Vraag & Antwoord
Firefox opend spontaan nieuwe pagina's
14 antwoorden
- Maak even als administrator een nieuw HijackThis logje aub,.
- Zojuist werd een nieuwe pagina geopend:
http://cyprus.org/search.php
Ik heb HJT opgestart als administrator (hoewel mijn account al administrator rechten heeft).
Hier is het nieuwe logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:53, on 1-6-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe
–
End of file - 6905 bytes - Misschien is er iets mis met je toetsenbord (CTRL+T) dat daarom Firefox al die nieuwe pagina's opent? :? Hoe lang heb je em al?(PC + Toetsenbord)
- Het is een laptop en het zijn steeds reclame achtige pagina's met wisselende inhoud die ongevraagd worden geopend (m.a.w. echt malware gedrag) en geen lege pagina's die je met ctrl+t krijgt.
- Ik zie niks bijzonders in het logje.
- Inderdaad, het was een tijdje rustig maar zojuist verscheen er weer een ongevraagde pagina:
http://www.blinkx.com/category/viral?adid=02-107-226-300-404-x-541&p=1
:o Erg vreemd ! - Zie niks bijzonders wat dat kan veroorzaken
Download [b:dab1e4cdb3] naar je Bureaublad en gebruik het volgens deze handleiding.
[i:dab1e4cdb3] - Er was een rootkit aangetroffen, na ca. 3 keer opnieuw rebooten kwam deze log:
ComboFix 10-06-01.01 - Gebruiker 02-06-2010 6:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.2316 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\90210.exe
c:\windows\system32\Thumbs.db
Besmet exemplaar van c:\windows\system32\DRIVERS\intelide.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\intelide.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-05-02 to 2010-06-02 ))))))))))))))))))))))))))))))
.
2010-06-02 04:43 . 2010-06-02 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
2010-06-02 04:43 . 2010-06-02 04:43 ——– d—–w- c:\users\Esmee\AppData\Local\temp
2010-06-02 04:43 . 2010-06-02 04:43 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-05-31 11:59 . 2010-05-31 11:59 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Foxit Software
2010-05-31 11:21 . 2010-05-31 11:21 ——– d–h–w- c:\users\Gebruiker\InstallAnywhere
2010-05-31 11:00 . 2010-05-31 11:19 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\FileZilla
2010-05-31 11:00 . 2010-05-31 11:00 ——– d—–w- c:\program files\FileZilla FTP Client
2010-05-31 07:08 . 2010-05-31 07:08 ——– d—–w- c:\program files\BlueFish2.0
2010-05-29 12:11 . 2010-05-29 12:11 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Download Manager
2010-05-29 11:24 . 2010-05-29 11:24 ——– d—–w- c:\program files\3Com
2010-05-29 11:23 . 1997-11-19 13:49 303616 —-a-w- c:\windows\IsUninst.exe
2010-05-27 17:29 . 2010-05-27 17:29 ——– d—–w- c:\users\Gebruiker\AppData\Local\Apps
2010-05-26 19:52 . 2010-05-26 20:01 ——– d—–w- c:\temp\passwfox
2010-05-25 20:30 . 2010-05-25 20:30 89831 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-05-25 20:29 . 2010-06-02 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Dropbox
2010-05-24 17:34 . 2010-05-24 17:34 388096 —-a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-24 17:32 . 2010-05-24 17:32 ——– d—–w- c:\program files\Trend Micro
2010-05-24 15:02 . 2010-05-24 15:02 ——– d—–w- c:\program files\Notepad++
2010-05-24 15:02 . 2010-05-24 15:02 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Notepad++
2010-05-22 08:00 . 2010-05-30 17:23 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-05-22 08:00 . 2010-05-22 08:01 ——– d—–w- c:\program files\Spybot - Search & Destroy
2010-05-22 07:55 . 2010-05-22 07:56 ——– d—–w- c:\program files\FLV Player
2010-05-21 17:41 . 2010-05-21 17:41 56 —ha-w- c:\windows\system32\ezsidmv.dat
2010-05-21 17:41 . 2010-05-21 17:41 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\skypePM
2010-05-21 17:41 . 2010-05-21 18:11 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Skype
2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–w- c:\program files\Common Files\Skype
2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–r- c:\program files\Skype
2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–w- c:\programdata\Skype
2010-05-15 07:19 . 2010-05-15 07:19 ——– d—–w- c:\program files\Common Files\Java
2010-05-15 07:19 . 2010-04-12 15:29 411368 —-a-w- c:\windows\system32\deployJava1.dll
2010-05-09 08:50 . 2010-05-09 08:51 ——– d—–w- c:\temp\advertentie
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 04:42 . 2009-07-14 08:27 723498 —-a-w- c:\windows\system32\perfh013.dat
2010-06-02 04:42 . 2009-07-14 08:27 142362 —-a-w- c:\windows\system32\perfc013.dat
2010-05-30 18:30 . 2010-05-30 18:30 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-30 17:03 . 2010-03-31 17:39 ——– d—–w- c:\program files\CCleaner
2010-05-25 14:42 . 2010-03-29 20:08 28219 —-a-w- c:\programdata\nvModes.dat
2010-05-15 07:19 . 2010-03-31 11:36 ——– d—–w- c:\program files\Java
2010-05-06 20:59 . 2010-04-30 18:45 165032 —-a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-30 18:45 46672 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-30 18:45 164048 —-a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-30 18:45 23376 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-30 18:45 51792 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-30 18:45 19024 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-30 19:02 . 2010-04-30 19:02 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2010-04-30 19:02 . 2010-04-30 19:01 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 19:01 . 2010-04-30 19:01 ——– d—–w- c:\programdata\Malwarebytes
2010-04-30 18:45 . 2010-03-29 16:50 ——– d—–w- c:\programdata\Alwil Software
2010-04-30 18:28 . 2010-04-30 18:25 ——– d—–w- c:\program files\Folder Lock
2010-04-30 18:25 . 2010-04-30 18:25 53248 —-a-w- c:\windows\system32\suppdll.dll
2010-04-30 18:25 . 2010-04-30 18:25 35363 —-a-w- c:\windows\system32\windrvNT.sys
2010-04-30 18:19 . 2010-04-30 17:25 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\DiskSpaceFan
2010-04-30 17:25 . 2010-04-30 17:25 ——– d—–w- c:\program files\DiskSpaceFan
2010-04-29 13:39 . 2010-04-30 19:01 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-30 19:01 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 11:12 . 2010-04-29 11:12 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Foxit
2010-04-27 12:07 . 2010-03-29 12:06 ——– d—–w- c:\programdata\Microsoft Help
2010-04-22 20:52 . 2010-04-22 20:52 ——– d—–w- c:\program files\Image Resizer
2010-04-14 16:47 . 2010-04-30 18:45 38848 —-a-w- c:\windows\system32\avastSS.scr
2010-04-11 09:28 . 2010-04-11 09:28 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Nero
2010-04-09 15:08 . 2010-04-09 15:08 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\UltraVNC
2010-04-09 10:36 . 2010-04-09 10:36 ——– d—–w- c:\program files\Winamp Detect
2010-04-09 10:36 . 2010-04-09 10:36 ——– d—–w- c:\program files\Common Files\PX Storage Engine
2010-04-08 09:19 . 2010-04-08 09:19 ——– d—–w- c:\program files\Alcohol Soft
2010-04-07 06:17 . 2010-04-07 06:17 ——– d—–w- c:\programdata\Office Genuine Advantage
2010-04-05 15:07 . 2010-04-05 15:07 ——– d—–w- c:\program files\TechSmith
2010-04-05 14:46 . 2010-04-05 14:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\ThumbsPlus
2010-04-05 14:45 . 2010-04-05 14:45 ——– d—–w- c:\program files\Thumbs7
2010-04-05 09:27 . 2010-04-05 09:27 0 —ha-w- c:\windows\system32\drivers\Msft_User_tcwbf_01_09_00.Wdf
2010-04-05 09:27 . 2010-04-05 09:27 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-04-05 09:26 . 2010-04-05 09:26 ——– d—–w- c:\program files\Protector Suite
2010-04-02 08:18 . 2010-04-01 15:32 69 —-a-w- c:\users\Gebruiker\jagex_runescape_preferences2.dat
2010-04-02 07:53 . 2010-04-01 15:31 41 —-a-w- c:\users\Gebruiker\jagex_runescape_preferences.dat
2010-04-01 16:21 . 2010-03-29 20:01 108824 —-a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-01 15:32 . 2010-04-01 15:32 0 —-a-w- c:\users\Gebruiker\jagex__preferences3.dat
2010-03-29 11:46 . 2010-03-29 11:46 0 —-a-w- c:\windows\nsreg.dat
2010-03-29 08:37 . 2010-03-29 08:37 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\UC.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\RAR.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\PKZIP.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\PKUNZIP.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\NOCLOSE.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\LHA.PIF
2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\ARJ.PIF
2010-03-08 21:33 . 2010-04-14 20:49 427520 —-a-w- c:\windows\system32\vbscript.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 13080]
R3 uvnc_service;uvnc_service;c:\users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe [2009-12-06 1590216]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-29 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 CrossLoopService;CrossLoop Service;c:\users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe [2010-02-15 560792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\v95kgr8e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
—- FIREFOX POLICIES —-
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""
;
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="D4A47D5057CE58E9EBAC20D7A1261992F0E068B2379FF9944ACB7F9B4FD9CE7007130BDC4599C1B4540504E25907258011FB0D240236E0C55E8F67534E7866EF5091ECE4DD0EB4C8256421615C98F2BA1494CC8C166611D7214FB0D81D09063A8F20C1AB79C1103255FE76F16B340FBB2AB5A6873F7166501F0EFBE2AE537B85CA526BA653A1B1F1839DC8E92C8A8971AAFBE2E5AA6C44AC85DDB0E1D8EE1977A7D113018D6A7DFDEF1F21CF289EF83F8F1C88AB6BBF10D9A7E47776FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67943BE6865273AE4DA741D13770D000610C8A932CC87EB1EC91649226220AFCA7E5D1ABE15FFA3647CBDFAF01CBF001EAD403C87AB54B499C620E9627E0E59A61FDAFAC553BE33DD4F98B5E70EE07A955E4D54E363E1DC248550DDF7C2C79ED66F5B4688CFC80EF17EEAD3E0483BE1AE398960B4C3699D37302BE7A26A681619841272CB7354609F39C1783BBA1E6859C7CBC3831E607C3E3B06345A6655EEFA285301E0C64CEDD132678B79EDA723449D124635B0A52EDA6629E72867017AB6E20DCB3C181D8D26464E8B73630F800780E0BED44528B450949FA895046513BAD201EB99575C5E31663E1348F99B358FB5A168FEBE1E54B9FCAE16495D6DBD5D3494B4F499E9B1E9EE4C2323C0302C16B95CACFD3D13999C18126B2E78828C919921C69204F0424B75C4E89D2C968D19E50170D832D02DC093CF9F660B149F9F9A72ECE62CDCC2B5EF32A676C418B35354FC7F88474DFD355FCF7071BA1F9D736E7849BDED36900D106E14E2632B829900E131BE69C18D44BFB9B8FB598957053670240E30FED7E1A24618F23D5DC04D7B80DCA3C0C8F46CE23448DD44C9E5E976DF07FC7A2941BFD92FCD608DA0BAAF4B0B4379B2055A58E8F38D4A065395510767FF061233C598B4A6AA07E66FA9A150CE6E1A0281703F7951F0CC4002E980C2F3F82101B65D515F7C5BBB38D085FAA9468A0E7682A82BD3A052EF0AE6A02A1FDA3F0320AB73EADFA8ACED95CAF206C47DF1D1698055BD7B9DA8857757E7EA6F90952ACDF7BD330E81E52A7509592D456D8D450E5455B800174BFB14D2011B86CA98D69039F6E388AC392D4DE800121A6C29942EEA96339330AC93A2327CC38D7295D54CEB4F7A8DAA830206D5B4D54D170121A4896E4C126B8F0305991DB48ED8C545D10726D258C5AA1CA5835E733259B378AF993EA25660155D9437FFBD097BBD3FA09B1621782C92D1B6CC0D849A25C57C97F4C112A3047E77BAB367E00EE8614A36F707CAC55CF71DA6FD53DE4003413934A9186E377D2F1634D9E4843441DA1556ED077D6D125DED695EDC217A5866126BC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'Explorer.exe'(3668)
c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-06-02 06:48:22 - machine werd herstart
ComboFix-quarantined-files.txt 2010-06-02 04:48
Pre-Run: 82.902.192.128 bytes beschikbaar
Post-Run: 82.705.190.912 bytes beschikbaar
- - End Of File - - 5CF383948DB979114BB386F55729DA94 - 1. Sommige cd-emulators kunnen het interpreteren van de logs bemoeilijken.
We zullen deze daarom tijdelijk uitschakelen.
[list:ac51dfc1c6][*:ac51dfc1c6]Download [b:ac51dfc1c6] en plaats het op je bureaublad.[*:ac51dfc1c6]Dubbelklik op Defogger.exe om de tool te starten.[*:ac51dfc1c6]In het scherm dat verschijnt klik je op de knop "Disable".[*:ac51dfc1c6]In het volgende scherm klik je op Ja (Yes) om verder te gaan.[*:ac51dfc1c6]Wacht tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".[*:ac51dfc1c6]Indien DeFogger vraagt om de computer te herstarten doe je dit.[/list:u:ac51dfc1c6]
[b:ac51dfc1c6][u:ac51dfc1c6]NOTA:[/u:ac51dfc1c6][/b:ac51dfc1c6] Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad naar het bestand [b:ac51dfc1c6]defogger_disable [/b:ac51dfc1c6]en post je de inhoud van dit bestand.
[i:ac51dfc1c6]CD-emulator software kan je weer inschakelen met behulp van Defogger door de tool te starten en op de knop "Re-enable" te klikken.
Dit doe je pas wanneer we volledig klaar zijn met de analyse van de computer.[/i:ac51dfc1c6]
2.Download TDSSKiller.zip, unzip het en plaats het op je bureaublad: http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
[b:ac51dfc1c6]@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0[/b:ac51dfc1c6]
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Daarna, Dubbelklik op start.bat
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt. (eventueel na een reboot) - Na een hele dag zonder internet (telefoonkabel in de straat kapot getrokken tijdens graafwerkzaamheden voor de deur), kan ik eindelijk het logje plaatsen:
21:41:13:961 3308 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:41:13:961 3308 ================================================================================
21:41:13:961 3308 SystemInfo:
21:41:13:961 3308 OS Version: 6.1.7600 ServicePack: 0.0
21:41:13:961 3308 Product type: Workstation
21:41:13:961 3308 ComputerName: GEBRUIK-P3BSN3Q
21:41:13:962 3308 UserName: Gebruiker
21:41:13:962 3308 Windows directory: C:\Windows
21:41:13:962 3308 Processor architecture: Intel x86
21:41:13:962 3308 Number of processors: 2
21:41:13:962 3308 Page size: 0x1000
21:41:13:963 3308 Boot type: Normal boot
21:41:13:963 3308 ================================================================================
21:41:18:430 3308 Initialize success
21:41:18:431 3308
21:41:18:431 3308 Scanning Services …
21:41:20:525 3308 Raw services enum returned 466 services
21:41:20:534 3308
21:41:20:534 3308 Scanning Drivers …
21:41:21:738 3308 1394ohci (dc43c521a067ca9c6644c9ada3d7e824) C:\Windows\system32\DRIVERS\1394ohci.sys
21:41:21:816 3308 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
21:41:21:850 3308 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:41:21:886 3308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:41:21:903 3308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:41:21:917 3308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:41:22:004 3308 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
21:41:22:028 3308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:41:22:053 3308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:41:22:065 3308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:41:22:093 3308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:41:22:105 3308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:41:22:119 3308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:41:22:131 3308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:41:22:143 3308 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
21:41:22:156 3308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:41:22:187 3308 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
21:41:22:213 3308 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:41:22:227 3308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:41:22:239 3308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:41:22:269 3308 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
21:41:22:281 3308 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
21:41:22:293 3308 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
21:41:22:319 3308 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
21:41:22:364 3308 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
21:41:22:383 3308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:22:411 3308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:41:22:452 3308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:41:22:483 3308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:41:22:502 3308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:41:22:532 3308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:22:560 3308 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
21:41:22:571 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:41:22:590 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:41:22:620 3308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:41:22:643 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:22:668 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:22:690 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:22:722 3308 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
21:41:22:747 3308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:22:773 3308 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:41:22:806 3308 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
21:41:22:831 3308 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
21:41:22:920 3308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:22:989 3308 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:23:010 3308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:41:23:057 3308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:41:23:082 3308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:23:110 3308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:41:23:184 3308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:41:23:209 3308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:23:233 3308 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:41:23:254 3308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:41:23:329 3308 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:41:23:380 3308 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
21:41:23:399 3308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:41:23:425 3308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:41:23:466 3308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:41:23:498 3308 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:23:591 3308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:41:23:637 3308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:41:23:661 3308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:41:23:692 3308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:41:23:715 3308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:41:23:745 3308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:41:23:799 3308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:41:23:811 3308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:41:23:832 3308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:23:869 3308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:41:23:883 3308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:41:23:895 3308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:23:924 3308 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:41:23:951 3308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:41:23:976 3308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:41:24:016 3308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:41:24:038 3308 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:41:24:055 3308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:41:24:093 3308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:41:24:114 3308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:41:24:133 3308 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:41:24:147 3308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:41:24:178 3308 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:41:24:211 3308 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:41:24:224 3308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:41:24:252 3308 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
21:41:24:266 3308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:41:24:310 3308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:41:24:339 3308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:41:24:359 3308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:24:386 3308 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:41:24:411 3308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:41:24:423 3308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:41:24:436 3308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:41:24:464 3308 iScsiPrt (d7084bacaf91e339bfcb5c777628eb57) C:\Windows\system32\DRIVERS\msiscsi.sys
21:41:24:477 3308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:24:496 3308 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:41:24:524 3308 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
21:41:24:566 3308 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
21:41:24:617 3308 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys
21:41:24:641 3308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:41:24:656 3308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:41:24:668 3308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:41:24:681 3308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:41:24:709 3308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:41:24:727 3308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:41:24:740 3308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:41:24:768 3308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:41:24:797 3308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:41:24:822 3308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:41:24:845 3308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:41:24:864 3308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:41:24:927 3308 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:41:24:941 3308 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:41:24:967 3308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:41:24:998 3308 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:41:25:044 3308 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:41:25:073 3308 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:41:25:093 3308 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:41:25:105 3308 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
21:41:25:136 3308 msdsm (289c7e27570d1c720f05ce301453caae) C:\Windows\system32\DRIVERS\msdsm.sys
21:41:25:163 3308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:41:25:187 3308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:41:25:222 3308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:41:25:247 3308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:41:25:271 3308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:41:25:298 3308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:41:25:349 3308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:41:25:372 3308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:41:25:420 3308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:41:25:445 3308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:41:25:493 3308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:41:25:518 3308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:41:25:563 3308 NDIS (eee89ed812dea8ead72bd35e8a36ab67) C:\Windows\system32\drivers\ndis.sys
21:41:25:595 3308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:41:25:618 3308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:41:25:639 3308 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:41:25:665 3308 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:41:25:686 3308 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:41:25:723 3308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:41:25:776 3308 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:41:25:898 3308 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:41:25:996 3308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:41:26:026 3308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:41:26:075 3308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:41:26:127 3308 Ntfs (464d40a87e3217de8e376ba75cdf217b) C:\Windows\system32\drivers\Ntfs.sys
21:41:26:157 3308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:41:26:348 3308 nvlddmkm (64fa050c9ce122792eed58b275d07c55) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:41:26:483 3308 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
21:41:26:500 3308 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
21:41:26:526 3308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:41:26:573 3308 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:41:26:595 3308 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:41:26:615 3308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:41:26:645 3308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:41:26:697 3308 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:41:26:720 3308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:41:26:772 3308 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\DRIVERS\pci.sys
21:41:26:799 3308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:41:26:830 3308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:41:26:868 3308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:41:26:899 3308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:41:26:936 3308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:41:26:965 3308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:41:27:020 3308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:41:27:066 3308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:41:27:085 3308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:41:27:099 3308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:41:27:130 3308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:41:27:170 3308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:41:27:196 3308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:41:27:215 3308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:41:27:235 3308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:41:27:315 3308 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:41:27:359 3308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:41:27:372 3308 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:41:27:406 3308 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:41:27:427 3308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:41:27:477 3308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:41:27:533 3308 RDPWD (2ac60bd1ee821c8892d46271d6474d07) C:\Windows\system32\drivers\RDPWD.sys
21:41:27:594 3308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:41:27:633 3308 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:41:27:669 3308 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:41:27:686 3308 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:41:27:709 3308 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:41:27:738 3308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:41:27:757 3308 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:41:27:781 3308 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:41:27:795 3308 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:41:27:826 3308 sdbus (882a3e55b88a15d4ad9c0b0c62e0bb8b) C:\Windows\system32\DRIVERS\sdbus.sys
21:41:27:847 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:41:27:868 3308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:41:27:895 3308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:41:27:916 3308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:41:27:936 3308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:41:27:955 3308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:41:27:973 3308 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:41:27:986 3308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:41:28:012 3308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:41:28:025 3308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:41:28:050 3308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:41:28:076 3308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:41:28:104 3308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:41:28:150 3308 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
21:41:28:178 3308 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
21:41:28:211 3308 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
21:41:28:240 3308 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
21:41:28:271 3308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:41:28:333 3308 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:41:28:361 3308 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:41:28:385 3308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:41:28:517 3308 Tcpip (3150be335a434df229cd82f9ab044a8a) C:\Windows\system32\drivers\tcpip.sys
21:41:28:554 3308 TCPIP6 (3150be335a434df229cd82f9ab044a8a) C:\Windows\system32\DRIVERS\tcpip.sys
21:41:28:591 3308 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:41:28:612 3308 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:41:28:636 3308 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:41:28:688 3308 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:41:28:722 3308 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:41:28:747 3308 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:28:778 3308 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:41:28:797 3308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:41:28:822 3308 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
21:41:28:848 3308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:41:28:871 3308 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys
21:41:28:893 3308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:41:28:918 3308 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:28:947 3308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:41:28:977 3308 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
21:41:29:008 3308 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
21:41:29:034 3308 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:41:29:081 3308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:41:29:105 3308 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:41:29:117 3308 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:41:29:153 3308 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
21:41:29:199 3308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:41:29:221 3308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:29:240 3308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:41:29:268 3308 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:41:29:289 3308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:41:29:328 3308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:41:29:376 3308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:41:29:410 3308 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:41:29:440 3308 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:41:29:491 3308 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:41:29:583 3308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:41:29:626 3308 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys
21:41:29:655 3308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:41:29:669 3308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:41:29:697 3308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:41:29:728 3308 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:29:731 3308 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:29:746 3308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:41:29:816 3308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:41:29:834 3308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:41:29:860 3308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:41:29:897 3308 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\Windows\system32\windrvNT.sys
21:41:29:940 3308 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUSB.sys
21:41:29:963 3308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:41:29:978 3308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:41:30:007 3308 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:41:30:027 3308 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:30:069 3308 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
21:41:30:072 3308
21:41:30:072 3308 Completed
21:41:30:073 3308
21:41:30:073 3308 Results:
21:41:30:073 3308 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:41:30:073 3308 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:41:30:074 3308
21:41:30:076 3308 KLMD(ARK) unloaded successfully - Kunnen ze niet eens meer een gaatje graven zonder de boel te slopen :evil:
Wil je even een nieuw HijackThis logje plaatsen en vertellen hoe het nu gaat ? - Beste justerr,
Hartelijk dank voor de hulp. De gebruikte tools zijn verbluffend doeltreffend gebleken! Ik heb sinds deze undercover operatie geen last meer van vervelende pagina's ! Ik had geen idee dat ik een Rootkit onder de leden had
Hier nog een laatste logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:33:49, on 3-6-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe
–
End of file - 6278 bytes - Beter zo inderdaad.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
