Vraag & Antwoord

Beveiliging & privacy

Ik ben bang dat ik ge-blacklist zal worden...

Anoniem
None
37 antwoorden
  • Abraham54,

    TSSKiller heb ik al eerder gebruikt en dat vond toen niets, maar hier is het nieuwe log dat ik zojuist heb laten maken. TSSkiller gaf aan niets gevonden te hebben.
    Ik heb alleen de coMputernaam met XXXX gedeeltelijk onleesbaar gemaakt, voor de rest heb ik natuurlijk niets gewijzigd in het log:

    2011/04/29 20:07:43.0774 4388 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/29 20:07:44.0695 4388 ================================================================================
    2011/04/29 20:07:44.0695 4388 SystemInfo:
    2011/04/29 20:07:44.0695 4388
    2011/04/29 20:07:44.0695 4388 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/29 20:07:44.0695 4388 Product type: Workstation
    2011/04/29 20:07:44.0695 4388 ComputerName: RONXXXXX
    2011/04/29 20:07:44.0695 4388 UserName: Ron
    2011/04/29 20:07:44.0695 4388 Windows directory: C:\Windows
    2011/04/29 20:07:44.0695 4388 System windows directory: C:\Windows
    2011/04/29 20:07:44.0695 4388 Processor architecture: Intel x86
    2011/04/29 20:07:44.0695 4388 Number of processors: 2
    2011/04/29 20:07:44.0695 4388 Page size: 0x1000
    2011/04/29 20:07:44.0695 4388 Boot type: Normal boot
    2011/04/29 20:07:44.0695 4388 ================================================================================
    2011/04/29 20:07:45.0334 4388 Initialize success
    2011/04/29 20:07:48.0127 4216 ================================================================================
    2011/04/29 20:07:48.0127 4216 Scan started
    2011/04/29 20:07:48.0127 4216 Mode: Manual;
    2011/04/29 20:07:48.0127 4216 ================================================================================
    2011/04/29 20:07:48.0563 4216 17323 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\17323
    2011/04/29 20:07:48.0610 4216 22158 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\22158
    2011/04/29 20:07:48.0657 4216 25284 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\25284
    2011/04/29 20:07:48.0704 4216 26276 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\26276
    2011/04/29 20:07:48.0766 4216 7388 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\7388
    2011/04/29 20:07:48.0813 4216 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/29 20:07:48.0891 4216 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/29 20:07:48.0938 4216 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/04/29 20:07:48.0985 4216 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/29 20:07:49.0016 4216 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/04/29 20:07:49.0094 4216 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/29 20:07:49.0125 4216 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/04/29 20:07:49.0156 4216 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/29 20:07:49.0203 4216 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/04/29 20:07:49.0265 4216 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/04/29 20:07:49.0281 4216 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/04/29 20:07:49.0343 4216 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/04/29 20:07:49.0375 4216 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/04/29 20:07:49.0437 4216 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/04/29 20:07:49.0468 4216 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/04/29 20:07:49.0546 4216 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
    2011/04/29 20:07:49.0640 4216 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/04/29 20:07:49.0687 4216 aswFW (f05cdd49f4adf81d69739a9bcdd7051c) C:\Windows\system32\drivers\aswFW.sys
    2011/04/29 20:07:49.0749 4216 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/04/29 20:07:49.0780 4216 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
    2011/04/29 20:07:49.0811 4216 aswNdis2 (7064dd415a7fd90f1804e4ea4574f7bd) C:\Windows\system32\drivers\aswNdis2.sys
    2011/04/29 20:07:49.0843 4216 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
    2011/04/29 20:07:49.0889 4216 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
    2011/04/29 20:07:49.0936 4216 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
    2011/04/29 20:07:49.0983 4216 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
    2011/04/29 20:07:50.0045 4216 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/29 20:07:50.0077 4216 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/04/29 20:07:50.0123 4216 AtcL001 (b4c0d962a251555f3daf42738ce6680d) C:\Windows\system32\DRIVERS\atl01v32.sys
    2011/04/29 20:07:50.0342 4216 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/29 20:07:50.0435 4216 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/29 20:07:50.0467 4216 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/29 20:07:50.0498 4216 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/29 20:07:50.0545 4216 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/29 20:07:50.0576 4216 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/29 20:07:50.0607 4216 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/29 20:07:50.0623 4216 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/29 20:07:50.0669 4216 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/29 20:07:50.0701 4216 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/29 20:07:50.0732 4216 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/29 20:07:50.0779 4216 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/29 20:07:50.0825 4216 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/29 20:07:51.0013 4216 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/29 20:07:51.0075 4216 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/29 20:07:51.0137 4216 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/04/29 20:07:51.0184 4216 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/29 20:07:51.0231 4216 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/29 20:07:51.0278 4216 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/04/29 20:07:51.0309 4216 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/29 20:07:51.0387 4216 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    2011/04/29 20:07:51.0449 4216 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
    2011/04/29 20:07:51.0496 4216 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/29 20:07:51.0527 4216 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/04/29 20:07:51.0637 4216 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
    2011/04/29 20:07:51.0715 4216 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/29 20:07:51.0761 4216 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/29 20:07:51.0855 4216 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/29 20:07:51.0917 4216 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/29 20:07:51.0980 4216 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/29 20:07:52.0027 4216 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/29 20:07:52.0105 4216 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/04/29 20:07:52.0183 4216 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
    2011/04/29 20:07:52.0229 4216 EuDisk (c4bc617b3608624cdb7cdd1606691066) C:\Windows\system32\DRIVERS\EuDisk.sys
    2011/04/29 20:07:52.0276 4216 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
    2011/04/29 20:07:52.0354 4216 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/29 20:07:52.0401 4216 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/29 20:07:52.0463 4216 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/29 20:07:52.0541 4216 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/29 20:07:52.0573 4216 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/29 20:07:52.0604 4216 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/29 20:07:52.0635 4216 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/29 20:07:52.0697 4216 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/29 20:07:52.0729 4216 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/29 20:07:52.0760 4216 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/29 20:07:52.0853 4216 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2011/04/29 20:07:53.0025 4216 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/29 20:07:53.0103 4216 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/29 20:07:53.0150 4216 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/29 20:07:53.0181 4216 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/04/29 20:07:53.0243 4216 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/29 20:07:53.0306 4216 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/29 20:07:53.0353 4216 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/04/29 20:07:53.0384 4216 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/04/29 20:07:53.0431 4216 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/29 20:07:53.0493 4216 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/04/29 20:07:53.0540 4216 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/04/29 20:07:53.0696 4216 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/04/29 20:07:53.0774 4216 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/29 20:07:53.0883 4216 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/04/29 20:07:53.0914 4216 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/29 20:07:53.0977 4216 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/29 20:07:54.0039 4216 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/29 20:07:54.0101 4216 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/29 20:07:54.0148 4216 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/29 20:07:54.0179 4216 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/04/29 20:07:54.0257 4216 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/29 20:07:54.0289 4216 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/29 20:07:54.0320 4216 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/29 20:07:54.0367 4216 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/29 20:07:54.0429 4216 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/29 20:07:54.0476 4216 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2011/04/29 20:07:54.0554 4216 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/29 20:07:54.0710 4216 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/29 20:07:54.0788 4216 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/29 20:07:54.0819 4216 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/29 20:07:54.0850 4216 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/29 20:07:54.0897 4216 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/29 20:07:54.0928 4216 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/04/29 20:07:55.0006 4216 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/29 20:07:55.0053 4216 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
    2011/04/29 20:07:55.0084 4216 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/29 20:07:55.0131 4216 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/29 20:07:55.0178 4216 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/29 20:07:55.0287 4216 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/29 20:07:55.0334 4216 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/04/29 20:07:55.0381 4216 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/29 20:07:55.0412 4216 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/29 20:07:55.0474 4216 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/29 20:07:55.0521 4216 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/29 20:07:55.0568 4216 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/29 20:07:55.0599 4216 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/29 20:07:55.0646 4216 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/04/29 20:07:55.0693 4216 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/04/29 20:07:55.0755 4216 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/29 20:07:55.0802 4216 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/29 20:07:55.0880 4216 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/29 20:07:55.0911 4216 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/29 20:07:55.0973 4216 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/29 20:07:56.0020 4216 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/29 20:07:56.0067 4216 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/29 20:07:56.0098 4216 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/29 20:07:56.0145 4216 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/04/29 20:07:56.0161 4216 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/29 20:07:56.0239 4216 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/29 20:07:56.0285 4216 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/29 20:07:56.0348 4216 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/29 20:07:56.0410 4216 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/29 20:07:56.0488 4216 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/29 20:07:56.0551 4216 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/29 20:07:56.0613 4216 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/29 20:07:56.0644 4216 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/29 20:07:56.0785 4216 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2011/04/29 20:07:56.0909 4216 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/04/29 20:07:56.0956 4216 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/29 20:07:57.0050 4216 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/29 20:07:57.0097 4216 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/29 20:07:57.0206 4216 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/29 20:07:57.0253 4216 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/29 20:07:57.0299 4216 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/29 20:07:57.0440 4216 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/29 20:07:57.0518 4216 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/04/29 20:07:57.0533 4216 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/04/29 20:07:57.0580 4216 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/29 20:07:57.0705 4216 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/29 20:07:57.0752 4216 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/29 20:07:57.0783 4216 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/29 20:07:57.0814 4216 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/29 20:07:57.0892 4216 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/29 20:07:57.0923 4216 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/04/29 20:07:57.0955 4216 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/04/29 20:07:58.0017 4216 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/29 20:07:58.0189 4216 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/29 20:07:58.0220 4216 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/04/29 20:07:58.0313 4216 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/29 20:07:58.0376 4216 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/04/29 20:07:58.0423 4216 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/29 20:07:58.0485 4216 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/29 20:07:58.0547 4216 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/29 20:07:58.0610 4216 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/29 20:07:58.0688 4216 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/29 20:07:58.0719 4216 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/29 20:07:58.0766 4216 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/29 20:07:58.0828 4216 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/29 20:07:58.0875 4216 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/29 20:07:58.0906 4216 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/29 20:07:58.0969 4216 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/29 20:07:59.0031 4216 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/29 20:07:59.0062 4216 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/04/29 20:07:59.0109 4216 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/04/29 20:07:59.0125 4216 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/04/29 20:07:59.0234 4216 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2011/04/29 20:07:59.0296 4216 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/29 20:07:59.0327 4216 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/04/29 20:07:59.0374 4216 RTL8187 (25c91ee1be0c0cfa79696a2d0b47aa43) C:\Windows\system32\DRIVERS\RTL8187.sys
    2011/04/29 20:07:59.0421 4216 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/29 20:07:59.0499 4216 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/29 20:07:59.0546 4216 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/29 20:07:59.0608 4216 Ser2pl (6cd8dc61304bf5ca16fe48dc3039cc05) C:\Windows\system32\DRIVERS\ser2pl.sys
    2011/04/29 20:07:59.0639 4216 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/29 20:07:59.0671 4216 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/04/29 20:07:59.0717 4216 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/29 20:07:59.0827 4216 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/04/29 20:07:59.0858 4216 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/29 20:07:59.0920 4216 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/04/29 20:07:59.0951 4216 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/29 20:08:00.0029 4216 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/04/29 20:08:00.0076 4216 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/29 20:08:00.0107 4216 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/29 20:08:00.0170 4216 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/29 20:08:00.0248 4216 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
    2011/04/29 20:08:00.0388 4216 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2011/04/29 20:08:00.0451 4216 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/29 20:08:00.0529 4216 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/29 20:08:00.0575 4216 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/29 20:08:00.0638 4216 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/29 20:08:00.0716 4216 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/29 20:08:00.0778 4216 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/29 20:08:00.0825 4216 symsnap (d3218867afdf74d7ab76a3911b4544a2) C:\Windows\system32\DRIVERS\symsnap.sys
    2011/04/29 20:08:00.0872 4216 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/29 20:08:00.0903 4216 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/29 20:08:00.0950 4216 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/29 20:08:01.0059 4216 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/04/29 20:08:01.0137 4216 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/29 20:08:01.0199 4216 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/29 20:08:01.0246 4216 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/29 20:08:01.0293 4216 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/29 20:08:01.0355 4216 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/29 20:08:01.0418 4216 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/29 20:08:01.0496 4216 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
    2011/04/29 20:08:01.0558 4216 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
    2011/04/29 20:08:01.0636 4216 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
    2011/04/29 20:08:01.0683 4216 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\Windows\system32\DRIVERS\tosrfbd.sys
    2011/04/29 20:08:01.0730 4216 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
    2011/04/29 20:08:01.0777 4216 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\Windows\system32\Drivers\tosrfcom.sys
    2011/04/29 20:08:01.0823 4216 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
    2011/04/29 20:08:01.0870 4216 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
    2011/04/29 20:08:01.0917 4216 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys
    2011/04/29 20:08:01.0979 4216 Tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\Windows\system32\DRIVERS\tosrfusb.sys
    2011/04/29 20:08:02.0026 4216 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
    2011/04/29 20:08:02.0089 4216 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
    2011/04/29 20:08:02.0182 4216 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/29 20:08:02.0245 4216 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/29 20:08:02.0307 4216 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/29 20:08:02.0354 4216 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\Windows\system32\DRIVERS\TVICHW32.SYS
    2011/04/29 20:08:02.0401 4216 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/04/29 20:08:02.0447 4216 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/29 20:08:02.0541 4216 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/29 20:08:02.0572 4216 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/04/29 20:08:02.0603 4216 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/29 20:08:02.0650 4216 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/29 20:08:02.0697 4216 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/29 20:08:02.0744 4216 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/29 20:08:02.0791 4216 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/04/29 20:08:02.0837 4216 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/29 20:08:02.0884 4216 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/29 20:08:02.0915 4216 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/04/29 20:08:02.0947 4216 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/29 20:08:02.0993 4216 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/29 20:08:03.0025 4216 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/29 20:08:03.0056 4216 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/29 20:08:03.0103 4216 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/04/29 20:08:03.0165 4216 v2imount (1747e022b76bc248795b0aedecccf96f) C:\Windows\system32\DRIVERS\v2imount.sys
    2011/04/29 20:08:03.0227 4216 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/29 20:08:03.0274 4216 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/29 20:08:03.0321 4216 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/04/29 20:08:03.0352 4216 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/04/29 20:08:03.0383 4216 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/04/29 20:08:03.0415 4216 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/29 20:08:03.0493 4216 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/29 20:08:03.0555 4216 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/29 20:08:03.0602 4216 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
    2011/04/29 20:08:03.0649 4216 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/29 20:08:03.0711 4216 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2011/04/29 20:08:03.0773 4216 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/04/29 20:08:03.0805 4216 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/29 20:08:03.0836 4216 wacomvhid (d412d2cc82c3d469415758cab44875a4) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/04/29 20:08:03.0883 4216 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
    2011/04/29 20:08:03.0929 4216 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/29 20:08:03.0945 4216 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/29 20:08:04.0023 4216 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/04/29 20:08:04.0085 4216 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/29 20:08:04.0210 4216 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/04/29 20:08:04.0351 4216 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
    2011/04/29 20:08:04.0397 4216 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/29 20:08:04.0507 4216 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/04/29 20:08:04.0553 4216 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/29 20:08:04.0663 4216 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/29 20:08:04.0803 4216 ================================================================================
    2011/04/29 20:08:04.0803 4216 Scan finished
    2011/04/29 20:08:04.0803 4216 ================================================================================
  • Nou, OTL heeft gedraaid.
    Geen andere melding gekregen dan dat het systeem ge-reboot moest worden.
    Dat dus ook gedaan. OTL heeft zichzelf verwijderd.

    Ik woon trouwens op de grens van N en Z Holland, in de Haarlemmermeer. :wink:
  • Hoi Helicop, vauit het oosten van het land wordt het dus een duur biertje.

    Wat betreft jouw Windows, draait deze weer zonder problemen, of heb je nog vragen?
  • Oosten van het land? Toch niet in de buurt van Enschede?
    Mijn beter helft heeft daar nog wortels….. :lol:

    Het systeem lijkt op en top te draaien op dit moment.
    Misschien is het inbeelding, maar het lijkt ook alsof programma's wat sneller reageren dan voorheen.

    Op dit moment geen vragen meer :lol:

    En zoals gezegd: BEDANKT!!
  • Hoi Heliocop, doe het volgende:

    Download [b:a8416d517b]GMER[/b:a8416d517b] van één van de volgende locaties, en sla het op je Bureaublad op:[list:a8416d517b]
    [*:a8416d517b][b:a8416d517b]Primaire downloadlocatie[/b:a8416d517b]
    [i:a8416d517b]Deze mirror zal een random genaamd bestand geven (Aanbevolen)[/i:a8416d517b]
    [*:a8416d517b][b:a8416d517b]Gezipt bestand[/b:a8416d517b]
    [i:a8416d517b]Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.[/i:a8416d517b][/list:u:a8416d517b][list:a8416d517b]
    [*:a8416d517b]Verbreek je internetverbinding en [b:a8416d517b]sluit alle openstaande programma's[/b:a8416d517b].
    [*:a8416d517b]Schakel tijdelijk je real-time beveiligingssoftware uit.
    [*:a8416d517b]Dubbelklik op het [b:a8416d517b]random vernoemd[/b:a8416d517b] GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de [b:a8416d517b]gmer.sys[/b:a8416d517b] driver wordt geladen, als dit gevraagd wordt.
    [*:a8416d517b][i:a8416d517b]
  • Abraham54.

    Nou daar is-tie dan weer…
    Ik hoop dat ik het goed heb gedaan.
    Ik heb GMER opgestart (vanaf het bureaublad) na alle programmas gesloten te hebben en ook de internetverbinding was verbroken.
    Na het opstarten kreeg ik na een paar seconden een lijstje te zien.
    Vervolgens werd ook de keuzeknop "Scan" actief.
    De keuzehokjes aan de rechterkant met: Systeem - Sections - IAT/EAT - Devices - Modules - etc. etc. waren allemaal aangevinkt. Dat was zo, daar heb ik zelf niets aan veranderd.
    Na het aanklikken van de SCAN-knop kreeg ik verder niets meer te zien, maar ging GMER scannen.
    Het resultaat is een stevige lijst…. :
    [b:5ead907f41]EDIT: het blijkt dat ik niet het volledig rapport in één keer kan posten. Het ontbrekende deel staat in de aansluitende posting!!![/b:5ead907f41]

    GMER 1.0.15.15572 - http://www.gmer.net
    Rootkit scan 2011-04-30 15:40:33
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0
    Running: fbw0n1sk.exe; Driver: C:\Users\Ron\AppData\Local\Temp\uxddqpod.sys


    —- System - GMER 1.0.15 —-

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90316202]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x903187F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90318848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9031895E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90318746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x90318898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9031879A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9031890C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90316226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90315FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9031624A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90318D56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90316CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90318820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90318870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90318988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90318772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x903188D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x903187C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90318936]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90316BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9031626E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90316292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9031604A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90316186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90316162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x903161AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x903162B6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9407F762]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    —- Kernel code sections - GMER 1.0.15 —-

    .text ntkrnlpa.exe!KeSetEvent + 10D 830E6890 4 Bytes [02, 62, 31, 90] {ADD AH, [EDX+0x31]; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1D1 830E6954 8 Bytes [F0, 87, 31, 90, 48, 88, 31, …] {LOCK XCHG [ECX], ESI; NOP ; DEC EAX; MOV [ECX], DH; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1DD 830E6960 4 Bytes [5E, 89, 31, 90] {POP ESI; MOV [ECX], ESI; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1F5 830E6978 4 Bytes [46, 87, 31, 90] {INC ESI; XCHG [ECX], ESI; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 215 830E6998 8 Bytes [98, 88, 31, 90, 9A, 87, 31, …]
    .text …
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 832115C7 5 Bytes JMP 9407B11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 8326A4F3 5 Bytes JMP 9407CBBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83273E18 4 Bytes CALL 9031734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83277A8C 4 Bytes CALL 90317361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 832CBDAE 7 Bytes JMP 9407F766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngCreateRectRgn + 4537 9DCBFC90 5 Bytes JMP 90319440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 9DCD8EB9 5 Bytes JMP 90319E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 9DCD9CA5 5 Bytes JMP 90319F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 9DCE2407 5 Bytes JMP 90318D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 9DCE3350 5 Bytes JMP 90319BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F1 9DCEEA84 5 Bytes JMP 90319316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 455C 9DCEFEEF 5 Bytes JMP 90318F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119C6 9DD09A25 5 Bytes JMP 90319180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A1A 9DD09A79 5 Bytes JMP 90319326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 9DD30A12 5 Bytes JMP 90319B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 9DD33371 5 Bytes JMP 90318E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3A 9DD39CA9 5 Bytes JMP 90318FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B42 9DD44110 1 Byte [E9]
    .text win32k.sys!EngStretchBlt + 2B42 9DD44110 5 Bytes JMP 9031A014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 9DD46FFC 5 Bytes JMP 90318E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 81C 9DD65415 5 Bytes JMP 90319D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6EBA 9DD6BAB3 5 Bytes JMP 90319BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 9DD6F22A 5 Bytes JMP 90319CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 9DD76B49 5 Bytes JMP 90318EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 9DD950A6 5 Bytes JMP 903190AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 9DD9A902 5 Bytes JMP 90319008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 9DD9E43A 5 Bytes JMP 90319ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 9DDBD707 5 Bytes JMP 9031903E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D23F 9DDC9F37 5 Bytes JMP 903190E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9418403F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 941840AF 1 Byte [16]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 941840AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, …]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 94184130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 94184137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, …]
    PAGE …
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS Het systeem kan het opgegeven bestand niet vinden. !
    ? C:\Users\Ron\AppData\Local\Temp\catchme.sys Het systeem kan het opgegeven bestand niet vinden. !

    —- User code sections - GMER 1.0.15 —-

    .text C:\Windows\System32\igfxtray.exe[268] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\igfxtray.exe[268] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\igfxtray.exe[268] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[268] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00180600
    .text C:\Windows\System32\igfxtray.exe[268] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00180804
    .text C:\Windows\System32\igfxtray.exe[268] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00180A08
    .text C:\Windows\System32\igfxtray.exe[268] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001801F8
    .text C:\Windows\System32\igfxtray.exe[268] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001903FC
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00190600
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00191014
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00190804
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00190A08
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00190C0C
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00190E10
    .text C:\Windows\System32\igfxtray.exe[268] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001901F8
    .text C:\Windows\System32\hkcmd.exe[288] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Windows\System32\hkcmd.exe[288] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Windows\System32\hkcmd.exe[288] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\System32\hkcmd.exe[288] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00190600
    .text C:\Windows\System32\hkcmd.exe[288] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00190804
    .text C:\Windows\System32\hkcmd.exe[288] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00190A08
    .text C:\Windows\System32\hkcmd.exe[288] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001901F8
    .text C:\Windows\System32\hkcmd.exe[288] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001903FC
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001A03FC
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 001A0600
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 001A1014
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 001A0804
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 001A0A08
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 001A0C0C
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 001A0E10
    .text C:\Windows\System32\hkcmd.exe[288] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001A01F8
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001D03FC
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 001D0600
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 001D1014
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 001D0804
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 001D0A08
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 001D0C0C
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 001D0E10
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001D01F8
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 001E0600
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 001E0804
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 001E0A08
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001E01F8
    .text C:\Program Files\ATK Hotkey\Hcontrol.exe[552] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001E03FC
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00170600
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00170804
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00180600
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\ATKOSD2\ATKOSD2.exe[644] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\P4G\BatteryLife.exe[668] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Program Files\P4G\BatteryLife.exe[668] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Program Files\P4G\BatteryLife.exe[668] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Program Files\P4G\BatteryLife.exe[668] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00170600
    .text C:\Program Files\P4G\BatteryLife.exe[668] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00170804
    .text C:\Program Files\P4G\BatteryLife.exe[668] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\P4G\BatteryLife.exe[668] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\P4G\BatteryLife.exe[668] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00180600
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\P4G\BatteryLife.exe[668] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001501F8
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001503FC
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 001A0600
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 001A0804
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 001A0A08
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001A01F8
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001A03FC
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001B03FC
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 001B0600
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 001B1014
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 001B0804
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 001B0A08
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 001B0C0C
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 001B0E10
    .text C:\Program Files\ASUS\Splendid\ACMON.exe[672] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001B01F8
    .text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[744] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[744] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[744] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[744] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[744] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[744] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[744] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[744] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[744] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\services.exe[788] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[788] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[788] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[788] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[788] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[788] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[788] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[788] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[804] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[804] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[804] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[880] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[880] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[880] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[880] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[880] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[880] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[880] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[880] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[880] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 003F0600
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 003F0804
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 003F0A08
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 003F01F8
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 003F03FC
    .text C:\Windows\System32\ACEngSvr.exe[1076] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 001401F8
    .text C:\Windows\System32\ACEngSvr.exe[1076] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 001403FC
    .text C:\Windows\System32\ACEngSvr.exe[1076] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 001603FC
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00160600
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00161014
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00160804
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00160A08
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00160C0C
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00160E10
    .text C:\Windows\System32\ACEngSvr.exe[1076] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 001601F8
    .text C:\Windows\System32\ACEngSvr.exe[1076] USER32.dll!SetWindowsHookExA 760D6322 5 Bytes JMP 00170600
    .text C:\Windows\System32\ACEngSvr.exe[1076] USER32.dll!SetWindowsHookExW 760D87AD 5 Bytes JMP 00170804
    .text C:\Windows\System32\ACEngSvr.exe[1076] USER32.dll!UnhookWindowsHookEx 760D98DB 5 Bytes JMP 00170A08
    .text C:\Windows\System32\ACEngSvr.exe[1076] USER32.dll!SetWinEventHook 760D9F3A 5 Bytes JMP 001701F8
    .text C:\Windows\System32\ACEngSvr.exe[1076] USER32.dll!UnhookWinEvent 760DC06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1092] ntdll.
  • Hier dan het tweede (aansluitende) stuk.
    De eerste regel is gelijk aan de voorlaatste regel van de vorige posting:


    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!LdrLoadDll 775193A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!LdrUnloadDll 7752B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[6064] kernel32.dll!GetBinaryTypeW + 70 77282247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!CreateServiceW 77699EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!DeleteService 7769A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!SetServiceObjectSecurity 776D6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ChangeServiceConfigA 776D6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ChangeServiceConfigW 776D6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ChangeServiceConfig2A 776D7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ChangeServiceConfig2W 776D71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!CreateServiceA 776D72A1 5 Bytes JMP 000701F8

    —- User IAT/EAT - GMER 1.0.15 —-

    IAT C:\Windows\system32\services.exe[788] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00180002
    IAT C:\Windows\system32\services.exe[788] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00180000

    —- Devices - GMER 1.0.15 —-

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)

    —- Registry - GMER 1.0.15 —-

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)

    —- Files - GMER 1.0.15 —-

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\sfzone 0 bytes
    File C:\## aswSnx private storage\sfzone\attrib 0 bytes
    File C:\## aswSnx private storage\sfzone\image 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\AVAST Software 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\AVAST Software\Avast 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\AVAST Software\Avast\sfzone 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\AVAST Software\Avast\sfzone\extensions 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Program Files\AVAST Software\Avast\sfzone\productid 32 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\chrome_shutdown_ms.txt 4 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History Index 2011-03 36864 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Archived History 53248 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Bookmarks 322747 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Bookmarks.bak 509 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_0 45056 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_1 270336 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_2 1056768 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\data_3 4202496 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000001 18080 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000002 57254 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000003 62486 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\f_000004 18994 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cache\index 262512 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Cookies 6144 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Session 1385 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Current Tabs 1195 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Favicons 10240 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History 90112 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Plugin Data\Google Gears 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Preferences 5340 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Top Sites 20480 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Visited Links 131072 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Web Data 98304 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\First Run 0 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Local State 2193 bytes
    File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Safe Browsing Bloom_new 1918588 bytes
    File C:\## aswSnx private storage\sfzone\image\Users 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Microsoft\Windows\History 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 471 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_339FE4A15083BA9D58F96C1443F0D4C4 400 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 404 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk 2046 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\Desktop 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Users\Ron\Desktop\Chromium.lnk 2052 bytes
    File C:\## aswSnx private storage\sfzone\image\Windows 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\sfzone\image\Windows\Prefetch\SAFEZONEBROWSER.EXE-74FF4DA2.pf 155988 bytes
    File C:\## aswSnx private storage\sfzone\snx_fs.dat 17368 bytes
    File C:\## aswSnx private storage\snx_rhive 36864 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive_BAK_78000 262144 bytes
    File C:\## aswSnx private storage\snx_rhive_TU_78000.LOG1 0 bytes
    File C:\## aswSnx private storage\snx_rhive_TU_78000.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{78cfc77d-5712-11e0-a156-001d60bb3ce3}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{78cfc77d-5712-11e0-a156-001d60bb3ce3}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{78cfc77d-5712-11e0-a156-001d60bb3ce3}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

    —- EOF - GMER 1.0.15 —-
  • Hoi Helicop, dit keer gaat het weer om ComboFix.

    Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d9722bdef1]Kladblok[/b:d9722bdef1]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:d9722bdef1]
  • Nou, daar is het volgende log:

    ComboFix 11-04-28.02 - Ron 2011-04-30 18:33:09.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.912 [GMT 2:00]
    Gestart vanuit: c:\users\Ron\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Ron\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: CA Anti-Virus Plus *Disabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: CA Anti-Virus Plus *Disabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Ron\AppData\Local\Temp\catchme.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Ron\AppData\Local\temp\ppcrlui_1460_2
    c:\windows\system32\midas.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-28 to 2011-04-30 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-04 10:16 . 2012-04-04 10:18 ——– d—–w- c:\program files\AutoCAD 2008
    2012-04-04 10:16 . 2009-04-09 13:27 ——– d—–w- c:\users\Ron\AppData\Roaming\Autodesk
    2012-04-04 10:16 . 2009-04-09 13:27 ——– d—–w- c:\programdata\Autodesk
    2012-04-04 10:14 . 2012-04-04 10:18 ——– d—–w- c:\program files\Common Files\Autodesk Shared
    2012-04-04 10:14 . 2012-04-04 10:16 ——– d—–w- c:\users\Ron\AppData\Local\Autodesk
    2012-04-04 10:14 . 2012-04-04 10:14 ——– d—–w- c:\program files\Autodesk
    2011-04-30 17:01 . 2011-04-30 17:02 ——– d—–w- c:\users\Ron\AppData\Local\temp
    2011-04-30 17:01 . 2011-04-30 17:01 ——– d—–w- c:\users\Public\AppData\Local\temp
    2011-04-30 17:01 . 2011-04-30 17:01 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-04-26 07:59 . 2011-04-26 07:59 ——– d—–w- c:\program files\ESET
    2011-04-24 16:30 . 2011-03-03 10:50 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-21 08:51 . 2011-04-21 13:38 ——– d—–w- c:\users\Ron\AppData\Roaming\TrueCrypt
    2011-04-21 08:40 . 2011-04-21 08:40 231248 —-a-w- c:\windows\system32\drivers\truecrypt.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-22 09:48 . 2007-10-09 13:23 45056 —-a-w- c:\windows\system32\acovcnt.exe
    2011-04-18 17:25 . 2011-03-25 18:31 40112 —-a-w- c:\windows\avastSS.scr
    2011-04-18 17:25 . 2011-03-25 18:31 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-04-18 17:18 . 2011-03-25 19:01 102232 —-a-w- c:\windows\system32\drivers\aswFW.sys
    2011-04-18 17:17 . 2011-03-25 18:32 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-18 17:17 . 2011-03-25 18:32 307288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-18 17:17 . 2011-03-25 18:58 192984 —-a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-04-18 17:16 . 2011-03-25 18:32 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-18 17:13 . 2011-03-25 18:32 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-18 17:13 . 2011-03-25 18:32 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-18 17:12 . 2011-03-25 18:32 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-02 18:58 . 2011-03-02 18:58 9072 —-a-w- c:\windows\system32\drivers\25284
    2011-02-23 13:34 . 2011-03-25 18:58 12112 —-a-w- c:\windows\system32\drivers\aswNdis.sys
    2011-02-22 14:13 . 2011-03-25 22:41 288768 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-25 22:41 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-25 22:41 797696 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-02 20:40 . 2010-06-29 12:10 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-01-31 18:59 . 2011-01-31 18:59 9072 —-a-w- c:\windows\system32\drivers\26276
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-05 857648]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "Ad Muncher"="c:\my programs\Ad Muncher\AdMunch.exe" [2011-03-25 535752]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoNotification"= 1 (0x1)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSwitcher Tray Application]
    2008-01-01 13:36 491520 —-a-w- c:\my programs\NetSwitcher\NetSwTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 07:21 648072 —-a-w- c:\windows\WindowsMobile\wmdc.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Persistence"=c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2854665784-142728319-1497294299-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
    R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-04-18 121000]
    R2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Anti-Virus Plus\caamsvc.exe [x]
    R2 gupdate1c96aba2604ae00;Google Update Service (gupdate1c96aba2604ae00);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 133104]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-02 7168]
    R3 17323;17323;c:\windows\system32\DRIVERS\17323 [2010-12-02 9072]
    R3 22158;22158;c:\windows\system32\DRIVERS\22158 [2010-11-06 9072]
    R3 25284;25284;c:\windows\system32\DRIVERS\25284 [2011-03-02 9072]
    R3 26276;26276;c:\windows\system32\DRIVERS\26276 [2011-01-31 9072]
    R3 7388;7388;c:\windows\system32\DRIVERS\7388 [2011-01-01 9072]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 133104]
    R3 rk_remover;rk_remover;c:\windows\system32\drivers\rk_remover.sys [x]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
    R3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
    R3 WMSvc;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
    R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-19 48128]
    S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-07-01 1562096]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - KLMD25
    *NewlyCreated* - UXDDQPOD
    *Deregistered* - klmd25
    *Deregistered* - uxddqpod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LPDService REG_MULTI_SZ LPDSVC
    rsmsvcs REG_MULTI_SZ ntmssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 20:06]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 20:06]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.landcruiser-club.nl/forum/search/show_latest.html
    Trusted Zone: binck.nl\www
    Trusted Zone: hccnet.nl\www5
    Trusted Zone: ixquick.com\s4-eu
    Trusted Zone: landcruiser-club.com\www
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    Trusted Zone: my%20programs
    Trusted Zone: paypal.com
    Trusted Zone: xs4all.nl\service
    TCP: {7A6DDD53-B905-466D-A508-993F55621EE9} = 194.159.73.135,194.159.73.136
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-30 19:02
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\17323]
    "ImagePath"="System32\DRIVERS\17323"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\22158]
    "ImagePath"="System32\DRIVERS\22158"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\25284]
    "ImagePath"="System32\DRIVERS\25284"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\26276]
    "ImagePath"="System32\DRIVERS\26276"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\7388]
    "ImagePath"="System32\DRIVERS\7388"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2011-04-30 19:08:22
    ComboFix-quarantined-files.txt 2011-04-30 17:08
    ComboFix2.txt 2011-04-29 08:33
    ComboFix3.txt 2010-10-19 11:40
    .
    Pre-Run: 20.315.746.304 bytes beschikbaar
    Post-Run: 20.146.794.496 bytes beschikbaar
    .
    Current=3 Default=3 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    - - End Of File - - C2B6FF79AC0156A554FB3521CF953A65
  • Hoi Helicop - wederom een ronde ComboFix:

    open opnieuw een leeg kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:a96c709abe]Kladblok[/b:a96c709abe]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:a96c709abe]
  • Het heeft even geduurd omdat ik op onverklaarbare wijze mijn draadloze internetverbinding kwijt was…..
    Gelukkig na wat zoeken kunnen herstellen. Op de een of andere manier was de setting voor de default gateway verdwenen..

    Overigens, nadat de verbinding hersteld was en ik ook mijn mail had opgehaald was er weer zo'n "spook-email' :-(

    Hier dan het nieuwe log:

    ComboFix 11-04-29.04 - Ron 2011-04-30 22:26:19.6.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1021 [GMT 2:00]
    Gestart vanuit: c:\users\Ron\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Ron\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\midas.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_PROCEXP113
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-28 to 2011-04-30 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-04 10:16 . 2012-04-04 10:18 ——– d—–w- c:\program files\AutoCAD 2008
    2012-04-04 10:16 . 2009-04-09 13:27 ——– d—–w- c:\users\Ron\AppData\Roaming\Autodesk
    2012-04-04 10:16 . 2009-04-09 13:27 ——– d—–w- c:\programdata\Autodesk
    2012-04-04 10:14 . 2012-04-04 10:18 ——– d—–w- c:\program files\Common Files\Autodesk Shared
    2012-04-04 10:14 . 2012-04-04 10:16 ——– d—–w- c:\users\Ron\AppData\Local\Autodesk
    2012-04-04 10:14 . 2012-04-04 10:14 ——– d—–w- c:\program files\Autodesk
    2011-04-30 21:14 . 2011-04-30 21:14 0 —ha-w- c:\users\Ron\AppData\Local\BITB667.tmp
    2011-04-30 21:00 . 2011-04-30 21:12 ——– d—–w- c:\users\Ron\AppData\Local\temp
    2011-04-30 21:00 . 2011-04-30 21:00 ——– d—–w- c:\users\Public\AppData\Local\temp
    2011-04-30 21:00 . 2011-04-30 21:00 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-04-26 07:59 . 2011-04-26 07:59 ——– d—–w- c:\program files\ESET
    2011-04-24 16:30 . 2011-03-03 10:50 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-21 08:51 . 2011-04-21 13:38 ——– d—–w- c:\users\Ron\AppData\Roaming\TrueCrypt
    2011-04-21 08:40 . 2011-04-21 08:40 231248 —-a-w- c:\windows\system32\drivers\truecrypt.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-30 21:11 . 2007-10-09 13:23 45056 —-a-w- c:\windows\system32\acovcnt.exe
    2011-04-18 17:25 . 2011-03-25 18:31 40112 —-a-w- c:\windows\avastSS.scr
    2011-04-18 17:25 . 2011-03-25 18:31 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-04-18 17:18 . 2011-03-25 19:01 102232 —-a-w- c:\windows\system32\drivers\aswFW.sys
    2011-04-18 17:17 . 2011-03-25 18:32 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-18 17:17 . 2011-03-25 18:32 307288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-18 17:17 . 2011-03-25 18:58 192984 —-a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-04-18 17:16 . 2011-03-25 18:32 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-18 17:13 . 2011-03-25 18:32 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-18 17:13 . 2011-03-25 18:32 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-18 17:12 . 2011-03-25 18:32 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-02 18:58 . 2011-03-02 18:58 9072 —-a-w- c:\windows\system32\drivers\25284
    2011-02-23 13:34 . 2011-03-25 18:58 12112 —-a-w- c:\windows\system32\drivers\aswNdis.sys
    2011-02-22 14:13 . 2011-03-25 22:41 288768 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-25 22:41 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-25 22:41 797696 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-02 20:40 . 2010-06-29 12:10 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-01-31 18:59 . 2011-01-31 18:59 9072 —-a-w- c:\windows\system32\drivers\26276
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-05 857648]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "Ad Muncher"="c:\my programs\Ad Muncher\AdMunch.exe" [2011-03-25 535752]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoNotification"= 1 (0x1)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSwitcher Tray Application]
    2008-01-01 13:36 491520 —-a-w- c:\my programs\NetSwitcher\NetSwTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 07:21 648072 —-a-w- c:\windows\WindowsMobile\wmdc.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Persistence"=c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2854665784-142728319-1497294299-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
    R2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Anti-Virus Plus\caamsvc.exe [x]
    R2 gupdate1c96aba2604ae00;Google Update Service (gupdate1c96aba2604ae00);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 133104]
    R3 17323;17323;c:\windows\system32\DRIVERS\17323 [2010-12-02 9072]
    R3 22158;22158;c:\windows\system32\DRIVERS\22158 [2010-11-06 9072]
    R3 25284;25284;c:\windows\system32\DRIVERS\25284 [2011-03-02 9072]
    R3 26276;26276;c:\windows\system32\DRIVERS\26276 [2011-01-31 9072]
    R3 7388;7388;c:\windows\system32\DRIVERS\7388 [2011-01-01 9072]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 133104]
    R3 rk_remover;rk_remover;c:\windows\system32\drivers\rk_remover.sys [x]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
    R3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
    R3 WMSvc;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
    R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-04-18 121000]
    S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-02 7168]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-19 48128]
    S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-07-01 1562096]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LPDService REG_MULTI_SZ LPDSVC
    rsmsvcs REG_MULTI_SZ ntmssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 20:06]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 20:06]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.landcruiser-club.nl/forum/search/show_latest.html
    Trusted Zone: binck.nl\www
    Trusted Zone: hccnet.nl\www5
    Trusted Zone: ixquick.com\s4-eu
    Trusted Zone: landcruiser-club.com\www
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    Trusted Zone: my%20programs
    Trusted Zone: paypal.com
    Trusted Zone: xs4all.nl\service
    TCP: {7A6DDD53-B905-466D-A508-993F55621EE9} = 194.159.73.135,194.159.73.136
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-30 23:12
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\17323]
    "ImagePath"="System32\DRIVERS\17323"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\22158]
    "ImagePath"="System32\DRIVERS\22158"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\25284]
    "ImagePath"="System32\DRIVERS\25284"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\26276]
    "ImagePath"="System32\DRIVERS\26276"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\7388]
    "ImagePath"="System32\DRIVERS\7388"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(5176)
    c:\my programs\Ad Muncher\AM32-32562.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\ATK Hotkey\Hcontrol.exe
    c:\program files\ATKOSD2\ATKOSD2.exe
    c:\program files\P4G\BatteryLife.exe
    c:\program files\ASUS\Splendid\ACMON.exe
    c:\windows\System32\ACEngSvr.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\program files\ATK Hotkey\KBFiltr.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\windows\System32\msdtc.exe
    c:\program files\Norton Ghost\Agent\VProSvc.exe
    c:\windows\system32\locator.exe
    c:\windows\System32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\program files\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\my programs\SpywareBlaster\sbautoupdate.exe
    c:\windows\system32\WerCon.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\windows\System32\snmptrap.exe
    c:\windows\system32\UI0Detect.exe
    c:\windows\System32\vds.exe
    c:\windows\system32\wbem\WmiApSrv.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-04-30 23:30:03 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-04-30 21:29
    ComboFix2.txt 2011-04-30 17:08
    ComboFix3.txt 2011-04-29 08:33
    ComboFix4.txt 2010-10-19 11:40
    .
    Pre-Run: 20.045.185.024 bytes beschikbaar
    Post-Run: 19.675.332.608 bytes beschikbaar
    .
    Current=3 Default=3 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    - - End Of File - - CC91650B7BFBB82CE9CFBEE1C7924290
  • Hoi Helicop, je ComboFix log ziet er nu eindelijk mooi uit!
    Geen meldingen meer dat er in het werkgeheugen malware gedeaktiveerd wordt!

    Je mag ComboFix nu definitief gaan verwijderen.
    En midas.dll zal naar ik aanneem ook weer teruggeplaatst zijn!

    Verder wil ik graag, dat jij kennis maakt met de Microsoft [b:9d441b98f5]Safety Scanner[/b:9d441b98f5]: http://www.microsoft.com/security/scanner/nl-nl/default.aspx

    Laat weten wat deze scan heeft heeft gedaan - gewoon de snelle scan kiezen!
  • Abraham54,

    de scan is uitgevoerd en de melding was dat er niets van spy- of malware of andere kwaadaardige software was aangetroffen.

    Zou het spul dan nu helemaal schoon zijn :D

    In elk geval heb je op zijn minst een biertje van me te goed voor alle moeite!!!!
  • Aan dat biertje hou ik je, hoor.

    Laat na updaten MBAM ook nog een snelle scan doen!

    Maar ik denk dat we het gehad hebben!
  • [quote:96199e7d74]Aan dat biertje hou ik je, hoor.[/quote:96199e7d74]

    Nou, woon je een beetje in de buurt???

    Nog even gescand met MBAM(met de meerst recente database) maar ook die vindt niets meer.

    Nogmaals heel veel dank voor alle moeite en tijd die je er in gestoken hebt!!!!
  • Welke provincie woon jij?

    We gaan opruimen!

    [b:d7929c7114]download OTL naar je bureaublad.[/b:d7929c7114]

    [b:d7929c7114]N.B.: Vista- en Windows 7 gebruik(st)ers starten het hier vermelde tool middels rechtsklikken en dan kiezen voor 'Als Administrator uitvoeren'.[/b:d7929c7114]

    Start het tool en klik dan op de knop CLEAN.

    OTL zal gaan opruimen en daarna zichzelf verwijderen!
  • Mooi dat jouw Windows weer top draait!

    En het is dankzij mede ComboFix heel goed mogelijk, dat alles sneller gaat, want vergeet niet dat malware altijd processortijd enz. gebruikt!

    En ja: de grootste stad van Twente!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.