Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Avast ontdekt Rootkit, 3x reboot&scan, verwijderen lukt

Holly M.
10 antwoorden
  • Hallo,

    Ik heb een Presario V6000 met XP, IE8 en FF, Avast antivirus en Armor firewall.

    Het ging even goed dacht ik met mijn XP Windows. Elke dag update&scan ik na internet verbinding en ook regelmatig als ik wat meer op internet heb gezeten met Eset.

    Vandaag heeft Avast ineens een Rootkit ontdekt!!! Bij verwijderen werd gevraagd opnieuw op te starten. Dit heb ik inmiddels 3x gedaan, maar als erop klik zegt ie het opnieuw.

    Hoe weet ik dat ie eraf is? Hoe check ik dat? Wat moet ik doen?! :S Help!

    BVD groetjes Holly

    [img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede717c972c3/4ede717c96eba-rootkit_door_avast.JPG[/img:f0b3bda120]

    (bij de opstartscan die Avast deed werden updatefiles ontdekt van SP3, 2 verschillende KB's…)

    [img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede72439edaa/4ede72439e9c6-avast_scan_2_corrupte_files.JPG[/img:f0b3bda120]

    bvd!
  • sorry, vergeten van de schrik: MBAM vind niets en het HJT-log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:36:18, on 6-12-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Online Armor\OAcat.exe
    C:\Program Files\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre8\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Online Armor\OAui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318272596312
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe


    End of file - 7486 bytes
  • Vandaag op de laptop van het zoontje van mijn vriendin gebeurde hetzelfde.
    Hij zat geloof ik op de site spele of spelen.nl en ineens dus die zelfde melding.
    En mijn vriendin zelf heeft die melding een keer gehad bij marktplaats.nl

    De genoemde sites lijken mij vertrouwde sites. Dus misschien een false positive?
  • Die sfloppy.sys zit bij mijn XP in c:\Windows\system32\drivers en c:\Windows\system32\dllcache, beiden 12 KB. Ik heb beiden even op Virustotal gecontroleerd, ze zijn OK.
    Ik heb ook Avast en FF en geen problemen.

    Je zal even op de expert moeten wachten. Check even op Java.com of je Java up-to-date is.
  • Het log vertoont niks bijzonders!

    Het is overigens een false-positive melding in Avast.

    Zorg ervoor dat je Avast update naar de nieuwste definities en daarna reboot je jouw machine.

    Nogmaals scannen moet dan succesvol verlopen.
  • Hallo,

    ben ik nog een keer, zojuist was ik hier ook, maar hing de pc vast en moest internet resetten (router).

    Hopelijk is t loos alarm, maar ik schrik ervan dat Avast het meld, dat zal niet voor niets zijn denk ik dan. Hopelijk een False Positive, Java is up2date overigens.

    Ga de scans doen, maar hier hevig onweer en bliksem nu. Dus niet aan de netstroom nu. Post het asap.

    Bvd Groetjes Holly
  • Hallo Abraham54 e.a.,

    had onderstaande gepost, dacht vanmorgen te zien dat ik TDSSscan en Combofix diende te doen…nu ik dit post zie ik het niet meer staan…
    Akkoord, het is een false positive in Avast…
    Wel vond Combofix een verborgen bestand. Laat de posts staan vd zekerheid. Hartelijk dank vd support en reacties.

    De logs van TDSS en Combofix:

    TDSS:
    10:09:50.0984 3012 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    10:09:51.0093 3012 ============================================================
    10:09:51.0093 3012 Current date / time: 2011/12/07 10:09:51.0093
    10:09:51.0093 3012 SystemInfo:
    10:09:51.0093 3012
    10:09:51.0093 3012 OS Version: 5.1.2600 ServicePack: 3.0
    10:09:51.0093 3012 Product type: Workstation
    10:09:51.0093 3012 ComputerName: PC284571089395
    10:09:51.0093 3012 UserName: p
    10:09:51.0093 3012 Windows directory: C:\WINDOWS
    10:09:51.0093 3012 System windows directory: C:\WINDOWS
    10:09:51.0093 3012 Processor architecture: Intel x86
    10:09:51.0093 3012 Number of processors: 2
    10:09:51.0093 3012 Page size: 0x1000
    10:09:51.0093 3012 Boot type: Normal boot
    10:09:51.0093 3012 ============================================================
    10:09:52.0234 3012 Initialize success
    10:09:58.0984 3464 ============================================================
    10:09:58.0984 3464 Scan started
    10:09:58.0984 3464 Mode: Manual; SigCheck; TDLFS;
    10:09:58.0984 3464 ============================================================
    10:09:59.0484 3464 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
    10:09:59.0812 3464 Aavmker4 - ok
    10:09:59.0828 3464 Abiosdsk - ok
    10:09:59.0859 3464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    10:10:00.0000 3464 abp480n5 - ok
    10:10:00.0062 3464 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:10:00.0250 3464 ACPI - ok
    10:10:00.0265 3464 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    10:10:00.0437 3464 ACPIEC - ok
    10:10:00.0515 3464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    10:10:00.0703 3464 adpu160m - ok
    10:10:00.0812 3464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    10:10:01.0015 3464 aec - ok
    10:10:01.0078 3464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    10:10:01.0140 3464 AFD - ok
    10:10:01.0250 3464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    10:10:01.0468 3464 agp440 - ok
    10:10:01.0531 3464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    10:10:01.0765 3464 agpCPQ - ok
    10:10:01.0890 3464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    10:10:02.0015 3464 Aha154x - ok
    10:10:02.0046 3464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    10:10:02.0265 3464 aic78u2 - ok
    10:10:02.0296 3464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    10:10:02.0484 3464 aic78xx - ok
    10:10:02.0531 3464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    10:10:02.0750 3464 AliIde - ok
    10:10:02.0812 3464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    10:10:03.0031 3464 alim1541 - ok
    10:10:03.0125 3464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    10:10:03.0359 3464 amdagp - ok
    10:10:03.0390 3464 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    10:10:03.0468 3464 AmdK8 - ok
    10:10:03.0500 3464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    10:10:03.0640 3464 amsint - ok
    10:10:03.0734 3464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    10:10:03.0953 3464 Arp1394 - ok
    10:10:04.0046 3464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    10:10:04.0265 3464 asc - ok
    10:10:04.0296 3464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    10:10:04.0421 3464 asc3350p - ok
    10:10:04.0453 3464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    10:10:04.0671 3464 asc3550 - ok
    10:10:04.0812 3464 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    10:10:04.0843 3464 aswFsBlk - ok
    10:10:04.0921 3464 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
    10:10:04.0953 3464 aswMon2 - ok
    10:10:04.0968 3464 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
    10:10:05.0015 3464 aswRdr - ok
    10:10:05.0046 3464 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
    10:10:05.0093 3464 aswSnx - ok
    10:10:05.0156 3464 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
    10:10:05.0203 3464 aswSP - ok
    10:10:05.0218 3464 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
    10:10:05.0250 3464 aswTdi - ok
    10:10:05.0343 3464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:10:05.0562 3464 AsyncMac - ok
    10:10:05.0625 3464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:10:05.0828 3464 atapi - ok
    10:10:05.0843 3464 Atdisk - ok
    10:10:05.0875 3464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:10:06.0109 3464 Atmarpc - ok
    10:10:06.0140 3464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:10:06.0328 3464 audstub - ok
    10:10:06.0406 3464 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    10:10:06.0515 3464 BCM43XX - ok
    10:10:06.0578 3464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    10:10:06.0812 3464 Beep - ok
    10:10:06.0906 3464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
    10:10:06.0937 3464 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
    10:10:06.0937 3464 BTWUSB - detected UnsignedFile.Multi.Generic (1)
    10:10:07.0031 3464 catchme - ok
    10:10:07.0078 3464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    10:10:07.0296 3464 cbidf - ok
    10:10:07.0312 3464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:10:07.0515 3464 cbidf2k - ok
    10:10:07.0531 3464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    10:10:07.0656 3464 cd20xrnt - ok
    10:10:07.0703 3464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:10:07.0906 3464 Cdaudio - ok
    10:10:08.0015 3464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    10:10:08.0250 3464 Cdfs - ok
    10:10:08.0265 3464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:10:08.0500 3464 Cdrom - ok
    10:10:08.0531 3464 Changer - ok
    10:10:08.0593 3464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    10:10:08.0812 3464 CmBatt - ok
    10:10:08.0843 3464 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    10:10:09.0062 3464 CmdIde - ok
    10:10:09.0218 3464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    10:10:09.0437 3464 Compbatt - ok
    10:10:09.0468 3464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    10:10:09.0687 3464 Cpqarray - ok
    10:10:09.0750 3464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    10:10:09.0984 3464 dac2w2k - ok
    10:10:10.0000 3464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    10:10:10.0218 3464 dac960nt - ok
    10:10:10.0234 3464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    10:10:10.0437 3464 Disk - ok
    10:10:10.0500 3464 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    10:10:10.0781 3464 dmboot - ok
    10:10:10.0937 3464 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    10:10:11.0171 3464 dmio - ok
    10:10:11.0203 3464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    10:10:11.0437 3464 dmload - ok
    10:10:11.0468 3464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    10:10:11.0671 3464 DMusic - ok
    10:10:11.0718 3464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    10:10:11.0921 3464 dpti2o - ok
    10:10:11.0921 3464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    10:10:12.0125 3464 drmkaud - ok
    10:10:12.0140 3464 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    10:10:12.0218 3464 eabfiltr - ok
    10:10:12.0328 3464 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    10:10:12.0390 3464 eabusb - ok
    10:10:12.0468 3464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    10:10:12.0671 3464 Fastfat - ok
    10:10:12.0718 3464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    10:10:12.0937 3464 Fdc - ok
    10:10:12.0968 3464 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    10:10:13.0187 3464 Fips - ok
    10:10:13.0203 3464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    10:10:13.0406 3464 Flpydisk - ok
    10:10:13.0468 3464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    10:10:13.0687 3464 FltMgr - ok
    10:10:13.0812 3464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:10:14.0031 3464 Fs_Rec - ok
    10:10:14.0093 3464 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:10:14.0296 3464 Ftdisk - ok
    10:10:14.0359 3464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:10:14.0578 3464 Gpc - ok
    10:10:14.0609 3464 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    10:10:14.0656 3464 HBtnKey - ok
    10:10:14.0734 3464 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
    10:10:14.0937 3464 HdAudAddService - ok
    10:10:15.0125 3464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    10:10:15.0437 3464 HDAudBus - ok
    10:10:15.0500 3464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    10:10:15.0718 3464 hpn - ok
    10:10:15.0750 3464 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    10:10:15.0828 3464 HSFHWAZL - ok
    10:10:15.0921 3464 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    10:10:16.0046 3464 HSF_DPV - ok
    10:10:16.0234 3464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    10:10:16.0343 3464 HTTP - ok
    10:10:16.0421 3464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    10:10:16.0718 3464 i2omgmt - ok
    10:10:16.0750 3464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    10:10:16.0968 3464 i2omp - ok
    10:10:17.0031 3464 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    10:10:17.0250 3464 i8042prt - ok
    10:10:17.0437 3464 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    10:10:17.0515 3464 iaStor ( UnsignedFile.Multi.Generic ) - warning
    10:10:17.0515 3464 iaStor - detected UnsignedFile.Multi.Generic (1)
    10:10:17.0578 3464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:10:17.0812 3464 Imapi - ok
    10:10:17.0890 3464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    10:10:18.0093 3464 ini910u - ok
    10:10:18.0203 3464 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    10:10:18.0421 3464 IntelIde - ok
    10:10:18.0453 3464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    10:10:18.0656 3464 Ip6Fw - ok
    10:10:18.0687 3464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:10:18.0921 3464 IpFilterDriver - ok
    10:10:18.0953 3464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:10:19.0140 3464 IpInIp - ok
    10:10:19.0187 3464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:10:19.0406 3464 IpNat - ok
    10:10:19.0468 3464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:10:19.0671 3464 IPSec - ok
    10:10:19.0718 3464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:10:19.0812 3464 IRENUM - ok
    10:10:19.0906 3464 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:10:20.0140 3464 isapnp - ok
    10:10:20.0187 3464 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:10:20.0390 3464 Kbdclass - ok
    10:10:20.0453 3464 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:10:20.0656 3464 kbdhid - ok
    10:10:20.0734 3464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    10:10:20.0953 3464 kmixer - ok
    10:10:21.0000 3464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    10:10:21.0093 3464 KSecDD - ok
    10:10:21.0187 3464 lbrtfdc - ok
    10:10:21.0265 3464 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    10:10:21.0312 3464 mdmxsdk - ok
    10:10:21.0359 3464 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    10:10:21.0375 3464 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
    10:10:21.0375 3464 MHNDRV - detected UnsignedFile.Multi.Generic (1)
    10:10:21.0437 3464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    10:10:21.0640 3464 mnmdd - ok
    10:10:21.0703 3464 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    10:10:21.0921 3464 Modem - ok
    10:10:21.0953 3464 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:10:22.0156 3464 Mouclass - ok
    10:10:22.0187 3464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    10:10:22.0406 3464 MountMgr - ok
    10:10:22.0531 3464 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
    10:10:22.0546 3464 MQAC ( UnsignedFile.Multi.Generic ) - warning
    10:10:22.0546 3464 MQAC - detected UnsignedFile.Multi.Generic (1)
    10:10:22.0593 3464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    10:10:22.0796 3464 mraid35x - ok
    10:10:22.0859 3464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:10:23.0078 3464 MRxDAV - ok
    10:10:23.0171 3464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:10:23.0281 3464 MRxSmb - ok
    10:10:23.0421 3464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    10:10:23.0609 3464 Msfs - ok
    10:10:23.0671 3464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:10:23.0875 3464 MSKSSRV - ok
    10:10:23.0937 3464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:10:24.0140 3464 MSPCLOCK - ok
    10:10:24.0156 3464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    10:10:24.0359 3464 MSPQM - ok
    10:10:24.0421 3464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:10:24.0640 3464 mssmbios - ok
    10:10:24.0687 3464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    10:10:24.0765 3464 Mup - ok
    10:10:24.0890 3464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    10:10:25.0093 3464 NDIS - ok
    10:10:25.0187 3464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    10:10:25.0234 3464 NdisTapi - ok
    10:10:25.0250 3464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    10:10:25.0453 3464 Ndisuio - ok
    10:10:25.0468 3464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    10:10:25.0687 3464 NdisWan - ok
    10:10:25.0750 3464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    10:10:25.0812 3464 NDProxy - ok
    10:10:25.0921 3464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    10:10:26.0140 3464 NetBIOS - ok
    10:10:26.0250 3464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    10:10:26.0468 3464 NetBT - ok
    10:10:26.0515 3464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    10:10:26.0734 3464 NIC1394 - ok
    10:10:26.0750 3464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    10:10:26.0953 3464 Npfs - ok
    10:10:27.0000 3464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    10:10:27.0218 3464 Ntfs - ok
    10:10:27.0328 3464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    10:10:27.0562 3464 Null - ok
    10:10:27.0828 3464 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    10:10:28.0031 3464 nv - ok
    10:10:28.0234 3464 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS
    vata.sys
    10:10:28.0328 3464 nvata - ok
    10:10:28.0390 3464 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    10:10:28.0437 3464 NVENETFD - ok
    10:10:28.0468 3464 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS
    vnetbus.sys
    10:10:28.0515 3464 nvnetbus - ok
    10:10:28.0546 3464 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS
    vsmu.sys
    10:10:28.0656 3464 nvsmu - ok
    10:10:28.0796 3464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    10:10:29.0062 3464 NwlnkFlt - ok
    10:10:29.0078 3464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    10:10:29.0312 3464 NwlnkFwd - ok
    10:10:29.0390 3464 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys
    10:10:29.0421 3464 OADevice - ok
    10:10:29.0453 3464 oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys
    10:10:29.0484 3464 oahlpXX - ok
    10:10:29.0500 3464 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys
    10:10:29.0531 3464 OAmon - ok
    10:10:29.0578 3464 OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys
    10:10:29.0625 3464 OAnet - ok
    10:10:29.0656 3464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    10:10:29.0875 3464 ohci1394 - ok
    10:10:30.0046 3464 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    10:10:30.0281 3464 Parport - ok
    10:10:30.0296 3464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    10:10:30.0500 3464 PartMgr - ok
    10:10:30.0562 3464 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    10:10:30.0781 3464 ParVdm - ok
    10:10:30.0796 3464 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    10:10:31.0015 3464 PCI - ok
    10:10:31.0031 3464 PCIDump - ok
    10:10:31.0046 3464 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:10:31.0265 3464 PCIIde - ok
    10:10:31.0343 3464 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    10:10:31.0562 3464 Pcmcia - ok
    10:10:31.0671 3464 PDCOMP - ok
    10:10:31.0687 3464 PDFRAME - ok
    10:10:31.0703 3464 PDRELI - ok
    10:10:31.0718 3464 PDRFRAME - ok
    10:10:31.0750 3464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    10:10:31.0953 3464 perc2 - ok
    10:10:31.0968 3464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    10:10:32.0187 3464 perc2hib - ok
    10:10:32.0218 3464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:10:32.0437 3464 PptpMiniport - ok
    10:10:32.0468 3464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:10:32.0671 3464 Ptilink - ok
    10:10:32.0703 3464 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\drivers\PxHelp20.sys
    10:10:32.0734 3464 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
    10:10:32.0734 3464 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
    10:10:32.0781 3464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    10:10:33.0000 3464 ql1080 - ok
    10:10:33.0031 3464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    10:10:33.0234 3464 Ql10wnt - ok
    10:10:33.0359 3464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    10:10:33.0562 3464 ql12160 - ok
    10:10:33.0578 3464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    10:10:33.0781 3464 ql1240 - ok
    10:10:33.0843 3464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    10:10:34.0062 3464 ql1280 - ok
    10:10:34.0109 3464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:10:34.0312 3464 RasAcd - ok
    10:10:34.0375 3464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:10:34.0593 3464 Rasl2tp - ok
    10:10:34.0703 3464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:10:34.0906 3464 RasPppoe - ok
    10:10:34.0953 3464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:10:35.0187 3464 Raspti - ok
    10:10:35.0234 3464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:10:35.0437 3464 Rdbss - ok
    10:10:35.0500 3464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:10:35.0703 3464 RDPCDD - ok
    10:10:35.0734 3464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:10:35.0968 3464 rdpdr - ok
    10:10:36.0093 3464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    10:10:36.0171 3464 RDPWD - ok
    10:10:36.0187 3464 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:10:36.0375 3464 redbook - ok
    10:10:36.0437 3464 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    10:10:36.0515 3464 rimmptsk - ok
    10:10:36.0562 3464 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    10:10:36.0625 3464 rimsptsk - ok
    10:10:36.0656 3464 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    10:10:36.0703 3464 rismxdp - ok
    10:10:36.0859 3464 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
    10:10:36.0921 3464 RMCAST - ok
    10:10:36.0984 3464 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    10:10:37.0187 3464 rtl8139 - ok
    10:10:37.0250 3464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    10:10:37.0468 3464 sdbus - ok
    10:10:37.0546 3464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:10:37.0671 3464 Secdrv - ok
    10:10:37.0781 3464 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
    10:10:37.0984 3464 Serial - ok
    10:10:38.0046 3464 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    10:10:38.0234 3464 sffdisk - ok
    10:10:38.0265 3464 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    10:10:38.0453 3464 sffp_sd - ok
    10:10:38.0484 3464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:10:38.0703 3464 Sfloppy - ok
    10:10:38.0765 3464 Simbad - ok
    10:10:38.0828 3464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    10:10:39.0031 3464 sisagp - ok
    10:10:39.0156 3464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    10:10:39.0296 3464 Sparrow - ok
    10:10:39.0343 3464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    10:10:39.0531 3464 splitter - ok
    10:10:39.0562 3464 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    10:10:39.0671 3464 sr - ok
    10:10:39.0796 3464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    10:10:39.0875 3464 Srv - ok
    10:10:40.0015 3464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:10:40.0203 3464 swenum - ok
    10:10:40.0250 3464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    10:10:40.0453 3464 swmidi - ok
    10:10:40.0515 3464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    10:10:40.0687 3464 symc810 - ok
    10:10:40.0765 3464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    10:10:40.0968 3464 symc8xx - ok
    10:10:41.0031 3464 SYMIDSCO - ok
    10:10:41.0140 3464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    10:10:41.0343 3464 sym_hi - ok
    10:10:41.0359 3464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    10:10:41.0562 3464 sym_u3 - ok
    10:10:41.0593 3464 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    10:10:41.0656 3464 SynTP - ok
    10:10:41.0750 3464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    10:10:41.0921 3464 sysaudio - ok
    10:10:42.0000 3464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:10:42.0093 3464 Tcpip - ok
    10:10:42.0234 3464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:10:42.0437 3464 TDPIPE - ok
    10:10:42.0515 3464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    10:10:42.0718 3464 TDTCP - ok
    10:10:42.0781 3464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:10:43.0000 3464 TermDD - ok
    10:10:43.0046 3464 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
    10:10:43.0234 3464 TosIde - ok
    10:10:43.0296 3464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    10:10:43.0500 3464 Udfs - ok
    10:10:43.0609 3464 UIUSys - ok
    10:10:43.0625 3464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    10:10:43.0734 3464 ultra - ok
    10:10:43.0843 3464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    10:10:44.0078 3464 Update - ok
    10:10:44.0125 3464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:10:44.0328 3464 usbehci - ok
    10:10:44.0359 3464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:10:44.0578 3464 usbhub - ok
    10:10:44.0687 3464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    10:10:44.0890 3464 usbohci - ok
    10:10:44.0953 3464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:10:45.0171 3464 USBSTOR - ok
    10:10:45.0203 3464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:10:45.0421 3464 usbuhci - ok
    10:10:45.0468 3464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    10:10:45.0687 3464 VgaSave - ok
    10:10:45.0718 3464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    10:10:45.0921 3464 viaagp - ok
    10:10:46.0031 3464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    10:10:46.0234 3464 ViaIde - ok
    10:10:46.0296 3464 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    10:10:46.0500 3464 VolSnap - ok
    10:10:46.0546 3464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:10:46.0750 3464 Wanarp - ok
    10:10:46.0765 3464 WDICA - ok
    10:10:46.0812 3464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    10:10:47.0015 3464 wdmaud - ok
    10:10:47.0109 3464 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    10:10:47.0203 3464 winachsf - ok
    10:10:47.0312 3464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    10:10:47.0500 3464 WmiAcpi - ok
    10:10:47.0625 3464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:10:47.0703 3464 WudfPf - ok
    10:10:47.0734 3464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:10:47.0796 3464 WudfRd - ok
    10:10:47.0843 3464 MBR (0x1B8) (89685f688d61d591fe668a640b2d74a0) \Device\Harddisk0\DR0
    10:10:47.0937 3464 \Device\Harddisk0\DR0 - ok
    10:10:47.0937 3464 Boot (0x1200) (004620da451119e64258b4b740802a5b) \Device\Harddisk0\DR0\Partition0
    10:10:47.0937 3464 \Device\Harddisk0\DR0\Partition0 - ok
    10:10:47.0953 3464 Boot (0x1200) (1524e9a3cacc00add9c208936ce8d29c) \Device\Harddisk0\DR0\Partition1
    10:10:47.0953 3464 \Device\Harddisk0\DR0\Partition1 - ok
    10:10:47.0953 3464 ============================================================
    10:10:47.0953 3464 Scan finished
    10:10:47.0953 3464 ============================================================
    10:10:48.0062 2632 Detected object count: 5
    10:10:48.0062 2632 Actual detected object count: 5
    10:11:10.0859 2632 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine
    10:11:10.0984 2632 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    10:11:11.0125 2632 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine
    10:11:11.0281 2632 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    10:11:11.0328 2632 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
    10:11:11.0375 2632 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    10:11:11.0578 2632 C:\WINDOWS\system32\drivers\mqac.sys - copied to quarantine
    10:11:11.0703 2632 MQAC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    10:11:11.0781 2632 C:\WINDOWS\system32\drivers\PxHelp20.sys - copied to quarantine
    10:11:11.0828 2632 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine



    Combofix:
    ComboFix 11-12-06.01 - p 07-12-2011 12:29:36.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1983.1469 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\p\Bureaublad\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-07 to 2011-12-07 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-22 21:32 . 2011-12-03 13:22 19416 —-a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-11-22 21:31 . 2011-12-03 13:22 121816 —-a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-11-22 21:31 . 2011-12-03 13:22 486360 —-a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2011-11-22 21:31 . 2011-12-03 13:22 43992 —-a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2011-11-22 21:31 . 2011-12-03 13:22 633816 —-a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2011-11-22 21:31 . 2011-12-03 13:22 555992 —-a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2011-11-21 22:36 . 2011-11-21 22:36 ——– d—–w- c:\program files\Common Files\Java
    2011-11-21 22:14 . 2011-11-21 22:14 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-11-21 20:50 . 2011-11-21 20:50 ——– d—–w- c:\documents and settings\p\Local Settings\Application Data\Sun
    2011-11-21 10:22 . 2011-11-21 10:22 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2011-11-18 10:59 . 2011-11-18 13:33 ——– d—–w- c:\documents and settings\p\Application Data\Download Manager
    2011-11-17 20:10 . 2011-11-17 20:49 ——– d—–w- c:\documents and settings\All Users\Application Data\OnlineArmor
    2011-11-17 20:10 . 2011-11-17 20:10 ——– d—–w- c:\documents and settings\p\Application Data\OnlineArmor
    2011-11-17 20:07 . 2011-11-01 10:34 40296 —-a-w- c:\windows\system32\drivers\oahlp32.sys
    2011-11-17 20:07 . 2011-11-01 10:34 29464 —-a-w- c:\windows\system32\drivers\OAnet.sys
    2011-11-17 20:07 . 2011-11-01 10:34 25192 —-a-w- c:\windows\system32\drivers\OAmon.sys
    2011-11-17 20:06 . 2011-11-01 10:34 205864 —-a-w- c:\windows\system32\drivers\OADriver.sys
    2011-11-17 20:06 . 2011-11-29 20:34 ——– d—–w- c:\program files\Online Armor
    2011-11-13 15:08 . 2011-11-13 15:08 388096 —-a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-13 15:08 . 2011-11-13 15:08 ——– d—–w- c:\program files\Trend Micro
    2011-11-09 11:10 . 2011-11-09 11:11 ——– d—–w- c:\documents and settings\p\Application Data\HpUpdate
    2011-11-09 11:10 . 2011-11-09 11:10 ——– d—–w- c:\windows\Hewlett-Packard
    2011-11-08 12:50 . 2011-11-08 12:50 ——– d—–w- c:\documents and settings\p\Local Settings\Application Data\Identities
    2011-11-07 20:50 . 2011-11-07 20:50 ——– d—–w- c:\windows\system32\URTTEMP
    2011-11-07 19:33 . 2011-11-07 19:33 ——– d—–w- c:\program files\Microsoft.NET
    2011-11-07 18:51 . 2011-11-07 18:52 ——– d—–w- C:\eb2cb681b9c02191941fc7ed
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 18:01 . 2011-10-10 16:19 41184 —-a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-10-10 16:19 199816 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-10 16:20 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-10-10 16:20 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-10-10 16:20 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-10-10 16:20 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-10-10 16:20 111320 —-a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2011-10-10 16:20 105176 —-a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2011-10-10 16:20 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2011-10-10 16:20 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-24 15:14 . 2011-10-10 13:40 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 22:35 . 2011-10-10 16:16 141312 —-a-w- c:\windows\system32\javacpl.cpl
    2011-10-24 13:29 . 2011-10-24 13:29 94208 —-a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 13:29 . 2011-10-24 13:29 69632 —-a-w- c:\windows\system32\QuickTime.qts
    2011-10-12 01:10 . 2011-10-12 01:10 89680 —-a-w- c:\documents and settings\p\MSSSerif120.fon
    2011-10-10 14:22 . 2006-04-11 04:00 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 03:06 . 2011-10-10 16:16 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-09-28 07:06 . 2006-04-11 04:00 602624 —-a-w- c:\windows\system32\crypt32.dll
    2011-09-26 10:41 . 2008-07-29 18:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2006-04-11 04:00 23040 —-a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41 . 2006-04-11 04:00 220160 —-a-w- c:\windows\system32\oleacc.dll
    2011-12-03 13:22 . 2011-11-22 21:31 121816 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-10-2011 17:20 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-10-2011 17:20 314456]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17-11-2011 21:06 205864]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17-11-2011 21:07 25192]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17-11-2011 21:07 29464]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-10-2011 17:20 20568]
    R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [17-11-2011 21:06 207936]
    S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [17-11-2011 21:07 40296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
    S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [17-11-2011 21:06 4363040]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11-4-2006 5:00 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
    .
    2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\xrtbp34y.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1318508005&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-07 12:38
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(2404)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2011-12-07 12:41:52
    ComboFix-quarantined-files.txt 2011-12-07 11:41
    ComboFix2.txt 2011-11-22 19:41
    .
    Pre-Run: 70.450.454.528 bytes beschikbaar
    Post-Run: 70.433.062.912 bytes beschikbaar
    .
    - - End Of File - - 7FFE3D259FA5C7170BA73C019A9236BA


    Bvd groetjes Holly
  • Alles in orde hoor.
  • Okay, gelukkig! Ben denk ik een beetje bang geworden sinds die backdoor. Heb het niet meer op rootkits, begrijp die dingen niet, dus jaagt me schrik aan.

    Ben gerust nu. Sorry voor het evt. ongemak. Dank! Groetjes Holly.
  • Mooi zo, dan gaan we opruimen!

    [b:a6ccfa39e8]Stap •1•[/b:a6ccfa39e8][/color:a6ccfa39e8]
    [b:a6ccfa39e8]TDSSKiller[/b:a6ccfa39e8] en dito [b:a6ccfa39e8]C:\TDSSKiller[/b:a6ccfa39e8] mag je handmatig verwijderen.

    [b:a6ccfa39e8]Stap •2•[/b:a6ccfa39e8][/color:a6ccfa39e8]
    ComboFix mag nu verwijderd worden:
    [list:a6ccfa39e8][*:a6ccfa39e8] ga daarvoor naar Start - Uitvoeren
    [*:a6ccfa39e8] kopieer en plak hierin het volgende: [b:a6ccfa39e8]Combofix /Uninstall[/b:a6ccfa39e8]
    [*:a6ccfa39e8] klik daarna op [b:a6ccfa39e8]OK[/b:a6ccfa39e8].
    [*:a6ccfa39e8] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:a6ccfa39e8]

    Voorbeeld:

    [img:a6ccfa39e8]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:a6ccfa39e8]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:a6ccfa39e8]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:a6ccfa39e8]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.