 5388 \Device\Harddisk0\DR0\Partition1 - ok
10:43:16.0578 5388 Boot (0x1200) (8d313f086f8525fd33f2c8e53eee587e) \Device\Harddisk0\DR0\Partition2
10:43:16.0593 5388 \Device\Harddisk0\DR0\Partition2 - ok
10:43:16.0593 5388 ================================================== ==========
10:43:16.0593 5388 Scan finished
10:43:16.0593 5388 ================================================== ==========
10:43:16.0718 5384 Detected object count: 4
10:43:16.0718 5384 Actual detected object count: 4
10:44:05.0031 5384 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:05.0031 5384 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:05.0031 5384 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:05.0031 5384 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:05.0093 5384 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
10:44:05.0093 5384 \Device\Harddisk0\DR0 - ok
10:44:05.0093 5384 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
10:44:05.0093 5384 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:44:05.0093 5384 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:45:01.0578 4980 Deinitialize success
============================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Woebie at 10:55:29 on 2011-12-17
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1377 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\Windows Updates\Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira Antivir\Avira\AntiVir Desktop\sched.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avguard.exe
svchost.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Acronis True Image\TrueImageMonitor.exe
D:\Acronis True Image\TimounterMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\RoBoForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\snagit\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\roboform\roboform.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\snagit\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [RoboForm] "d:\roboform\RoboTaskBarIcon.exe"
uRun: [uTorrent] "d:\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [TrueImageMonitor.exe] d:\acronis true image\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] d:\acronis true image\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avgnt] "d:\avira antivir\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [RoboForm] "d:\roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\lo gite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger .exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\lo gite~2.lnk - d:\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{429A4EA0-C19E-4B05-BC9D-8EAC655B8C75} : DhcpNameServer = 192.168.1.254
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\window~1\defender\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 41713992;41713992 Boot Guard Driver;c:\windows\system32\drivers\41713992.sys [2011-6-18 37392]
R1 41713991;41713991;c:\windows\system32\drivers\4171 3991.sys [2011-6-18 128016]
R1 avgio;avgio;d:\avira antivir\avira\antivir desktop\avgio.sys [2009-5-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\avira\antivir desktop\sched.exe [2009-5-26 136360]
R2 AntiVirService;Avira AntiVir Guard;d:\avira antivir\avira\antivir desktop\avguard.exe [2009-5-26 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-5-26 66616]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-9-22 54752]
R2 WinDefend;Windows Defender;d:\windows updates\defender\MsMpEng.exe [2006-11-3 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2011-12-17 09:53:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a328446c-afeb-46b3-8604-0a711bf5d1c2}\offreg.dll
2011-12-16 19:47:01 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
.
==================== Find3M ====================
.
.
============= FINISH: 10:56:10,89 ===============
Maxstar 17 December 2011, 12:01 Hoi,
De Sinowal rootkit is in ieder geval al verwijderd.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)
kunt u lezen hoe u Combofix dient te gebruiken.
Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
*
(hier (http://www.bleepingcomputer.com/forums/topic114351.html)
of
hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
staat een handleiding over hoe je deze kan uitschakelen:)
Dubbelklik op "ComboFix.exe en ga "Akkoord" met de 'Disclaimer'
Als er een melding komt dat er "Een nieuwere versie van
ComboFix" beschikbaar is klik dan op "Ja" om te
updaten.
http://www.imgdumper.nl/uploads4/4ddf63b149eec/4ddf63b148b62-CFupdate.jpg
Klik na het update nogmaals op "Akkoord" en ComboFix zal nu starten.
Als de "Recovery Console" nog niet aanwezig is zal ComboFix deze
installeren indien er een actieve internet verbinding nodig.
http://www.imgdumper.nl/uploads4/4ddf64651065e/4ddf64650e307-CFrc.jpg
Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok"
Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet
worden zoals bij bijvoorbeeld een aanwezige rootkit, dit is
normaal.
* Noot !!! Als er een error
wordt getoond met de melding "Illegal operation attempted on a registery
key that has been marked for deletion." herstart dan de
computer.
Wanneer ComboFix klaar is, zal
het het een logbestand voor je maken. Post de inhoud van dit logbestand
(te vinden als C:\ComboFix.txt) in je volgende bericht.
Groet Maxstar
Kiereweed 17 December 2011, 13:05 Bij deze de combofix log
En bedankt voor het snelle reageren!!!
ComboFix 11-12-16.03 - Woebie 17-12-2011 11:54:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1365 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{088D3F8A-9DB5-46AF-94A3-35E294E1B7ED}\1043.MST
c:\windows\Downloaded Installations\BMP\{088D3F8A-9DB5-46AF-94A3-35E294E1B7ED}\BMP.msi
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-17 to 2011-12-17 ))))))))))))))))))))))))))))))
.
.
2011-12-17 10:59 . 2011-12-17 10:59 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A328446C-AFEB-46B3-8604-0A711BF5D1C2}\offreg.dll
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 41713992;41713992 Boot Guard Driver;c:\windows\system32\drivers\41713992.sys [18-6-2011 18:23 37392]
R1 41713991;41713991;c:\windows\system32\drivers\4171 3991.sys [18-6-2011 18:23 128016]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-17 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-45349988.sys
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2356)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\avira antivir\Avira\AntiVir Desktop\avguard.exe
d:\avira antivir\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
.
************************************************** ************************
.
Voltooingstijd: 2011-12-17 12:03:36 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-17 11:03
ComboFix2.txt 2011-06-18 09:16
.
Pre-Run: 64.206.110.720 bytes beschikbaar
Post-Run: 64.119.017.472 bytes beschikbaar
.
- - End Of File - - DCAD43CDC707533A063262EA6D0B23EA
Maxstar 17 December 2011, 13:11 Hoi,
Heb je ooit Kaspersky geïnstalleerd gehad op deze PC?
Groet Maxstar
Kiereweed 17 December 2011, 13:21 Ik weet het niet zeker, maar het zou best wel eens kunnen, dat ik die heb geïnstalleerd, voordat ik naar avira ben over gegaan.
Mag ik ook vragen waarom je dat wilt weten. Het is voornamelijk uit nieuwsgierigheid dat ik het vraag.
Maxstar 17 December 2011, 13:25 Hoi,
Ik vroeg dit vanwege de volgende twee regels.
R0 41713992;41713992 Boot Guard Driver;c:\windows\system32\drivers\41713992.sys [18-6-2011 18:23 37392]
R1 41713991;41713991;c:\windows\system32\drivers\4171 3991.sys [18-6-2011 18:23 128016]
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -
File::
c:\windows\system32\drivers\4171 3991.sys
c:\windows\system32\drivers\41713991.sys
c:\windows\system32\drivers\41713992.sys
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
Driver::
41713991
41713992
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van TDSSkiller.
Groet Maxstar
Kiereweed 17 December 2011, 16:05 ComboFix 11-12-16.03 - Woebie 17-12-2011 14:48:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1370 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\drivers\4171 3991.sys"
"c:\windows\system32\drivers\41713991.sys"
"c:\windows\system32\drivers\41713992.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\41713991.sys
c:\windows\system32\drivers\41713992.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_41713991
-------\Legacy_41713992
-------\Service_41713991
-------\Service_41713992
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-17 to 2011-12-17 ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-17 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(4000)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\avira antivir\Avira\AntiVir Desktop\avguard.exe
d:\avira antivir\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
.
************************************************** ************************
.
Voltooingstijd: 2011-12-17 14:57:42 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-17 13:57
ComboFix2.txt 2011-12-17 11:03
ComboFix3.txt 2011-06-18 09:16
.
Pre-Run: 64.122.359.808 bytes beschikbaar
Post-Run: 64.113.688.576 bytes beschikbaar
.
- - End Of File - - 89E65A819D669A818115FFF57C96293B
==============================================
15:03:13.0687 1744 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:03:13.0796 1744 ================================================== ==========
15:03:13.0796 1744 Current date / time: 2011/12/17 15:03:13.0796
15:03:13.0796 1744 SystemInfo:
15:03:13.0796 1744
15:03:13.0796 1744 OS Version: 5.1.2600 ServicePack: 3.0
15:03:13.0796 1744 Product type: Workstation
15:03:13.0796 1744 ComputerName: WOEBIE
15:03:13.0796 1744 UserName: Woebie
15:03:13.0796 1744 Windows directory: C:\WINDOWS
15:03:13.0796 1744 System windows directory: C:\WINDOWS
15:03:13.0796 1744 Processor architecture: Intel x86
15:03:13.0796 1744 Number of processors: 2
15:03:13.0796 1744 Page size: 0x1000
15:03:13.0796 1744 Boot type: Normal boot
15:03:13.0796 1744 ================================================== ==========
15:03:14.0812 1744 Initialize success
15:03:24.0656 0440 ================================================== ==========
15:03:24.0656 0440 Scan started
15:03:24.0656 0440 Mode: Manual; SigCheck; TDLFS;
15:03:24.0656 0440 ================================================== ==========
15:03:25.0203 0440 Abiosdsk - ok
15:03:25.0218 0440 abp480n5 - ok
15:03:25.0250 0440 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
15:03:25.0843 0440 ac97intc - ok
15:03:25.0937 0440 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:03:26.0125 0440 ACPI - ok
15:03:26.0156 0440 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:03:26.0281 0440 ACPIEC - ok
15:03:26.0312 0440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:03:26.0453 0440 adpu160m - ok
15:03:26.0468 0440 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
15:03:26.0500 0440 adpu320 ( UnsignedFile.Multi.Generic ) - warning
15:03:26.0500 0440 adpu320 - detected UnsignedFile.Multi.Generic (1)
15:03:26.0515 0440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:03:26.0656 0440 aec - ok
15:03:26.0671 0440 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:03:26.0718 0440 AFD - ok
15:03:26.0796 0440 Aha154x - ok
15:03:26.0812 0440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:03:26.0953 0440 aic78u2 - ok
15:03:26.0968 0440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:03:27.0109 0440 aic78xx - ok
15:03:27.0125 0440 AliIde - ok
15:03:27.0140 0440 amsint - ok
15:03:27.0156 0440 asc - ok
15:03:27.0171 0440 asc3350p - ok
15:03:27.0187 0440 asc3550 - ok
15:03:27.0234 0440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:03:27.0390 0440 AsyncMac - ok
15:03:27.0406 0440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:03:27.0531 0440 atapi - ok
15:03:27.0546 0440 Atdisk - ok
15:03:27.0578 0440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:03:27.0703 0440 Atmarpc - ok
15:03:27.0796 0440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:03:27.0921 0440 audstub - ok
15:03:28.0015 0440 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira Antivir\Avira\AntiVir Desktop\avgio.sys
15:03:28.0031 0440 avgio - ok
15:03:28.0062 0440 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:03:28.0140 0440 avgntflt - ok
15:03:28.0171 0440 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:03:28.0187 0440 avipbb - ok
15:03:28.0218 0440 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:03:28.0250 0440 b57w2k - ok
15:03:28.0343 0440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:03:28.0484 0440 Beep - ok
15:03:28.0515 0440 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
15:03:28.0562 0440 Blfp - ok
15:03:28.0578 0440 catchme - ok
15:03:28.0593 0440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:03:28.0734 0440 cbidf2k - ok
15:03:28.0750 0440 cd20xrnt - ok
15:03:28.0765 0440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:03:28.0890 0440 Cdaudio - ok
15:03:28.0921 0440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:03:29.0046 0440 Cdfs - ok
15:03:29.0062 0440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:03:29.0187 0440 Cdrom - ok
15:03:29.0187 0440 Changer - ok
15:03:29.0218 0440 CmdIde - ok
15:03:29.0234 0440 Cpqarray - ok
15:03:29.0234 0440 dac2w2k - ok
15:03:29.0250 0440 dac960nt - ok
15:03:29.0281 0440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:29.0390 0440 Disk - ok
15:03:29.0437 0440 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:03:29.0593 0440 dmboot - ok
15:03:29.0671 0440 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:03:29.0796 0440 dmio - ok
15:03:29.0828 0440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:03:29.0953 0440 dmload - ok
15:03:29.0968 0440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:03:30.0093 0440 DMusic - ok
15:03:30.0109 0440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:03:30.0250 0440 dpti2o - ok
15:03:30.0250 0440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:30.0375 0440 drmkaud - ok
15:03:30.0406 0440 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:03:30.0531 0440 E100B - ok
15:03:30.0593 0440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:30.0718 0440 Fastfat - ok
15:03:30.0734 0440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:03:30.0859 0440 Fdc - ok
15:03:30.0875 0440 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:03:31.0000 0440 Fips - ok
15:03:31.0093 0440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:03:31.0218 0440 Flpydisk - ok
15:03:31.0250 0440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:03:31.0375 0440 FltMgr - ok
15:03:31.0406 0440 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
15:03:31.0421 0440 fssfltr - ok
15:03:31.0453 0440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:31.0609 0440 Fs_Rec - ok
15:03:31.0625 0440 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:31.0765 0440 Ftdisk - ok
15:03:31.0781 0440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:31.0796 0440 GEARAspiWDM - ok
15:03:31.0828 0440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:31.0953 0440 Gpc - ok
15:03:31.0984 0440 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
15:03:32.0031 0440 HdAudAddService - ok
15:03:32.0125 0440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:32.0250 0440 HDAudBus - ok
15:03:32.0296 0440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:32.0421 0440 HidUsb - ok
15:03:32.0437 0440 hpn - ok
15:03:32.0468 0440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:32.0500 0440 HTTP - ok
15:03:32.0515 0440 i2omgmt - ok
15:03:32.0515 0440 i2omp - ok
15:03:32.0546 0440 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:32.0703 0440 i8042prt - ok
15:03:32.0734 0440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:03:32.0843 0440 i81x - ok
15:03:32.0890 0440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:03:33.0000 0440 iAimFP0 - ok
15:03:33.0062 0440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:03:33.0171 0440 iAimFP1 - ok
15:03:33.0171 0440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:03:33.0281 0440 iAimFP2 - ok
15:03:33.0296 0440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:03:33.0390 0440 iAimFP3 - ok
15:03:33.0406 0440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:03:33.0515 0440 iAimFP4 - ok
15:03:33.0531 0440 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
15:03:33.0625 0440 iAimFP5 - ok
15:03:33.0640 0440 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
15:03:33.0750 0440 iAimFP6 - ok
15:03:33.0750 0440 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
15:03:33.0859 0440 iAimFP7 - ok
15:03:33.0875 0440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:03:33.0984 0440 iAimTV0 - ok
15:03:34.0000 0440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:03:34.0093 0440 iAimTV1 - ok
15:03:34.0125 0440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:03:34.0234 0440 iAimTV3 - ok
15:03:34.0234 0440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:03:34.0343 0440 iAimTV4 - ok
15:03:34.0359 0440 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
15:03:34.0468 0440 iAimTV5 - ok
15:03:34.0484 0440 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
15:03:34.0593 0440 iAimTV6 - ok
15:03:34.0640 0440 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:03:34.0765 0440 ialm - ok
15:03:34.0859 0440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:34.0984 0440 Imapi - ok
15:03:35.0000 0440 ini910u - ok
15:03:35.0078 0440 IntcAzAudAddService (38e36fd56f8cb7e8b9802531365856a4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:03:35.0250 0440 IntcAzAudAddService - ok
15:03:35.0265 0440 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:03:35.0421 0440 IntelIde - ok
15:03:35.0437 0440 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:03:35.0546 0440 intelppm - ok
15:03:35.0562 0440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:03:35.0703 0440 Ip6Fw - ok
15:03:35.0781 0440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:35.0906 0440 IpFilterDriver - ok
15:03:35.0937 0440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:36.0062 0440 IpInIp - ok
15:03:36.0093 0440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:03:36.0203 0440 IpNat - ok
15:03:36.0218 0440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:03:36.0343 0440 IPSec - ok
15:03:36.0359 0440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:03:36.0484 0440 IRENUM - ok
15:03:36.0500 0440 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:03:36.0625 0440 isapnp - ok
15:03:36.0656 0440 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:03:36.0781 0440 Kbdclass - ok
15:03:36.0859 0440 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:03:37.0000 0440 kbdhid - ok
15:03:37.0031 0440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:03:37.0156 0440 kmixer - ok
15:03:37.0171 0440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:03:37.0234 0440 KSecDD - ok
15:03:37.0265 0440 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:03:37.0281 0440 L8042Kbd - ok
15:03:37.0312 0440 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:03:37.0343 0440 L8042mou - ok
15:03:37.0359 0440 lbrtfdc - ok
15:03:37.0406 0440 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:03:37.0421 0440 LHidFilt - ok
15:03:37.0453 0440 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:03:37.0468 0440 LMouFilt - ok
15:03:37.0484 0440 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:03:37.0500 0440 LMouKE - ok
15:03:37.0531 0440 LUsbFilt (9bc5a8f08cc4770c95f9c55d992de929) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:03:37.0546 0440 LUsbFilt - ok
15:03:37.0562 0440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:03:37.0718 0440 mnmdd - ok
15:03:37.0750 0440 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:03:37.0890 0440 Modem - ok
15:03:37.0968 0440 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:03:38.0109 0440 Mouclass - ok
15:03:38.0125 0440 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:03:38.0265 0440 mouhid - ok
15:03:38.0281 0440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:03:38.0421 0440 MountMgr - ok
15:03:38.0437 0440 mraid35x - ok
15:03:38.0437 0440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:03:38.0593 0440 MRxDAV - ok
15:03:38.0625 0440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:03:38.0703 0440 MRxSmb - ok
15:03:38.0750 0440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:03:38.0875 0440 Msfs - ok
15:03:38.0906 0440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:03:39.0031 0440 MSKSSRV - ok
15:03:39.0046 0440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:03:39.0171 0440 MSPCLOCK - ok
15:03:39.0171 0440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:03:39.0296 0440 MSPQM - ok
15:03:39.0390 0440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:03:39.0515 0440 mssmbios - ok
15:03:39.0531 0440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:03:39.0578 0440 Mup - ok
15:03:39.0609 0440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:03:39.0734 0440 NDIS - ok
15:03:39.0765 0440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:03:39.0796 0440 NdisTapi - ok
15:03:39.0812 0440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:03:39.0968 0440 Ndisuio - ok
15:03:39.0984 0440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:03:40.0140 0440 NdisWan - ok
15:03:40.0156 0440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:03:40.0203 0440 NDProxy - ok
15:03:40.0265 0440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:03:40.0390 0440 NetBIOS - ok
15:03:40.0421 0440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:03:40.0546 0440 NetBT - ok
15:03:40.0593 0440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:03:40.0703 0440 Npfs - ok
15:03:40.0734 0440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:03:40.0859 0440 Ntfs - ok
15:03:40.0890 0440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:03:41.0015 0440 Null - ok
15:03:41.0031 0440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:03:41.0156 0440 NwlnkFlt - ok
15:03:41.0171 0440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:03:41.0281 0440 NwlnkFwd - ok
15:03:41.0343 0440 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys
15:03:41.0468 0440 P3 - ok
15:03:41.0484 0440 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
15:03:41.0609 0440 Parport - ok
15:03:41.0656 0440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:03:41.0781 0440 PartMgr - ok
15:03:41.0796 0440 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:03:41.0921 0440 ParVdm - ok
15:03:41.0953 0440 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:03:42.0078 0440 PCI - ok
15:03:42.0078 0440 PCIDump - ok
15:03:42.0109 0440 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:03:42.0234 0440 PCIIde - ok
15:03:42.0250 0440 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:03:42.0375 0440 Pcmcia - ok
15:03:42.0390 0440 PDCOMP - ok
15:03:42.0390 0440 PDFRAME - ok
15:03:42.0406 0440 PDRELI - ok
15:03:42.0421 0440 PDRFRAME - ok
15:03:42.0421 0440 perc2 - ok
15:03:42.0437 0440 perc2hib - ok
15:03:42.0484 0440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:03:42.0609 0440 PptpMiniport - ok
15:03:42.0625 0440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:03:42.0734 0440 PSched - ok
15:03:42.0765 0440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:03:42.0890 0440 Ptilink - ok
15:03:42.0953 0440 ql1080 - ok
15:03:42.0953 0440 Ql10wnt - ok
15:03:42.0968 0440 ql12160 - ok
15:03:42.0968 0440 ql1240 - ok
15:03:42.0984 0440 ql1280 - ok
15:03:43.0000 0440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:03:43.0125 0440 RasAcd - ok
15:03:43.0125 0440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:03:43.0250 0440 Rasl2tp - ok
15:03:43.0281 0440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:03:43.0390 0440 RasPppoe - ok
15:03:43.0406 0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:03:43.0531 0440 Raspti - ok
15:03:43.0546 0440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:03:43.0671 0440 Rdbss - ok
15:03:43.0703 0440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:03:43.0812 0440 RDPCDD - ok
15:03:43.0828 0440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:03:43.0953 0440 rdpdr - ok
15:03:44.0000 0440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:03:44.0015 0440 RDPWD - ok
15:03:44.0062 0440 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:03:44.0187 0440 redbook - ok
15:03:44.0250 0440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:03:44.0375 0440 Secdrv - ok
15:03:44.0437 0440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:03:44.0562 0440 serenum - ok
15:03:44.0578 0440 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
15:03:44.0718 0440 Serial - ok
15:03:44.0765 0440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:03:44.0875 0440 Sfloppy - ok
15:03:44.0890 0440 Simbad - ok
15:03:44.0937 0440 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
15:03:44.0953 0440 snapman - ok
15:03:44.0968 0440 Sparrow - ok
15:03:44.0984 0440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:03:45.0109 0440 splitter - ok
15:03:45.0109 0440 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:03:45.0234 0440 sr - ok
15:03:45.0265 0440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:03:45.0328 0440 Srv - ok
15:03:45.0375 0440 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:03:45.0390 0440 ssmdrv - ok
15:03:45.0421 0440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:03:45.0546 0440 swenum - ok
15:03:45.0546 0440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:03:45.0671 0440 swmidi - ok
15:03:45.0765 0440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:03:45.0890 0440 symc810 - ok
15:03:45.0890 0440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:03:46.0015 0440 symc8xx - ok
15:03:46.0046 0440 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
15:03:46.0062 0440 Symmpi ( UnsignedFile.Multi.Generic ) - warning
15:03:46.0062 0440 Symmpi - detected UnsignedFile.Multi.Generic (1)
15:03:46.0218 0440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:03:46.0437 0440 sym_hi - ok
15:03:46.0453 0440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:03:46.0562 0440 sym_u3 - ok
15:03:46.0578 0440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:03:46.0718 0440 sysaudio - ok
15:03:46.0750 0440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:03:46.0796 0440 Tcpip - ok
15:03:46.0890 0440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:03:47.0015 0440 TDPIPE - ok
15:03:47.0062 0440 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
15:03:47.0093 0440 tdrpman - ok
15:03:47.0125 0440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:03:47.0250 0440 TDTCP - ok
15:03:47.0265 0440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:03:47.0390 0440 TermDD - ok
15:03:47.0406 0440 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:03:47.0437 0440 tifsfilter - ok
15:03:47.0453 0440 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
15:03:47.0484 0440 timounter - ok
15:03:47.0500 0440 TosIde - ok
15:03:47.0531 0440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:03:47.0671 0440 Udfs - ok
15:03:47.0671 0440 ultra - ok
15:03:47.0718 0440 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:03:47.0750 0440 USBAAPL - ok
15:03:47.0843 0440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:03:47.0953 0440 usbccgp - ok
15:03:47.0984 0440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:03:48.0125 0440 usbehci - ok
15:03:48.0140 0440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:03:48.0265 0440 usbhub - ok
15:03:48.0296 0440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:03:48.0421 0440 usbscan - ok
15:03:48.0453 0440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:03:48.0578 0440 USBSTOR - ok
15:03:48.0593 0440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:03:48.0718 0440 usbuhci - ok
15:03:48.0718 0440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:03:48.0843 0440 VgaSave - ok
15:03:48.0859 0440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:03:48.0984 0440 ViaIde - ok
15:03:49.0078 0440 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:03:49.0203 0440 VolSnap - ok
15:03:49.0234 0440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:03:49.0359 0440 Wanarp - ok
15:03:49.0390 0440 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:03:49.0421 0440 Wdf01000 - ok
15:03:49.0437 0440 WDICA - ok
15:03:49.0453 0440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:03:49.0578 0440 wdmaud - ok
15:03:49.0640 0440 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:03:49.0750 0440 WmiAcpi - ok
15:03:49.0812 0440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:03:49.0843 0440 WudfPf - ok
15:03:49.0859 0440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:03:49.0890 0440 WudfRd - ok
15:03:49.0906 0440 xcpip - ok
15:03:49.0921 0440 xpsec - ok
15:03:49.0937 0440 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
15:03:50.0109 0440 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:03:50.0109 0440 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:03:50.0109 0440 Boot (0x1200) (c2dcc2ff34b324546bb9ec7647d777c4) \Device\Harddisk0\DR0\Partition0
15:03:50.0109 0440 \Device\Harddisk0\DR0\Partition0 - ok
15:03:50.0125 0440 Boot (0x1200) (ce2e5c9c7c22570cfa1d51a20b464777) \Device\Harddisk0\DR0\Partition1
15:03:50.0125 0440 \Device\Harddisk0\DR0\Partition1 - ok
15:03:50.0156 0440 Boot (0x1200) (2c322683ade9c663714933d7a524a67d) \Device\Harddisk0\DR0\Partition2
15:03:50.0156 0440 \Device\Harddisk0\DR0\Partition2 - ok
15:03:50.0156 0440 ================================================== ==========
15:03:50.0156 0440 Scan finished
15:03:50.0156 0440 ================================================== ==========
15:03:50.0265 2396 Detected object count: 3
15:03:50.0265 2396 Actual detected object count: 3
15:03:56.0609 2396 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:56.0609 2396 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:56.0625 2396 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:56.0625 2396 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:56.0625 2396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:03:56.0625 2396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:04:04.0906 1468 Deinitialize success
Kiereweed 17 December 2011, 16:07 ComboFix 11-12-16.03 - Woebie 17-12-2011 14:48:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1370 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\drivers\4171 3991.sys"
"c:\windows\system32\drivers\41713991.sys"
"c:\windows\system32\drivers\41713992.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\41713991.sys
c:\windows\system32\drivers\41713992.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_41713991
-------\Legacy_41713992
-------\Service_41713991
-------\Service_41713992
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-17 to 2011-12-17 ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-17 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(4000)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\avira antivir\Avira\AntiVir Desktop\avguard.exe
d:\avira antivir\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
.
************************************************** ************************
.
Voltooingstijd: 2011-12-17 14:57:42 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-17 13:57
ComboFix2.txt 2011-12-17 11:03
ComboFix3.txt 2011-06-18 09:16
.
Pre-Run: 64.122.359.808 bytes beschikbaar
Post-Run: 64.113.688.576 bytes beschikbaar
.
- - End Of File - - 89E65A819D669A818115FFF57C96293B
==============
15:03:13.0687 1744 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:03:13.0796 1744 ================================================== ==========
15:03:13.0796 1744 Current date / time: 2011/12/17 15:03:13.0796
15:03:13.0796 1744 SystemInfo:
15:03:13.0796 1744
15:03:13.0796 1744 OS Version: 5.1.2600 ServicePack: 3.0
15:03:13.0796 1744 Product type: Workstation
15:03:13.0796 1744 ComputerName: WOEBIE
15:03:13.0796 1744 UserName: Woebie
15:03:13.0796 1744 Windows directory: C:\WINDOWS
15:03:13.0796 1744 System windows directory: C:\WINDOWS
15:03:13.0796 1744 Processor architecture: Intel x86
15:03:13.0796 1744 Number of processors: 2
15:03:13.0796 1744 Page size: 0x1000
15:03:13.0796 1744 Boot type: Normal boot
15:03:13.0796 1744 ================================================== ==========
15:03:14.0812 1744 Initialize success
15:03:24.0656 0440 ================================================== ==========
15:03:24.0656 0440 Scan started
15:03:24.0656 0440 Mode: Manual; SigCheck; TDLFS;
15:03:24.0656 0440 ================================================== ==========
15:03:25.0203 0440 Abiosdsk - ok
15:03:25.0218 0440 abp480n5 - ok
15:03:25.0250 0440 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
15:03:25.0843 0440 ac97intc - ok
15:03:25.0937 0440 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:03:26.0125 0440 ACPI - ok
15:03:26.0156 0440 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:03:26.0281 0440 ACPIEC - ok
15:03:26.0312 0440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:03:26.0453 0440 adpu160m - ok
15:03:26.0468 0440 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
15:03:26.0500 0440 adpu320 ( UnsignedFile.Multi.Generic ) - warning
15:03:26.0500 0440 adpu320 - detected UnsignedFile.Multi.Generic (1)
15:03:26.0515 0440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:03:26.0656 0440 aec - ok
15:03:26.0671 0440 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:03:26.0718 0440 AFD - ok
15:03:26.0796 0440 Aha154x - ok
15:03:26.0812 0440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:03:26.0953 0440 aic78u2 - ok
15:03:26.0968 0440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:03:27.0109 0440 aic78xx - ok
15:03:27.0125 0440 AliIde - ok
15:03:27.0140 0440 amsint - ok
15:03:27.0156 0440 asc - ok
15:03:27.0171 0440 asc3350p - ok
15:03:27.0187 0440 asc3550 - ok
15:03:27.0234 0440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:03:27.0390 0440 AsyncMac - ok
15:03:27.0406 0440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:03:27.0531 0440 atapi - ok
15:03:27.0546 0440 Atdisk - ok
15:03:27.0578 0440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:03:27.0703 0440 Atmarpc - ok
15:03:27.0796 0440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:03:27.0921 0440 audstub - ok
15:03:28.0015 0440 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira Antivir\Avira\AntiVir Desktop\avgio.sys
15:03:28.0031 0440 avgio - ok
15:03:28.0062 0440 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:03:28.0140 0440 avgntflt - ok
15:03:28.0171 0440 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:03:28.0187 0440 avipbb - ok
15:03:28.0218 0440 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:03:28.0250 0440 b57w2k - ok
15:03:28.0343 0440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:03:28.0484 0440 Beep - ok
15:03:28.0515 0440 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
15:03:28.0562 0440 Blfp - ok
15:03:28.0578 0440 catchme - ok
15:03:28.0593 0440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:03:28.0734 0440 cbidf2k - ok
15:03:28.0750 0440 cd20xrnt - ok
15:03:28.0765 0440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:03:28.0890 0440 Cdaudio - ok
15:03:28.0921 0440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:03:29.0046 0440 Cdfs - ok
15:03:29.0062 0440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:03:29.0187 0440 Cdrom - ok
15:03:29.0187 0440 Changer - ok
15:03:29.0218 0440 CmdIde - ok
15:03:29.0234 0440 Cpqarray - ok
15:03:29.0234 0440 dac2w2k - ok
15:03:29.0250 0440 dac960nt - ok
15:03:29.0281 0440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:29.0390 0440 Disk - ok
15:03:29.0437 0440 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
15:03:29.0593 0440 dmboot - ok
15:03:29.0671 0440 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
15:03:29.0796 0440 dmio - ok
15:03:29.0828 0440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:03:29.0953 0440 dmload - ok
15:03:29.0968 0440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:03:30.0093 0440 DMusic - ok
15:03:30.0109 0440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:03:30.0250 0440 dpti2o - ok
15:03:30.0250 0440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:30.0375 0440 drmkaud - ok
15:03:30.0406 0440 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:03:30.0531 0440 E100B - ok
15:03:30.0593 0440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:30.0718 0440 Fastfat - ok
15:03:30.0734 0440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:03:30.0859 0440 Fdc - ok
15:03:30.0875 0440 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
15:03:31.0000 0440 Fips - ok
15:03:31.0093 0440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:03:31.0218 0440 Flpydisk - ok
15:03:31.0250 0440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:03:31.0375 0440 FltMgr - ok
15:03:31.0406 0440 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
15:03:31.0421 0440 fssfltr - ok
15:03:31.0453 0440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:31.0609 0440 Fs_Rec - ok
15:03:31.0625 0440 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:31.0765 0440 Ftdisk - ok
15:03:31.0781 0440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:31.0796 0440 GEARAspiWDM - ok
15:03:31.0828 0440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:31.0953 0440 Gpc - ok
15:03:31.0984 0440 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
15:03:32.0031 0440 HdAudAddService - ok
15:03:32.0125 0440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:32.0250 0440 HDAudBus - ok
15:03:32.0296 0440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:32.0421 0440 HidUsb - ok
15:03:32.0437 0440 hpn - ok
15:03:32.0468 0440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:32.0500 0440 HTTP - ok
15:03:32.0515 0440 i2omgmt - ok
15:03:32.0515 0440 i2omp - ok
15:03:32.0546 0440 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:32.0703 0440 i8042prt - ok
15:03:32.0734 0440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:03:32.0843 0440 i81x - ok
15:03:32.0890 0440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:03:33.0000 0440 iAimFP0 - ok
15:03:33.0062 0440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:03:33.0171 0440 iAimFP1 - ok
15:03:33.0171 0440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:03:33.0281 0440 iAimFP2 - ok
15:03:33.0296 0440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:03:33.0390 0440 iAimFP3 - ok
15:03:33.0406 0440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:03:33.0515 0440 iAimFP4 - ok
15:03:33.0531 0440 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
15:03:33.0625 0440 iAimFP5 - ok
15:03:33.0640 0440 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
15:03:33.0750 0440 iAimFP6 - ok
15:03:33.0750 0440 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
15:03:33.0859 0440 iAimFP7 - ok
15:03:33.0875 0440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:03:33.0984 0440 iAimTV0 - ok
15:03:34.0000 0440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:03:34.0093 0440 iAimTV1 - ok
15:03:34.0125 0440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:03:34.0234 0440 iAimTV3 - ok
15:03:34.0234 0440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:03:34.0343 0440 iAimTV4 - ok
15:03:34.0359 0440 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
15:03:34.0468 0440 iAimTV5 - ok
15:03:34.0484 0440 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
15:03:34.0593 0440 iAimTV6 - ok
15:03:34.0640 0440 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:03:34.0765 0440 ialm - ok
15:03:34.0859 0440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:34.0984 0440 Imapi - ok
15:03:35.0000 0440 ini910u - ok
15:03:35.0078 0440 IntcAzAudAddService (38e36fd56f8cb7e8b9802531365856a4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:03:35.0250 0440 IntcAzAudAddService - ok
15:03:35.0265 0440 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:03:35.0421 0440 IntelIde - ok
15:03:35.0437 0440 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:03:35.0546 0440 intelppm - ok
15:03:35.0562 0440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:03:35.0703 0440 Ip6Fw - ok
15:03:35.0781 0440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:35.0906 0440 IpFilterDriver - ok
15:03:35.0937 0440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:36.0062 0440 IpInIp - ok
15:03:36.0093 0440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:03:36.0203 0440 IpNat - ok
15:03:36.0218 0440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:03:36.0343 0440 IPSec - ok
15:03:36.0359 0440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:03:36.0484 0440 IRENUM - ok
15:03:36.0500 0440 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:03:36.0625 0440 isapnp - ok
15:03:36.0656 0440 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:03:36.0781 0440 Kbdclass - ok
15:03:36.0859 0440 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:03:37.0000 0440 kbdhid - ok
15:03:37.0031 0440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:03:37.0156 0440 kmixer - ok
15:03:37.0171 0440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:03:37.0234 0440 KSecDD - ok
15:03:37.0265 0440 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:03:37.0281 0440 L8042Kbd - ok
15:03:37.0312 0440 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:03:37.0343 0440 L8042mou - ok
15:03:37.0359 0440 lbrtfdc - ok
15:03:37.0406 0440 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:03:37.0421 0440 LHidFilt - ok
15:03:37.0453 0440 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:03:37.0468 0440 LMouFilt - ok
15:03:37.0484 0440 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:03:37.0500 0440 LMouKE - ok
15:03:37.0531 0440 LUsbFilt (9bc5a8f08cc4770c95f9c55d992de929) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:03:37.0546 0440 LUsbFilt - ok
15:03:37.0562 0440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:03:37.0718 0440 mnmdd - ok
15:03:37.0750 0440 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
15:03:37.0890 0440 Modem - ok
15:03:37.0968 0440 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:03:38.0109 0440 Mouclass - ok
15:03:38.0125 0440 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:03:38.0265 0440 mouhid - ok
15:03:38.0281 0440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:03:38.0421 0440 MountMgr - ok
15:03:38.0437 0440 mraid35x - ok
15:03:38.0437 0440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:03:38.0593 0440 MRxDAV - ok
15:03:38.0625 0440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:03:38.0703 0440 MRxSmb - ok
15:03:38.0750 0440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:03:38.0875 0440 Msfs - ok
15:03:38.0906 0440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:03:39.0031 0440 MSKSSRV - ok
15:03:39.0046 0440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:03:39.0171 0440 MSPCLOCK - ok
15:03:39.0171 0440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:03:39.0296 0440 MSPQM - ok
15:03:39.0390 0440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:03:39.0515 0440 mssmbios - ok
15:03:39.0531 0440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:03:39.0578 0440 Mup - ok
15:03:39.0609 0440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:03:39.0734 0440 NDIS - ok
15:03:39.0765 0440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:03:39.0796 0440 NdisTapi - ok
15:03:39.0812 0440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:03:39.0968 0440 Ndisuio - ok
15:03:39.0984 0440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:03:40.0140 0440 NdisWan - ok
15:03:40.0156 0440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:03:40.0203 0440 NDProxy - ok
15:03:40.0265 0440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:03:40.0390 0440 NetBIOS - ok
15:03:40.0421 0440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:03:40.0546 0440 NetBT - ok
15:03:40.0593 0440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:03:40.0703 0440 Npfs - ok
15:03:40.0734 0440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:03:40.0859 0440 Ntfs - ok
15:03:40.0890 0440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:03:41.0015 0440 Null - ok
15:03:41.0031 0440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:03:41.0156 0440 NwlnkFlt - ok
15:03:41.0171 0440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:03:41.0281 0440 NwlnkFwd - ok
15:03:41.0343 0440 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys
15:03:41.0468 0440 P3 - ok
15:03:41.0484 0440 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
15:03:41.0609 0440 Parport - ok
15:03:41.0656 0440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:03:41.0781 0440 PartMgr - ok
15:03:41.0796 0440 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
15:03:41.0921 0440 ParVdm - ok
15:03:41.0953 0440 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
15:03:42.0078 0440 PCI - ok
15:03:42.0078 0440 PCIDump - ok
15:03:42.0109 0440 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:03:42.0234 0440 PCIIde - ok
15:03:42.0250 0440 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:03:42.0375 0440 Pcmcia - ok
15:03:42.0390 0440 PDCOMP - ok
15:03:42.0390 0440 PDFRAME - ok
15:03:42.0406 0440 PDRELI - ok
15:03:42.0421 0440 PDRFRAME - ok
15:03:42.0421 0440 perc2 - ok
15:03:42.0437 0440 perc2hib - ok
15:03:42.0484 0440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:03:42.0609 0440 PptpMiniport - ok
15:03:42.0625 0440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:03:42.0734 0440 PSched - ok
15:03:42.0765 0440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:03:42.0890 0440 Ptilink - ok
15:03:42.0953 0440 ql1080 - ok
15:03:42.0953 0440 Ql10wnt - ok
15:03:42.0968 0440 ql12160 - ok
15:03:42.0968 0440 ql1240 - ok
15:03:42.0984 0440 ql1280 - ok
15:03:43.0000 0440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:03:43.0125 0440 RasAcd - ok
15:03:43.0125 0440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:03:43.0250 0440 Rasl2tp - ok
15:03:43.0281 0440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:03:43.0390 0440 RasPppoe - ok
15:03:43.0406 0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:03:43.0531 0440 Raspti - ok
15:03:43.0546 0440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:03:43.0671 0440 Rdbss - ok
15:03:43.0703 0440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:03:43.0812 0440 RDPCDD - ok
15:03:43.0828 0440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:03:43.0953 0440 rdpdr - ok
15:03:44.0000 0440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:03:44.0015 0440 RDPWD - ok
15:03:44.0062 0440 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:03:44.0187 0440 redbook - ok
15:03:44.0250 0440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:03:44.0375 0440 Secdrv - ok
15:03:44.0437 0440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:03:44.0562 0440 serenum - ok
15:03:44.0578 0440 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
15:03:44.0718 0440 Serial - ok
15:03:44.0765 0440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:03:44.0875 0440 Sfloppy - ok
15:03:44.0890 0440 Simbad - ok
15:03:44.0937 0440 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
15:03:44.0953 0440 snapman - ok
15:03:44.0968 0440 Sparrow - ok
15:03:44.0984 0440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:03:45.0109 0440 splitter - ok
15:03:45.0109 0440 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
15:03:45.0234 0440 sr - ok
15:03:45.0265 0440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:03:45.0328 0440 Srv - ok
15:03:45.0375 0440 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:03:45.0390 0440 ssmdrv - ok
15:03:45.0421 0440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:03:45.0546 0440 swenum - ok
15:03:45.0546 0440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:03:45.0671 0440 swmidi - ok
15:03:45.0765 0440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:03:45.0890 0440 symc810 - ok
15:03:45.0890 0440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:03:46.0015 0440 symc8xx - ok
15:03:46.0046 0440 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
15:03:46.0062 0440 Symmpi ( UnsignedFile.Multi.Generic ) - warning
15:03:46.0062 0440 Symmpi - detected UnsignedFile.Multi.Generic (1)
15:03:46.0218 0440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:03:46.0437 0440 sym_hi - ok
15:03:46.0453 0440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:03:46.0562 0440 sym_u3 - ok
15:03:46.0578 0440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:03:46.0718 0440 sysaudio - ok
15:03:46.0750 0440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:03:46.0796 0440 Tcpip - ok
15:03:46.0890 0440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:03:47.0015 0440 TDPIPE - ok
15:03:47.0062 0440 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
15:03:47.0093 0440 tdrpman - ok
15:03:47.0125 0440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:03:47.0250 0440 TDTCP - ok
15:03:47.0265 0440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:03:47.0390 0440 TermDD - ok
15:03:47.0406 0440 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:03:47.0437 0440 tifsfilter - ok
15:03:47.0453 0440 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
15:03:47.0484 0440 timounter - ok
15:03:47.0500 0440 TosIde - ok
15:03:47.0531 0440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:03:47.0671 0440 Udfs - ok
15:03:47.0671 0440 ultra - ok
15:03:47.0718 0440 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:03:47.0750 0440 USBAAPL - ok
15:03:47.0843 0440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:03:47.0953 0440 usbccgp - ok
15:03:47.0984 0440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:03:48.0125 0440 usbehci - ok
15:03:48.0140 0440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:03:48.0265 0440 usbhub - ok
15:03:48.0296 0440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:03:48.0421 0440 usbscan - ok
15:03:48.0453 0440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:03:48.0578 0440 USBSTOR - ok
15:03:48.0593 0440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:03:48.0718 0440 usbuhci - ok
15:03:48.0718 0440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:03:48.0843 0440 VgaSave - ok
15:03:48.0859 0440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:03:48.0984 0440 ViaIde - ok
15:03:49.0078 0440 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
15:03:49.0203 0440 VolSnap - ok
15:03:49.0234 0440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:03:49.0359 0440 Wanarp - ok
15:03:49.0390 0440 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:03:49.0421 0440 Wdf01000 - ok
15:03:49.0437 0440 WDICA - ok
15:03:49.0453 0440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:03:49.0578 0440 wdmaud - ok
15:03:49.0640 0440 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:03:49.0750 0440 WmiAcpi - ok
15:03:49.0812 0440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:03:49.0843 0440 WudfPf - ok
15:03:49.0859 0440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:03:49.0890 0440 WudfRd - ok
15:03:49.0906 0440 xcpip - ok
15:03:49.0921 0440 xpsec - ok
15:03:49.0937 0440 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
15:03:50.0109 0440 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:03:50.0109 0440 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:03:50.0109 0440 Boot (0x1200) (c2dcc2ff34b324546bb9ec7647d777c4) \Device\Harddisk0\DR0\Partition0
15:03:50.0109 0440 \Device\Harddisk0\DR0\Partition0 - ok
15:03:50.0125 0440 Boot (0x1200) (ce2e5c9c7c22570cfa1d51a20b464777) \Device\Harddisk0\DR0\Partition1
15:03:50.0125 0440 \Device\Harddisk0\DR0\Partition1 - ok
15:03:50.0156 0440 Boot (0x1200) (2c322683ade9c663714933d7a524a67d) \Device\Harddisk0\DR0\Partition2
15:03:50.0156 0440 \Device\Harddisk0\DR0\Partition2 - ok
15:03:50.0156 0440 ================================================== ==========
15:03:50.0156 0440 Scan finished
15:03:50.0156 0440 ================================================== ==========
15:03:50.0265 2396 Detected object count: 3
15:03:50.0265 2396 Actual detected object count: 3
15:03:56.0609 2396 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:56.0609 2396 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:56.0625 2396 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:56.0625 2396 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:56.0625 2396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:03:56.0625 2396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:04:04.0906 1468 Deinitialize success
Maxstar 18 December 2011, 12:46 Hoi,
Ga naar start --> uitvoeren.
Typ daar notepad en druk op enter
Kopieer onderstaande (code) in dit kladblokbestand.
REGEDIT4
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
Klik op Bestand > Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: Fix.reg
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op "Fix.reg" en sta toe dat de wijzigingen in het register worden toegepast.
Plaats hierna een nieuw logje van ComboFix.
Groet Maxstar
Kiereweed 18 December 2011, 18:42 Ola,
Even voor de zekerheid.
Ik heb het "Fix.reg" bestandje op mijn bureaublad geplaatst en daarna Combofix gestart en deze ging toen updaten.
En vandaaruit is hieronder het resultaat/
Thanks
ComboFix 11-12-17.05 - Woebie 18-12-2011 17:30:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1467 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_10.59.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-18 16:22 . 2011-12-18 16:22 16384 c:\windows\temp\Perflib_Perfdata_28c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-18 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2232)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-18 17:36:29
ComboFix-quarantined-files.txt 2011-12-18 16:36
ComboFix2.txt 2011-12-17 13:57
ComboFix3.txt 2011-12-17 11:03
ComboFix4.txt 2011-06-18 09:16
.
Pre-Run: 64.102.821.888 bytes beschikbaar
Post-Run: 64.093.065.216 bytes beschikbaar
.
- - End Of File - - 5B339A0EFD40F7C9AD28F978C7F2CD20
Maxstar 18 December 2011, 18:51 Hoi,
Even voor de zekerheid.
Ik heb het "Fix.reg" bestandje op mijn bureaublad geplaatst en daarna Combofix gestart en deze ging toen updaten.
Je hebt het Fix.reg bestand ook uitgevoerd voordat je ComboFix liet scannnen?
Het updaten van ComboFix is trouwens normaal hoor.
Groet Maxstar
Kiereweed 18 December 2011, 20:10 Sorry vergeten uit te voeren. Nu heb ik het wel gedaan.
ComboFix 11-12-17.05 - Woebie 18-12-2011 19:01:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1345 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_10.59.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-18 17:59 . 2011-12-18 17:59 16384 c:\windows\temp\Perflib_Perfdata_ac0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-18 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2916)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-18 19:08:15
ComboFix-quarantined-files.txt 2011-12-18 18:08
ComboFix2.txt 2011-12-18 16:36
ComboFix3.txt 2011-12-17 13:57
ComboFix4.txt 2011-12-17 11:03
ComboFix5.txt 2011-12-18 18:00
.
Pre-Run: 64.097.312.768 bytes beschikbaar
Post-Run: 64.086.089.728 bytes beschikbaar
.
- - End Of File - - 818EA271A8476062989F6BBC1F476D56
Maxstar 19 December 2011, 10:55 Hoi,
Ik zie dat de forumsoftware de code text niet goed parsed, verwijder Fix.reg en maak deze opnieuw aan.
Ga naar start --> uitvoeren.
Typ daar notepad en druk op enter
Kopieer onderstaande (code) in dit kladblokbestand.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
Klik op Bestand > Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: Fix.reg
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op "Fix.reg" en sta toe dat de wijzigingen in het register worden toegepast.
Laat nu nogmaals ComboFix scannen.
Groet Maxstar
Kiereweed 19 December 2011, 19:18 Hoi Maxstar,
Ik kan geen fix.reg aanmaken doordat ......
het opgegeven bestand geen registerscript is. U kunt alleen binaire registerbestanden importeren vanuit register editor.
MvGr
Maxstar 19 December 2011, 19:31 Hoi,
Pff de forum software werkt niet echt mee die verwijder witregels en plaatst nog steeds spaties, download het volgende registerbestand dan maar en voer deze uit.
http://www.mijnbestand.nl/Bestand-TUYMT6AN6P3U.reg
Laat hierna nogmaals ComboFix scannen.
Groet Maxstar
Kiereweed 19 December 2011, 20:31 Gelukt,
ComboFix 11-12-19.01 - Woebie 19-12-2011 19:24:27.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1423 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_10.59.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 18:19 . 2011-12-19 18:19 16384 c:\windows\temp\Perflib_Perfdata_728.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-19 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 19:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3560)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-19 19:30:35
ComboFix-quarantined-files.txt 2011-12-19 18:30
ComboFix2.txt 2011-12-18 18:08
ComboFix3.txt 2011-12-18 16:36
ComboFix4.txt 2011-12-17 13:57
ComboFix5.txt 2011-12-19 18:23
.
Pre-Run: 64.048.279.552 bytes beschikbaar
Post-Run: 64.039.161.856 bytes beschikbaar
.
- - End Of File - - 2A7999BABF9CDDD65E1E6F162D531125
Maxstar 20 December 2011, 10:52 Hoi,
Helaas zijn de betreffende regels nog steeds niet verwijderd, download het onderstaande CFscript en sleep dit in ComboFix.
http://www.mijnbestand.nl/Bestand-7NDL6GPSBQXO.txt
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord
Groet Maxstar
Kiereweed 20 December 2011, 19:53 ComboFix 11-12-20.04 - Woebie 20-12-2011 18:45:10.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1322 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))
.
.
2011-12-20 17:38 . 2011-12-20 17:38 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A328446C-AFEB-46B3-8604-0A711BF5D1C2}\offreg.dll
2011-12-16 19:47 . 2011-12-16 19:47 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_10.59.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 17:38 . 2011-12-20 17:38 16384 c:\windows\temp\Perflib_Perfdata_89c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-26 39408]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
"uTorrent"="d:\utorrent\uTorrent.exe" [2011-04-08 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"avgnt"="d:\avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-05-28 160592]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-6-3 66864]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-8-21 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer.exe"=
"d:\\Teamviewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Sopcast\\adv\\SopAdver.exe"=
"d:\\Sopcast\\SopCast.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira antivir\Avira\AntiVir Desktop\sched.exe [26-5-2009 14:00 136360]
R2 WinDefend;Windows Defender;d:\windows updates\Defender\MsMpEng.exe [3-11-2006 18:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
S2 owehslzz;SetPoint PS/2 Mouse Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 9:03 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.s ys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
owehslzz
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-20 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows updates\Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2595375393-2196055139-3065396838-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f9,16 ,0c,22,11,67,45,b6,8a,dc,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1060)
d:\logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-20 18:51:13
ComboFix-quarantined-files.txt 2011-12-20 17:51
ComboFix2.txt 2011-12-19 18:30
ComboFix3.txt 2011-12-18 18:08
ComboFix4.txt 2011-12-18 16:36
ComboFix5.txt 2011-12-20 17:44
.
Pre-Run: 64.034.848.768 bytes beschikbaar
Post-Run: 64.023.003.136 bytes beschikbaar
.
- - End Of File - - 07C45C3330EE9BB98E37BD6F594027FD
Maxstar 20 December 2011, 19:54 Hoi,
Nu is het wel gelukt...
Zijn er verder nog problemen merkbaar?
Groet Maxstar
Kiereweed 20 December 2011, 21:19 Ja volgens mij is het helemaal goed nu......
Enorm bedankt .......
Greetz
Kiereweed 20 December 2011, 22:32 Ik heb toch nog een probleempje,.....
Ondertussen heb ik wat programma gedeinstalleerd en nu wilde ik itunes op, maar kan ik geen netwerkverbinding meer verkrijgen.
Terwijl het wel bedraad is en alles staat op automatisch.
In de router en dergelijke heb ik niets aangepast.
Kiereweed 20 December 2011, 22:52 Ik heb toch nog een probleempje,.....
Ondertussen heb ik wat programma gedeinstalleerd en nu wilde ik itunes op, maar kan ik geen netwerkverbinding meer verkrijgen.
Terwijl het wel bedraad is en alles staat op automatisch.
In de router en dergelijke heb ik niets aangepast.
Oh, Ik ben ook vergeten te zeggen dat ik Nero Trail niet gedeinstalleerd krijgt via software
Maxstar 21 December 2011, 11:13 Hoi,
Heb je iTunes al eens opnieuw geinstalleerd?
Wat betreft Nero kan je de onderstaande cleaning tool gebruiken.
http://www.nero.com/redir.php?id=4556
http://www.nero.com/enu/tools-utilities.html
Groet Maxstar
Kiereweed 21 December 2011, 19:58 Beste Maxstar,
Mijn internet doet het ineens weer..... En Nero is ook verwijderd....
Het enige is dat de netwerkverbinding een beetje langzaam opstart, maar dat kan ook niets betekenen.
Ik ben dus helemaal tevreden en mijn dank is groot.
MvGr
Maxstar 22 December 2011, 10:19 Hoi,
Dan kunnen we gaan opruimen.
De volgende programma's en bijbehorende log bestanden mag je verwijderen.
TDSSKiller
DDS
ComboFix via de onderstaande instructies.
Verwijderen ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
http://i1103.photobucket.com/albums/g476/pcwebplus/cfu.jpg
Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.
1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het
raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want
hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier (http://www.malwareinfo.nl/malware/systeemherstel.html)
Hoe
u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u
hier (http://www.malwareinfo.nl/handigetips/snelherstelpuntmaken.html)
2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u
hier (http://www.malwareinfo.nl/handigetips/updates.html)
lezen.
Door middel van het programma Secunia PSI wordt u automatisch
gewaarschuwd indien er updates voor de geïnstalleerde software
beschikbaar is, meer informatie leest u
hier (http://www.malwareinfo.nl/handleidingen/secunia.html)
3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten
en websites die er vertrouwd uitzien wordt er getracht 'logingegevens'
en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op
hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u
gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u
vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier
hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle
gevolgen van dien.
Meer informatie leest u hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=4142)
4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen,
het is dan ook niet aan te raden om dit account als primair account
voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/handigetips/pcbeveiligen-accounts.html)
5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote
bron op het internet wat betreft het verspreiden van malware, het
aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem
waardoor dit een veel gebruikte methode is voor het verspreiden van
malware.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/artikelen/p2pnetwerken.html)
6.) Preventie informatie & het gebruik van beveiligings software.
Hier (http://www.malwareinfo.nl/malware/malwarepreventie.html) en hier (http://users.telenet.be/marcvn/spyware/1564073.htm) staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw
gemak door.
Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software"
(rogueware) leest u hier (http://www.malwareinfo.nl/diversen/beveiligingssoftware.html)
Groet Maxstar
|
|