Vraag & Antwoord

11 antwoorden

Hallo,

Regelmatig (1a2xmnd) scan ik mijn pc met Panda IS, MBAM, en windows defender draait op de achtergrond. Nooit enige probleem gevonden. In juli draaide ik een online scan met ESET. Hierbij ook geen probleem gevonden.
Ik heb al vanaf begin dit jaar Kaspersky TSSD killer gedownload en ook stond er nog een bestand tbv Ares installatie. Alles van Ares had ik al eerder verwijderd.
Nu dacht ik vandaag weer eens ESET te draaien. En nu werden er 2 bedreigingen gevonden in het installatie bestand van Kaspersky TSSD en in het installatie bestand van Ares.

ESET gaf het volgende aan:
-Win32/Toggle programma
-variant van Win32/Softonic downloader.A programma
In de log stond dat deze resp voorkwam in de genoemde installatiebestanden.

De genoemde installatiebestanden stonden er ook al voor de scan met ESET in juli. Toen heb ik geen melding van bedreiging gekregen.
De kaspersky had ik gedownload van Softonic.com

Ik heb nu een eerdere gemaakt image teruggezet. De kaspersky TSSD en het Ares bestand verwijderd. ESET weer gedraaid en nu is er geen bedreiging gevonden.

Nu mijn vraag: Is het resultaat van scan's nu voldoende zekerheid voor schoon systeem?

vr.gr.
Frans

Anoniem 22 november 2011 18:39

Ik vraag mij af waarom je Kaspersky's TDSSKiller bij Softonic vandaan haalt en niet rechtstreeks bij Kaspersky?
Bovendien, heb je wel enig idee wat dit tool doet?

Overigens met Panda IS hoeft Windows Defender echt niet op de achtergrond mee te lopen.
De aktieve spywarescanner van Panda is sowieso stukken beter.
Dus deaktiveer Windows Defender, dan kan deze ook niet conflicteren met Panda.

[b:f6a60f19cd]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f6a60f19cd]

Anoniem 23 november 2011 07:48

Hallo Abraham,

Waarom tssd vanaf softonic realiseerde ik me ok pas later, dus geen specifieke reden.
Het programma scant toch maleware in de root?
Ik geef toe dat dit geen kennis van zaken is, meer proberen.

De logs zal ik vanmiddag posten. De laptop is nu ingebruik ivm thuiswerk.

Vr.gr.
Frans

Anoniem 23 november 2011 09:02

Hallo Abraham,

Hierbij de log's":

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:11, on 23-11-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1139200220-3051285767-1385365787-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1139200220-3051285767-1385365787-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 14196 bytes

<<>>

ComboFix 11-11-22.03 - Frans en Wies 23-11-2011 12:27:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3886.2172 [GMT 1:00]
Gestart vanuit: c:\users\Frans en Wies\Desktop\ComboFix.exe
AV: Panda Internet Security 2011 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2011 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Internet Security 2011 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-23 to 2011-11-23 ))))))))))))))))))))))))))))))
.
.
2011-11-23 11:33 . 2011-11-23 11:33 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-23 11:33 . 2011-11-23 11:33 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-11-22 12:31 . 2011-11-22 12:31 ——– d—–w- c:\windows\system32\Macromed
2011-11-22 12:23 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B98EE4E6-F740-41D4-9930-1746BFDBB6C7}\mpengine.dll
2011-11-22 12:16 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
2011-11-22 12:16 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-22 12:15 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-22 12:15 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 12:31 . 2011-08-11 20:21 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-01-24 11:27 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-12 09:55 2309120 —-a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 09:55 1389056 —-a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 09:55 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 09:55 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 09:55 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 09:55 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 15:00 . 2011-02-03 17:10 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 05:37 . 2011-10-12 09:53 861696 —-a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 09:53 331776 —-a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 09:53 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 09:53 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 —-a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 —-a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2011-09-05 984576]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-27 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-03-01 3246040]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [x]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [x]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [x]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [x]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe [2010-08-16 28992]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS\n64i1642.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 08:25]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 08:25]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.telegraaf.nl/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: airmilesshop.nl\www
TCP: DhcpNameServer = 192.168.178.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
SafeBoot-SolutoService
Toolbar-Locked - (no file)
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
c:\program files (x86)\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Voltooingstijd: 2011-11-23 12:39:24 - machine werd herstart
ComboFix-quarantined-files.txt 2011-11-23 11:39
.
Pre-Run: 83.280.990.208 bytes beschikbaar
Post-Run: 83.144.159.232 bytes beschikbaar
.
- - End Of File - - 053CA1D70A39DB2063640015D64D35E4

Anoniem 23 november 2011 11:50

Hallo Frans, je het volgende doen en laat ook weten hoe jouw Windows inmiddels draait:

[[b:94a7c46291]Welk programma[/b:94a7c46291]: Kaspersky [b:94a7c46291]TDSSKiller[/b:94a7c46291]
[b:94a7c46291]Waarvoor/waarom[/b:94a7c46291]: Rootkitscanner
[b:94a7c46291]Moeilijkheidsgraad[/b:94a7c46291]: geen
[b:94a7c46291]Downloadlokatie[/b:94a7c46291]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
[b:94a7c46291]Download[/b:94a7c46291] [b:94a7c46291]TDSSKiller[/b:94a7c46291] [b:94a7c46291]hier[/b:94a7c46291].

[b:94a7c46291]Installatie[/b:94a7c46291]:
[list:94a7c46291][*:94a7c46291] pak het bestand uit op je bureaublad.[/list:u:94a7c46291]

[b:94a7c46291]TDSSKiller gebruiken[/b:94a7c46291]:
[list:94a7c46291][*:94a7c46291]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
[*:94a7c46291]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:94a7c46291]Als Administrator uitvoeren[/b:94a7c46291].
[*:94a7c46291]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:94a7c46291]
[img:94a7c46291]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:94a7c46291]

[list:94a7c46291][*:94a7c46291]Klik vervolgens op de knop [b:94a7c46291]"Start Scan"[/b:94a7c46291] en volg de instructies.
[*:94a7c46291] Nadat de scan klaar is klik je op de knop [b:94a7c46291]"Report"[/b:94a7c46291].
[*:94a7c46291]Er opent een kladblokbestand. Post de inhoud van dit bestand.
[list:94a7c46291][*:94a7c46291][b:94a7c46291]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:94a7c46291]
[*:94a7c46291]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:94a7c46291]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:94a7c46291][/list:u:94a7c46291][/list:u:94a7c46291]

Anoniem 23 november 2011 13:52

Hallo Abraham,

Windows loopt goed, geen probleem.

Hierbij de log van TDSS.

17:22:30.0934 2712 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
17:22:32.0369 2712 ============================================================
17:22:32.0369 2712 Current date / time: 2011/11/23 17:22:32.0369
17:22:32.0369 2712 SystemInfo:
17:22:32.0369 2712
17:22:32.0369 2712 OS Version: 6.1.7601 ServicePack: 1.0
17:22:32.0369 2712 Product type: Workstation
17:22:32.0369 2712 ComputerName: FRANSENWIES-PC
17:22:32.0369 2712 UserName: Frans en Wies
17:22:32.0369 2712 Windows directory: C:\Windows
17:22:32.0369 2712 System windows directory: C:\Windows
17:22:32.0369 2712 Running under WOW64
17:22:32.0369 2712 Processor architecture: Intel x64
17:22:32.0369 2712 Number of processors: 4
17:22:32.0369 2712 Page size: 0x1000
17:22:32.0369 2712 Boot type: Normal boot
17:22:32.0369 2712 ============================================================
17:22:35.0785 2712 Initialize success
17:22:41.0854 6288 ============================================================
17:22:41.0854 6288 Scan started
17:22:41.0854 6288 Mode: Manual;
17:22:41.0854 6288 ============================================================
17:22:43.0117 6288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:22:43.0133 6288 1394ohci - ok
17:22:43.0180 6288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:22:43.0195 6288 ACPI - ok
17:22:43.0258 6288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:22:43.0273 6288 AcpiPmi - ok
17:22:43.0367 6288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:22:43.0382 6288 adp94xx - ok
17:22:43.0445 6288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:22:43.0460 6288 adpahci - ok
17:22:43.0554 6288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:22:43.0570 6288 adpu320 - ok
17:22:43.0710 6288 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
17:22:43.0726 6288 afcdp - ok
17:22:43.0960 6288 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:22:44.0318 6288 AFD - ok
17:22:44.0490 6288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:22:44.0490 6288 agp440 - ok
17:22:44.0677 6288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:22:44.0677 6288 aliide - ok
17:22:44.0724 6288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:22:44.0724 6288 amdide - ok
17:22:44.0786 6288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:22:44.0802 6288 AmdK8 - ok
17:22:44.0818 6288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:22:44.0833 6288 AmdPPM - ok
17:22:44.0864 6288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:22:44.0864 6288 amdsata - ok
17:22:44.0911 6288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:22:45.0286 6288 amdsbs - ok
17:22:45.0379 6288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:22:45.0379 6288 amdxata - ok
17:22:45.0442 6288 AmFSM (71336e77f98a65efaaeb950902611d3f) C:\Windows\system32\DRIVERS\amm6460.sys
17:22:45.0457 6288 AmFSM - ok
17:22:45.0551 6288 APPFLT (e86908bfe8b20bb8a30e4737ce3284da) C:\Windows\system32\Drivers\APPFLT64.SYS
17:22:45.0566 6288 APPFLT - ok
17:22:45.0660 6288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:22:45.0676 6288 AppID - ok
17:22:45.0769 6288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:22:45.0785 6288 arc - ok
17:22:45.0800 6288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:22:45.0800 6288 arcsas - ok
17:22:45.0863 6288 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:22:45.0878 6288 ASMMAP64 - ok
17:22:45.0925 6288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:45.0925 6288 AsyncMac - ok
17:22:45.0972 6288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:22:45.0972 6288 atapi - ok
17:22:46.0034 6288 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
17:22:46.0112 6288 athr - ok
17:22:46.0268 6288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:22:46.0612 6288 b06bdrv - ok
17:22:46.0768 6288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:22:46.0783 6288 b57nd60a - ok
17:22:46.0814 6288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:22:46.0830 6288 Beep - ok
17:22:46.0939 6288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:22:46.0939 6288 blbdrive - ok
17:22:47.0002 6288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:22:47.0002 6288 bowser - ok
17:22:47.0080 6288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:22:47.0080 6288 BrFiltLo - ok
17:22:47.0142 6288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:22:47.0142 6288 BrFiltUp - ok
17:22:47.0236 6288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:22:47.0251 6288 Brserid - ok
17:22:47.0282 6288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:47.0298 6288 BrSerWdm - ok
17:22:47.0345 6288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:47.0345 6288 BrUsbMdm - ok
17:22:47.0392 6288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:47.0407 6288 BrUsbSer - ok
17:22:47.0470 6288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:22:47.0470 6288 BTHMODEM - ok
17:22:47.0548 6288 catchme - ok
17:22:47.0657 6288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:22:47.0672 6288 cdfs - ok
17:22:47.0719 6288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:22:47.0735 6288 cdrom - ok
17:22:47.0875 6288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:22:47.0875 6288 circlass - ok
17:22:47.0938 6288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:22:47.0953 6288 CLFS - ok
17:22:48.0094 6288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:48.0094 6288 CmBatt - ok
17:22:48.0125 6288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:22:48.0125 6288 cmdide - ok
17:22:48.0187 6288 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:22:48.0203 6288 CNG - ok
17:22:48.0312 6288 ComFiltr (8a64c45f467fb30c47a30ae2819ddd62) C:\Windows\system32\DRIVERS\COMFiltr.sys
17:22:48.0312 6288 ComFiltr - ok
17:22:48.0374 6288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:22:48.0374 6288 Compbatt - ok
17:22:48.0421 6288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:22:48.0421 6288 CompositeBus - ok
17:22:48.0452 6288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:22:48.0468 6288 crcdisk - ok
17:22:48.0515 6288 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:22:48.0530 6288 CVirtA - ok
17:22:48.0655 6288 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:22:48.0983 6288 CVPNDRVA - ok
17:22:49.0264 6288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:22:49.0264 6288 DfsC - ok
17:22:49.0388 6288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:22:49.0388 6288 discache - ok
17:22:49.0435 6288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:22:49.0451 6288 Disk - ok
17:22:49.0498 6288 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:22:49.0498 6288 DNE - ok
17:22:49.0654 6288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:22:49.0669 6288 drmkaud - ok
17:22:49.0700 6288 DSAFLT (64648b677d5005749f2fe412254512b7) C:\Windows\system32\Drivers\DSAFLT64.SYS
17:22:49.0700 6288 DSAFLT - ok
17:22:49.0763 6288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:22:49.0778 6288 DXGKrnl - ok
17:22:49.0903 6288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:22:50.0044 6288 ebdrv - ok
17:22:50.0215 6288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:22:50.0231 6288 elxstor - ok
17:22:50.0262 6288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:22:50.0262 6288 ErrDev - ok
17:22:50.0324 6288 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
17:22:50.0324 6288 ETD - ok
17:22:50.0356 6288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:22:50.0371 6288 exfat - ok
17:22:50.0402 6288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:22:50.0402 6288 fastfat - ok
17:22:50.0449 6288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:22:50.0449 6288 fdc - ok
17:22:50.0496 6288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:22:50.0496 6288 FileInfo - ok
17:22:50.0527 6288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:22:50.0527 6288 Filetrace - ok
17:22:50.0574 6288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:50.0590 6288 flpydisk - ok
17:22:50.0621 6288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:22:50.0636 6288 FltMgr - ok
17:22:50.0668 6288 FNETMON (50c6c310a98108a94e985fd46b4e150c) C:\Windows\system32\Drivers\fnetm64.SYS
17:22:50.0668 6288 FNETMON - ok
17:22:50.0714 6288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:22:50.0730 6288 FsDepends - ok
17:22:50.0777 6288 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:22:50.0777 6288 fssfltr - ok
17:22:50.0824 6288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:50.0824 6288 Fs_Rec - ok
17:22:50.0870 6288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:22:50.0886 6288 fvevol - ok
17:22:50.0917 6288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:50.0917 6288 gagp30kx - ok
17:22:51.0073 6288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:22:51.0089 6288 hcw85cir - ok
17:22:51.0151 6288 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:22:51.0167 6288 HdAudAddService - ok
17:22:51.0229 6288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:22:51.0229 6288 HDAudBus - ok
17:22:51.0276 6288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:51.0292 6288 HECIx64 - ok
17:22:51.0307 6288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:51.0323 6288 HidBatt - ok
17:22:51.0338 6288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:22:51.0354 6288 HidBth - ok
17:22:51.0370 6288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:22:51.0385 6288 HidIr - ok
17:22:51.0448 6288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:22:51.0448 6288 HidUsb - ok
17:22:51.0557 6288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:22:51.0572 6288 HpSAMD - ok
17:22:51.0635 6288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:22:51.0994 6288 HTTP - ok
17:22:52.0150 6288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:22:52.0150 6288 hwpolicy - ok
17:22:52.0259 6288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:22:52.0274 6288 i8042prt - ok
17:22:52.0321 6288 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
17:22:52.0321 6288 iaStor - ok
17:22:52.0430 6288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:22:52.0805 6288 iaStorV - ok
17:22:52.0898 6288 IDSFLT (731791f5391083f0cc8cb5a00bbd5e89) C:\Windows\system32\Drivers\IDSFLT64.SYS
17:22:53.0195 6288 IDSFLT - ok
17:22:53.0600 6288 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:22:53.0990 6288 igfx - ok
17:22:54.0100 6288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:54.0443 6288 iirsp - ok
17:22:54.0599 6288 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
17:22:54.0599 6288 Impcd - ok
17:22:54.0755 6288 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
17:22:54.0786 6288 IntcAzAudAddService - ok
17:22:54.0833 6288 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:22:54.0848 6288 IntcDAud - ok
17:22:54.0864 6288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:22:54.0880 6288 intelide - ok
17:22:54.0926 6288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:54.0926 6288 intelppm - ok
17:22:54.0973 6288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:55.0363 6288 IpFilterDriver - ok
17:22:55.0441 6288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:55.0441 6288 IPMIDRV - ok
17:22:55.0472 6288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:22:55.0784 6288 IPNAT - ok
17:22:55.0972 6288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:22:55.0987 6288 IRENUM - ok
17:22:56.0018 6288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:22:56.0018 6288 isapnp - ok
17:22:56.0050 6288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:22:56.0065 6288 iScsiPrt - ok
17:22:56.0096 6288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:22:56.0096 6288 kbdclass - ok
17:22:56.0143 6288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:22:56.0159 6288 kbdhid - ok
17:22:56.0190 6288 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:22:56.0190 6288 kbfiltr - ok
17:22:56.0237 6288 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:22:56.0237 6288 KSecDD - ok
17:22:56.0268 6288 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:56.0284 6288 KSecPkg - ok
17:22:56.0315 6288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:22:56.0315 6288 ksthunk - ok
17:22:56.0393 6288 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
17:22:56.0393 6288 L1C - ok
17:22:56.0440 6288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:56.0455 6288 lltdio - ok
17:22:56.0674 6288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:56.0674 6288 LSI_FC - ok
17:22:56.0720 6288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:56.0736 6288 LSI_SAS - ok
17:22:56.0814 6288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:56.0814 6288 LSI_SAS2 - ok
17:22:56.0845 6288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:56.0861 6288 LSI_SCSI - ok
17:22:56.0892 6288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:22:56.0892 6288 luafv - ok
17:22:56.0939 6288 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
17:22:56.0954 6288 lullaby - ok
17:22:57.0001 6288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:22:57.0001 6288 megasas - ok
17:22:57.0032 6288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:57.0329 6288 MegaSR - ok
17:22:57.0376 6288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:22:57.0376 6288 Modem - ok
17:22:57.0407 6288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:22:57.0407 6288 monitor - ok
17:22:57.0438 6288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:22:57.0438 6288 mouclass - ok
17:22:57.0563 6288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:57.0563 6288 mouhid - ok
17:22:57.0610 6288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:22:57.0625 6288 mountmgr - ok
17:22:57.0688 6288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:22:57.0703 6288 mpio - ok
17:22:57.0750 6288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:22:57.0766 6288 mpsdrv - ok
17:22:57.0844 6288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:22:57.0844 6288 MRxDAV - ok
17:22:57.0953 6288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:57.0968 6288 mrxsmb - ok
17:22:58.0015 6288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:58.0031 6288 mrxsmb10 - ok
17:22:58.0062 6288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:58.0078 6288 mrxsmb20 - ok
17:22:58.0140 6288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:22:58.0140 6288 msahci - ok
17:22:58.0187 6288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:22:58.0187 6288 msdsm - ok
17:22:58.0312 6288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:22:58.0312 6288 Msfs - ok
17:22:58.0343 6288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:58.0343 6288 mshidkmdf - ok
17:22:58.0390 6288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:22:58.0405 6288 msisadrv - ok
17:22:58.0561 6288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:58.0561 6288 MSKSSRV - ok
17:22:58.0608 6288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:58.0608 6288 MSPCLOCK - ok
17:22:58.0702 6288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:22:58.0717 6288 MSPQM - ok
17:22:58.0780 6288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:22:58.0780 6288 MsRPC - ok
17:22:58.0858 6288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:22:58.0858 6288 mssmbios - ok
17:22:58.0951 6288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:22:58.0967 6288 MSTEE - ok
17:22:58.0982 6288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:58.0982 6288 MTConfig - ok
17:22:59.0076 6288 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:22:59.0076 6288 MTsensor - ok
17:22:59.0123 6288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:22:59.0123 6288 Mup - ok
17:22:59.0248 6288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:59.0263 6288 NativeWifiP - ok
17:22:59.0326 6288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:22:59.0357 6288 NDIS - ok
17:22:59.0466 6288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:59.0466 6288 NdisCap - ok
17:22:59.0528 6288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:59.0544 6288 NdisTapi - ok
17:22:59.0638 6288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:59.0638 6288 Ndisuio - ok
17:22:59.0700 6288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:59.0716 6288 NdisWan - ok
17:22:59.0762 6288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:22:59.0778 6288 NDProxy - ok
17:22:59.0825 6288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:22:59.0825 6288 NetBIOS - ok
17:22:59.0872 6288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:22:59.0887 6288 NetBT - ok
17:22:59.0934 6288 NETFLTDI (ba99a34a9b5eb737ce54bc0a7c596609) C:\Windows\system32\Drivers\NETTDI64.SYS
17:23:00.0230 6288 NETFLTDI - ok
17:23:00.0246 6288 NETIMFLT01060042 (4d69ebc1a362d392226662560cb8a8b0) C:\Windows\system32\DRIVERS\n64i1642.sys
17:23:00.0246 6288 NETIMFLT01060042 - ok
17:23:00.0355 6288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:23:00.0371 6288 nfrd960 - ok
17:23:00.0418 6288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:23:00.0433 6288 Npfs - ok
17:23:00.0464 6288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:23:00.0464 6288 nsiproxy - ok
17:23:00.0558 6288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:23:01.0073 6288 Ntfs - ok
17:23:01.0166 6288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:23:01.0182 6288 Null - ok
17:23:01.0478 6288 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:23:01.0775 6288 nvlddmkm - ok
17:23:01.0884 6288 nvpciflt (88b625725a297e638b8bc55334d75020) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:23:01.0884 6288 nvpciflt - ok
17:23:01.0931 6288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:23:01.0946 6288 nvraid - ok
17:23:01.0978 6288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:23:01.0993 6288 nvstor - ok
17:23:02.0087 6288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:23:02.0102 6288 nv_agp - ok
17:23:02.0149 6288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:23:02.0165 6288 ohci1394 - ok
17:23:02.0243 6288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:23:02.0243 6288 Parport - ok
17:23:02.0290 6288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:23:02.0290 6288 partmgr - ok
17:23:02.0336 6288 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys
17:23:02.0352 6288 pavboot - ok
17:23:02.0446 6288 PavTPK.sys - ok
17:23:02.0539 6288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:23:02.0539 6288 pci - ok
17:23:02.0617 6288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:23:02.0617 6288 pciide - ok
17:23:02.0664 6288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:23:02.0680 6288 pcmcia - ok
17:23:02.0789 6288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:23:02.0789 6288 pcw - ok
17:23:02.0820 6288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:23:02.0851 6288 PEAUTH - ok
17:23:03.0023 6288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:23:03.0038 6288 PptpMiniport - ok
17:23:03.0085 6288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:23:03.0085 6288 Processor - ok
17:23:03.0116 6288 Prot6Flt - ok
17:23:03.0179 6288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:23:03.0179 6288 Psched - ok
17:23:03.0319 6288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:23:03.0772 6288 ql2300 - ok
17:23:03.0818 6288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:23:04.0115 6288 ql40xx - ok
17:23:04.0302 6288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:23:04.0318 6288 QWAVEdrv - ok
17:23:04.0364 6288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:23:04.0380 6288 RasAcd - ok
17:23:04.0442 6288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:23:04.0458 6288 RasAgileVpn - ok
17:23:04.0489 6288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:04.0505 6288 Rasl2tp - ok
17:23:04.0645 6288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:04.0645 6288 RasPppoe - ok
17:23:04.0676 6288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:23:04.0692 6288 RasSstp - ok
17:23:04.0739 6288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:23:04.0754 6288 rdbss - ok
17:23:04.0801 6288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:23:04.0817 6288 rdpbus - ok
17:23:04.0848 6288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:04.0848 6288 RDPCDD - ok
17:23:04.0895 6288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:23:04.0910 6288 RDPENCDD - ok
17:23:04.0942 6288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:23:04.0957 6288 RDPREFMP - ok
17:23:05.0020 6288 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:23:05.0020 6288 RDPWD - ok
17:23:05.0098 6288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:23:05.0098 6288 rdyboost - ok
17:23:05.0254 6288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:23:05.0269 6288 rspndr - ok
17:23:05.0316 6288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:23:05.0332 6288 sbp2port - ok
17:23:05.0363 6288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:23:05.0363 6288 scfilter - ok
17:23:05.0425 6288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:23:05.0425 6288 secdrv - ok
17:23:05.0534 6288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:23:05.0534 6288 Serenum - ok
17:23:05.0644 6288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:23:05.0659 6288 Serial - ok
17:23:05.0706 6288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:23:05.0706 6288 sermouse - ok
17:23:05.0784 6288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:23:05.0784 6288 sffdisk - ok
17:23:05.0815 6288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:23:05.0815 6288 sffp_mmc - ok
17:23:05.0831 6288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:23:05.0846 6288 sffp_sd - ok
17:23:05.0878 6288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:23:05.0893 6288 sfloppy - ok
17:23:05.0971 6288 ShldFlt (03639a3b26aa808bae79d89fdb4b151c) C:\Windows\system32\DRIVERS\ShldFlt.sys
17:23:05.0971 6288 ShldFlt - ok
17:23:06.0034 6288 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
17:23:06.0034 6288 SiSGbeLH - ok
17:23:06.0080 6288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:23:06.0080 6288 SiSRaid2 - ok
17:23:06.0112 6288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:23:06.0112 6288 SiSRaid4 - ok
17:23:06.0158 6288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:23:06.0158 6288 Smb - ok
17:23:06.0221 6288 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
17:23:06.0236 6288 snapman - ok
17:23:06.0361 6288 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:23:06.0424 6288 SNP2UVC - ok
17:23:06.0486 6288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:23:06.0486 6288 spldr - ok
17:23:06.0626 6288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:23:06.0938 6288 srv - ok
17:23:07.0126 6288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:23:07.0141 6288 srv2 - ok
17:23:07.0172 6288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:23:07.0188 6288 srvnet - ok
17:23:07.0266 6288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:23:07.0282 6288 stexstor - ok
17:23:07.0360 6288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:23:07.0360 6288 swenum - ok
17:23:07.0640 6288 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:23:08.0280 6288 Tcpip - ok
17:23:08.0436 6288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:23:08.0452 6288 TCPIP6 - ok
17:23:08.0498 6288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:23:08.0514 6288 tcpipreg - ok
17:23:08.0608 6288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:23:08.0608 6288 TDPIPE - ok
17:23:08.0701 6288 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
17:23:08.0764 6288 tdrpman273 - ok
17:23:08.0873 6288 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:23:08.0888 6288 TDTCP - ok
17:23:08.0935 6288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:23:08.0935 6288 tdx - ok
17:23:08.0982 6288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:23:08.0982 6288 TermDD - ok
17:23:09.0044 6288 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
17:23:09.0076 6288 timounter - ok
17:23:09.0263 6288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:09.0263 6288 tssecsrv - ok
17:23:09.0341 6288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:23:09.0341 6288 TsUsbFlt - ok
17:23:09.0419 6288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:23:09.0746 6288 tunnel - ok
17:23:09.0778 6288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:23:09.0778 6288 uagp35 - ok
17:23:09.0824 6288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:23:09.0856 6288 udfs - ok
17:23:09.0902 6288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:23:09.0902 6288 uliagpkx - ok
17:23:09.0934 6288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:23:09.0934 6288 umbus - ok
17:23:09.0980 6288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:23:09.0980 6288 UmPass - ok
17:23:10.0027 6288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:10.0027 6288 usbccgp - ok
17:23:10.0074 6288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:23:10.0074 6288 usbcir - ok
17:23:10.0105 6288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:23:10.0105 6288 usbehci - ok
17:23:10.0152 6288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:23:10.0168 6288 usbhub - ok
17:23:10.0214 6288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:23:10.0214 6288 usbohci - ok
17:23:10.0261 6288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:23:10.0261 6288 usbprint - ok
17:23:10.0292 6288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:23:10.0308 6288 USBSTOR - ok
17:23:10.0339 6288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:23:10.0355 6288 usbuhci - ok
17:23:10.0402 6288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:23:10.0417 6288 usbvideo - ok
17:23:10.0480 6288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:23:10.0480 6288 vdrvroot - ok
17:23:10.0511 6288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:10.0526 6288 vga - ok
17:23:10.0667 6288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:23:10.0667 6288 VgaSave - ok
17:23:10.0714 6288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:23:10.0729 6288 vhdmp - ok
17:23:10.0745 6288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:23:10.0760 6288 viaide - ok
17:23:10.0792 6288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:23:10.0792 6288 volmgr - ok
17:23:10.0838 6288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:23:10.0854 6288 volmgrx - ok
17:23:10.0901 6288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:23:10.0901 6288 volsnap - ok
17:23:10.0948 6288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:23:10.0963 6288 vsmraid - ok
17:23:10.0994 6288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:23:10.0994 6288 vwifibus - ok
17:23:11.0026 6288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:23:11.0026 6288 vwififlt - ok
17:23:11.0088 6288 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:23:11.0088 6288 wacmoumonitor - ok
17:23:11.0150 6288 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:23:11.0150 6288 wacommousefilter - ok
17:23:11.0197 6288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:23:11.0213 6288 WacomPen - ok
17:23:11.0260 6288 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:23:11.0260 6288 wacomvhid - ok
17:23:11.0306 6288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:11.0306 6288 WANARP - ok
17:23:11.0338 6288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:11.0338 6288 Wanarpv6 - ok
17:23:11.0478 6288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:23:11.0494 6288 Wd - ok
17:23:11.0540 6288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:23:11.0587 6288 Wdf01000 - ok
17:23:11.0728 6288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:11.0728 6288 WfpLwf - ok
17:23:11.0806 6288 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:23:11.0821 6288 WimFltr - ok
17:23:11.0884 6288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:23:11.0884 6288 WIMMount - ok
17:23:12.0071 6288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:23:12.0071 6288 WmiAcpi - ok
17:23:12.0180 6288 WNMFLT (c1b61612fccc6e750ad0a6e19c77ee85) C:\Windows\system32\Drivers\WNMFLT64.SYS
17:23:12.0180 6288 WNMFLT - ok
17:23:12.0274 6288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:12.0274 6288 ws2ifsl - ok
17:23:12.0352 6288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:23:12.0367 6288 WudfPf - ok
17:23:12.0414 6288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:12.0414 6288 WUDFRd - ok
17:23:12.0476 6288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:23:12.0492 6288 \Device\Harddisk0\DR0 - ok
17:23:12.0508 6288 Boot (0x1200) (7ce69b45b09d2bff3a75ca30a309b1f8) \Device\Harddisk0\DR0\Partition0
17:23:12.0508 6288 \Device\Harddisk0\DR0\Partition0 - ok
17:23:12.0523 6288 Boot (0x1200) (f2e5a209068ece882dac955e174296cc) \Device\Harddisk0\DR0\Partition1
17:23:12.0539 6288 \Device\Harddisk0\DR0\Partition1 - ok
17:23:12.0539 6288 ============================================================
17:23:12.0539 6288 Scan finished
17:23:12.0539 6288 ============================================================
17:23:12.0554 4128 Detected object count: 0
17:23:12.0554 4128 Actual detected object count: 0

Anoniem 23 november 2011 16:29

Mooi zo, ook geen rootkits zoals TDL4.

We gaan opruimen:

Anoniem 24 november 2011 06:16

Hallo Abraham,

Hierbij de log: Zie volgende post!

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
[b:e7e4625dfe]``````````````````````````````
[u:e7e4625dfe]Antivirus/Firewall Check:[/u:e7e4625dfe][/b:e7e4625dfe]
Panda Internet Security 2011
[size=1:e7e4625dfe]WMI entry may not exist for antivirus; attempting automatic update.[/size:e7e4625dfe]
[b:e7e4625dfe]```````````````````````````````
[u:e7e4625dfe]Anti-malware/Other Utilities Check:[/u:e7e4625dfe][/b:e7e4625dfe]
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player ( 10.0.32.18) [b:e7e4625dfe]

Anoniem 24 november 2011 09:27

Hallo Abraham,

Ik heb Adobe geupdate.
Zie onderstaande log.
Flashplayer staat nu niet in de log, maar heb hem wel in mijn programma lijst versie 11.1.102.55

Wat ik verder heb gezien is dat de 2 VIR bestanden die combofix verwijderd heeft al sinds 24-12-2009 en 17-3-2011 in mijn systeem zitten. Ik heb dit ook in mijn images van die tijd gezien. Als je googled zijn dit geen onbekende. Het verbaast mij dan ook lichtelijk dat MBAM, Panda , ESET, windows defender hier niks mee gedaan hebben.
Het antwoord op mijn vraag "Is het resultaat van scan's nu voldoende zekerheid voor schoon systeem?" is dan ook een duidelijk NEE! Of heb jij hier een verklaring voor?
Ik ben blij dat het systeem weer schoon is. Ga na alle actie een nieuw image maken en alle oude maar weggooien.

In de 1ste log staat een melding over windows security service, deze is in de 2de log verdwenen. Waarschijnlijk duurt het even voordat deze actief wordt?

Ik verneem graag van je of er nog acties nodig zijn.

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
[b:328415e2a8]``````````````````````````````
[u:328415e2a8]Antivirus/Firewall Check:[/u:328415e2a8][/b:328415e2a8]

Anoniem 24 november 2011 10:50

Je moet het zo zien, dat geen enkele antivirussoftware en spywarescanner 100 % zekerheid biedt.

ComboFix is een zeer specialistisch programma en ga het dan ook niet zelf gebruiken.

Ik adviseer jou pas een image te maken na de laatste tip te hebben uitgevoerd:

ga een paar keer per jaar naar [b:9013e93846]Secunia PSI (klik)[/b:9013e93846] om te controleren of ook alles binnen Windows uptodate is.
Want alleen dan is Windows op zijn veiligst!

Klik op de Secunia site eerst op de knop [b:9013e93846]Start Scanner[/b:9013e93846] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:9013e93846]Enable thorough system inspection[/b:9013e93846] aleer op [b:9013e93846]Start[/b:9013e93846] te klikken!

Gebruik je geen Java, dan zal de site niet werken.
Dan kan je de [b:9013e93846]Secunia Personal Software Inspector (PSI)[/b:9013e93846] downloaden en installeren.
N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
http://secunia.com/vulnerability_scanning/personal/

Anoniem 24 november 2011 12:23

Hallo Abraham,

Alle acties zijn nu uitgevoerd. Moest alleen Quicktime vernieuwen.
Ik ga zeker niet zelf met combofix e.d. aan de gang.
Als ik het niet vertrouw post ik wel een nieuw verzoek.

Voor nu, bedankt voor de ondersteuning.

vr.gr
Frans

Anoniem 24 november 2011 14:35

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

Is resultaat scan's voldoende zekerheid voor schoon systeem

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!