Vraag & Antwoord
Avast ontdekt Rootkit, 3x reboot&scan, verwijderen lukt
10 antwoorden
- Hallo,
Ik heb een Presario V6000 met XP, IE8 en FF, Avast antivirus en Armor firewall.
Het ging even goed dacht ik met mijn XP Windows. Elke dag update&scan ik na internet verbinding en ook regelmatig als ik wat meer op internet heb gezeten met Eset.
Vandaag heeft Avast ineens een Rootkit ontdekt!!! Bij verwijderen werd gevraagd opnieuw op te starten. Dit heb ik inmiddels 3x gedaan, maar als erop klik zegt ie het opnieuw.
Hoe weet ik dat ie eraf is? Hoe check ik dat? Wat moet ik doen?! :S Help!
BVD groetjes Holly
[img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede717c972c3/4ede717c96eba-rootkit_door_avast.JPG[/img:f0b3bda120]
(bij de opstartscan die Avast deed werden updatefiles ontdekt van SP3, 2 verschillende KB's…)
[img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede72439edaa/4ede72439e9c6-avast_scan_2_corrupte_files.JPG[/img:f0b3bda120]
bvd! - sorry, vergeten van de schrik: MBAM vind niets en het HJT-log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:18, on 6-12-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Online Armor\OAui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318272596312
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
–
End of file - 7486 bytes - Vandaag op de laptop van het zoontje van mijn vriendin gebeurde hetzelfde.
Hij zat geloof ik op de site spele of spelen.nl en ineens dus die zelfde melding.
En mijn vriendin zelf heeft die melding een keer gehad bij marktplaats.nl
De genoemde sites lijken mij vertrouwde sites. Dus misschien een false positive? - Die sfloppy.sys zit bij mijn XP in c:\Windows\system32\drivers en c:\Windows\system32\dllcache, beiden 12 KB. Ik heb beiden even op Virustotal gecontroleerd, ze zijn OK.
Ik heb ook Avast en FF en geen problemen.
Je zal even op de expert moeten wachten. Check even op Java.com of je Java up-to-date is. - Het log vertoont niks bijzonders!
Het is overigens een false-positive melding in Avast.
Zorg ervoor dat je Avast update naar de nieuwste definities en daarna reboot je jouw machine.
Nogmaals scannen moet dan succesvol verlopen. - Hallo,
ben ik nog een keer, zojuist was ik hier ook, maar hing de pc vast en moest internet resetten (router).
Hopelijk is t loos alarm, maar ik schrik ervan dat Avast het meld, dat zal niet voor niets zijn denk ik dan. Hopelijk een False Positive, Java is up2date overigens.
Ga de scans doen, maar hier hevig onweer en bliksem nu. Dus niet aan de netstroom nu. Post het asap.
Bvd Groetjes Holly - Hallo Abraham54 e.a.,
had onderstaande gepost, dacht vanmorgen te zien dat ik TDSSscan en Combofix diende te doen…nu ik dit post zie ik het niet meer staan…
Akkoord, het is een false positive in Avast…
Wel vond Combofix een verborgen bestand. Laat de posts staan vd zekerheid. Hartelijk dank vd support en reacties.
De logs van TDSS en Combofix:
TDSS:
10:09:50.0984 3012 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:09:51.0093 3012 ============================================================
10:09:51.0093 3012 Current date / time: 2011/12/07 10:09:51.0093
10:09:51.0093 3012 SystemInfo:
10:09:51.0093 3012
10:09:51.0093 3012 OS Version: 5.1.2600 ServicePack: 3.0
10:09:51.0093 3012 Product type: Workstation
10:09:51.0093 3012 ComputerName: PC284571089395
10:09:51.0093 3012 UserName: p
10:09:51.0093 3012 Windows directory: C:\WINDOWS
10:09:51.0093 3012 System windows directory: C:\WINDOWS
10:09:51.0093 3012 Processor architecture: Intel x86
10:09:51.0093 3012 Number of processors: 2
10:09:51.0093 3012 Page size: 0x1000
10:09:51.0093 3012 Boot type: Normal boot
10:09:51.0093 3012 ============================================================
10:09:52.0234 3012 Initialize success
10:09:58.0984 3464 ============================================================
10:09:58.0984 3464 Scan started
10:09:58.0984 3464 Mode: Manual; SigCheck; TDLFS;
10:09:58.0984 3464 ============================================================
10:09:59.0484 3464 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:09:59.0812 3464 Aavmker4 - ok
10:09:59.0828 3464 Abiosdsk - ok
10:09:59.0859 3464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:10:00.0000 3464 abp480n5 - ok
10:10:00.0062 3464 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:10:00.0250 3464 ACPI - ok
10:10:00.0265 3464 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:10:00.0437 3464 ACPIEC - ok
10:10:00.0515 3464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:10:00.0703 3464 adpu160m - ok
10:10:00.0812 3464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:10:01.0015 3464 aec - ok
10:10:01.0078 3464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:10:01.0140 3464 AFD - ok
10:10:01.0250 3464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:10:01.0468 3464 agp440 - ok
10:10:01.0531 3464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:10:01.0765 3464 agpCPQ - ok
10:10:01.0890 3464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:10:02.0015 3464 Aha154x - ok
10:10:02.0046 3464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:10:02.0265 3464 aic78u2 - ok
10:10:02.0296 3464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:10:02.0484 3464 aic78xx - ok
10:10:02.0531 3464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:10:02.0750 3464 AliIde - ok
10:10:02.0812 3464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:10:03.0031 3464 alim1541 - ok
10:10:03.0125 3464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:10:03.0359 3464 amdagp - ok
10:10:03.0390 3464 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:10:03.0468 3464 AmdK8 - ok
10:10:03.0500 3464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:10:03.0640 3464 amsint - ok
10:10:03.0734 3464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:10:03.0953 3464 Arp1394 - ok
10:10:04.0046 3464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:10:04.0265 3464 asc - ok
10:10:04.0296 3464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:10:04.0421 3464 asc3350p - ok
10:10:04.0453 3464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:10:04.0671 3464 asc3550 - ok
10:10:04.0812 3464 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:10:04.0843 3464 aswFsBlk - ok
10:10:04.0921 3464 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
10:10:04.0953 3464 aswMon2 - ok
10:10:04.0968 3464 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
10:10:05.0015 3464 aswRdr - ok
10:10:05.0046 3464 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
10:10:05.0093 3464 aswSnx - ok
10:10:05.0156 3464 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
10:10:05.0203 3464 aswSP - ok
10:10:05.0218 3464 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
10:10:05.0250 3464 aswTdi - ok
10:10:05.0343 3464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:10:05.0562 3464 AsyncMac - ok
10:10:05.0625 3464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:10:05.0828 3464 atapi - ok
10:10:05.0843 3464 Atdisk - ok
10:10:05.0875 3464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:10:06.0109 3464 Atmarpc - ok
10:10:06.0140 3464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:10:06.0328 3464 audstub - ok
10:10:06.0406 3464 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:10:06.0515 3464 BCM43XX - ok
10:10:06.0578 3464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:10:06.0812 3464 Beep - ok
10:10:06.0906 3464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
10:10:06.0937 3464 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
10:10:06.0937 3464 BTWUSB - detected UnsignedFile.Multi.Generic (1)
10:10:07.0031 3464 catchme - ok
10:10:07.0078 3464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:10:07.0296 3464 cbidf - ok
10:10:07.0312 3464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:10:07.0515 3464 cbidf2k - ok
10:10:07.0531 3464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:10:07.0656 3464 cd20xrnt - ok
10:10:07.0703 3464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:10:07.0906 3464 Cdaudio - ok
10:10:08.0015 3464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:10:08.0250 3464 Cdfs - ok
10:10:08.0265 3464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:10:08.0500 3464 Cdrom - ok
10:10:08.0531 3464 Changer - ok
10:10:08.0593 3464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:10:08.0812 3464 CmBatt - ok
10:10:08.0843 3464 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:10:09.0062 3464 CmdIde - ok
10:10:09.0218 3464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:10:09.0437 3464 Compbatt - ok
10:10:09.0468 3464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:10:09.0687 3464 Cpqarray - ok
10:10:09.0750 3464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:10:09.0984 3464 dac2w2k - ok
10:10:10.0000 3464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:10:10.0218 3464 dac960nt - ok
10:10:10.0234 3464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:10:10.0437 3464 Disk - ok
10:10:10.0500 3464 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
10:10:10.0781 3464 dmboot - ok
10:10:10.0937 3464 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
10:10:11.0171 3464 dmio - ok
10:10:11.0203 3464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:10:11.0437 3464 dmload - ok
10:10:11.0468 3464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:10:11.0671 3464 DMusic - ok
10:10:11.0718 3464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:10:11.0921 3464 dpti2o - ok
10:10:11.0921 3464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:10:12.0125 3464 drmkaud - ok
10:10:12.0140 3464 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
10:10:12.0218 3464 eabfiltr - ok
10:10:12.0328 3464 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
10:10:12.0390 3464 eabusb - ok
10:10:12.0468 3464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:10:12.0671 3464 Fastfat - ok
10:10:12.0718 3464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:10:12.0937 3464 Fdc - ok
10:10:12.0968 3464 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
10:10:13.0187 3464 Fips - ok
10:10:13.0203 3464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:10:13.0406 3464 Flpydisk - ok
10:10:13.0468 3464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:10:13.0687 3464 FltMgr - ok
10:10:13.0812 3464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:10:14.0031 3464 Fs_Rec - ok
10:10:14.0093 3464 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:10:14.0296 3464 Ftdisk - ok
10:10:14.0359 3464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:10:14.0578 3464 Gpc - ok
10:10:14.0609 3464 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
10:10:14.0656 3464 HBtnKey - ok
10:10:14.0734 3464 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
10:10:14.0937 3464 HdAudAddService - ok
10:10:15.0125 3464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:10:15.0437 3464 HDAudBus - ok
10:10:15.0500 3464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:10:15.0718 3464 hpn - ok
10:10:15.0750 3464 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:10:15.0828 3464 HSFHWAZL - ok
10:10:15.0921 3464 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:10:16.0046 3464 HSF_DPV - ok
10:10:16.0234 3464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:10:16.0343 3464 HTTP - ok
10:10:16.0421 3464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:10:16.0718 3464 i2omgmt - ok
10:10:16.0750 3464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:10:16.0968 3464 i2omp - ok
10:10:17.0031 3464 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:10:17.0250 3464 i8042prt - ok
10:10:17.0437 3464 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:10:17.0515 3464 iaStor ( UnsignedFile.Multi.Generic ) - warning
10:10:17.0515 3464 iaStor - detected UnsignedFile.Multi.Generic (1)
10:10:17.0578 3464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:10:17.0812 3464 Imapi - ok
10:10:17.0890 3464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:10:18.0093 3464 ini910u - ok
10:10:18.0203 3464 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:10:18.0421 3464 IntelIde - ok
10:10:18.0453 3464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:10:18.0656 3464 Ip6Fw - ok
10:10:18.0687 3464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:10:18.0921 3464 IpFilterDriver - ok
10:10:18.0953 3464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:10:19.0140 3464 IpInIp - ok
10:10:19.0187 3464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:10:19.0406 3464 IpNat - ok
10:10:19.0468 3464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:10:19.0671 3464 IPSec - ok
10:10:19.0718 3464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:10:19.0812 3464 IRENUM - ok
10:10:19.0906 3464 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:10:20.0140 3464 isapnp - ok
10:10:20.0187 3464 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:10:20.0390 3464 Kbdclass - ok
10:10:20.0453 3464 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:10:20.0656 3464 kbdhid - ok
10:10:20.0734 3464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:10:20.0953 3464 kmixer - ok
10:10:21.0000 3464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:10:21.0093 3464 KSecDD - ok
10:10:21.0187 3464 lbrtfdc - ok
10:10:21.0265 3464 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:10:21.0312 3464 mdmxsdk - ok
10:10:21.0359 3464 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:10:21.0375 3464 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
10:10:21.0375 3464 MHNDRV - detected UnsignedFile.Multi.Generic (1)
10:10:21.0437 3464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:10:21.0640 3464 mnmdd - ok
10:10:21.0703 3464 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
10:10:21.0921 3464 Modem - ok
10:10:21.0953 3464 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:10:22.0156 3464 Mouclass - ok
10:10:22.0187 3464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:10:22.0406 3464 MountMgr - ok
10:10:22.0531 3464 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
10:10:22.0546 3464 MQAC ( UnsignedFile.Multi.Generic ) - warning
10:10:22.0546 3464 MQAC - detected UnsignedFile.Multi.Generic (1)
10:10:22.0593 3464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:10:22.0796 3464 mraid35x - ok
10:10:22.0859 3464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:10:23.0078 3464 MRxDAV - ok
10:10:23.0171 3464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:10:23.0281 3464 MRxSmb - ok
10:10:23.0421 3464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:10:23.0609 3464 Msfs - ok
10:10:23.0671 3464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:10:23.0875 3464 MSKSSRV - ok
10:10:23.0937 3464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:10:24.0140 3464 MSPCLOCK - ok
10:10:24.0156 3464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:10:24.0359 3464 MSPQM - ok
10:10:24.0421 3464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:10:24.0640 3464 mssmbios - ok
10:10:24.0687 3464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:10:24.0765 3464 Mup - ok
10:10:24.0890 3464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:10:25.0093 3464 NDIS - ok
10:10:25.0187 3464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:10:25.0234 3464 NdisTapi - ok
10:10:25.0250 3464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:10:25.0453 3464 Ndisuio - ok
10:10:25.0468 3464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:10:25.0687 3464 NdisWan - ok
10:10:25.0750 3464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:10:25.0812 3464 NDProxy - ok
10:10:25.0921 3464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:10:26.0140 3464 NetBIOS - ok
10:10:26.0250 3464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:10:26.0468 3464 NetBT - ok
10:10:26.0515 3464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:10:26.0734 3464 NIC1394 - ok
10:10:26.0750 3464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:10:26.0953 3464 Npfs - ok
10:10:27.0000 3464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:10:27.0218 3464 Ntfs - ok
10:10:27.0328 3464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:10:27.0562 3464 Null - ok
10:10:27.0828 3464 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:10:28.0031 3464 nv - ok
10:10:28.0234 3464 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
10:10:28.0328 3464 nvata - ok
10:10:28.0390 3464 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:10:28.0437 3464 NVENETFD - ok
10:10:28.0468 3464 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:10:28.0515 3464 nvnetbus - ok
10:10:28.0546 3464 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
10:10:28.0656 3464 nvsmu - ok
10:10:28.0796 3464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:10:29.0062 3464 NwlnkFlt - ok
10:10:29.0078 3464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:10:29.0312 3464 NwlnkFwd - ok
10:10:29.0390 3464 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys
10:10:29.0421 3464 OADevice - ok
10:10:29.0453 3464 oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys
10:10:29.0484 3464 oahlpXX - ok
10:10:29.0500 3464 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys
10:10:29.0531 3464 OAmon - ok
10:10:29.0578 3464 OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys
10:10:29.0625 3464 OAnet - ok
10:10:29.0656 3464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:10:29.0875 3464 ohci1394 - ok
10:10:30.0046 3464 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
10:10:30.0281 3464 Parport - ok
10:10:30.0296 3464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:10:30.0500 3464 PartMgr - ok
10:10:30.0562 3464 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
10:10:30.0781 3464 ParVdm - ok
10:10:30.0796 3464 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
10:10:31.0015 3464 PCI - ok
10:10:31.0031 3464 PCIDump - ok
10:10:31.0046 3464 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:10:31.0265 3464 PCIIde - ok
10:10:31.0343 3464 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:10:31.0562 3464 Pcmcia - ok
10:10:31.0671 3464 PDCOMP - ok
10:10:31.0687 3464 PDFRAME - ok
10:10:31.0703 3464 PDRELI - ok
10:10:31.0718 3464 PDRFRAME - ok
10:10:31.0750 3464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:10:31.0953 3464 perc2 - ok
10:10:31.0968 3464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:10:32.0187 3464 perc2hib - ok
10:10:32.0218 3464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:10:32.0437 3464 PptpMiniport - ok
10:10:32.0468 3464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:10:32.0671 3464 Ptilink - ok
10:10:32.0703 3464 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\drivers\PxHelp20.sys
10:10:32.0734 3464 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:10:32.0734 3464 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:10:32.0781 3464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:10:33.0000 3464 ql1080 - ok
10:10:33.0031 3464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:10:33.0234 3464 Ql10wnt - ok
10:10:33.0359 3464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:10:33.0562 3464 ql12160 - ok
10:10:33.0578 3464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:10:33.0781 3464 ql1240 - ok
10:10:33.0843 3464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:10:34.0062 3464 ql1280 - ok
10:10:34.0109 3464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:10:34.0312 3464 RasAcd - ok
10:10:34.0375 3464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:10:34.0593 3464 Rasl2tp - ok
10:10:34.0703 3464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:10:34.0906 3464 RasPppoe - ok
10:10:34.0953 3464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:10:35.0187 3464 Raspti - ok
10:10:35.0234 3464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:10:35.0437 3464 Rdbss - ok
10:10:35.0500 3464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:10:35.0703 3464 RDPCDD - ok
10:10:35.0734 3464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:10:35.0968 3464 rdpdr - ok
10:10:36.0093 3464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:10:36.0171 3464 RDPWD - ok
10:10:36.0187 3464 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:10:36.0375 3464 redbook - ok
10:10:36.0437 3464 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:10:36.0515 3464 rimmptsk - ok
10:10:36.0562 3464 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:10:36.0625 3464 rimsptsk - ok
10:10:36.0656 3464 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:10:36.0703 3464 rismxdp - ok
10:10:36.0859 3464 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
10:10:36.0921 3464 RMCAST - ok
10:10:36.0984 3464 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:10:37.0187 3464 rtl8139 - ok
10:10:37.0250 3464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:10:37.0468 3464 sdbus - ok
10:10:37.0546 3464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:10:37.0671 3464 Secdrv - ok
10:10:37.0781 3464 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
10:10:37.0984 3464 Serial - ok
10:10:38.0046 3464 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
10:10:38.0234 3464 sffdisk - ok
10:10:38.0265 3464 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
10:10:38.0453 3464 sffp_sd - ok
10:10:38.0484 3464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:10:38.0703 3464 Sfloppy - ok
10:10:38.0765 3464 Simbad - ok
10:10:38.0828 3464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:10:39.0031 3464 sisagp - ok
10:10:39.0156 3464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:10:39.0296 3464 Sparrow - ok
10:10:39.0343 3464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:10:39.0531 3464 splitter - ok
10:10:39.0562 3464 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
10:10:39.0671 3464 sr - ok
10:10:39.0796 3464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:10:39.0875 3464 Srv - ok
10:10:40.0015 3464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:10:40.0203 3464 swenum - ok
10:10:40.0250 3464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:10:40.0453 3464 swmidi - ok
10:10:40.0515 3464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:10:40.0687 3464 symc810 - ok
10:10:40.0765 3464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:10:40.0968 3464 symc8xx - ok
10:10:41.0031 3464 SYMIDSCO - ok
10:10:41.0140 3464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:10:41.0343 3464 sym_hi - ok
10:10:41.0359 3464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:10:41.0562 3464 sym_u3 - ok
10:10:41.0593 3464 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:10:41.0656 3464 SynTP - ok
10:10:41.0750 3464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:10:41.0921 3464 sysaudio - ok
10:10:42.0000 3464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:10:42.0093 3464 Tcpip - ok
10:10:42.0234 3464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:10:42.0437 3464 TDPIPE - ok
10:10:42.0515 3464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:10:42.0718 3464 TDTCP - ok
10:10:42.0781 3464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:10:43.0000 3464 TermDD - ok
10:10:43.0046 3464 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
10:10:43.0234 3464 TosIde - ok
10:10:43.0296 3464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:10:43.0500 3464 Udfs - ok
10:10:43.0609 3464 UIUSys - ok
10:10:43.0625 3464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:10:43.0734 3464 ultra - ok
10:10:43.0843 3464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:10:44.0078 3464 Update - ok
10:10:44.0125 3464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:10:44.0328 3464 usbehci - ok
10:10:44.0359 3464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:10:44.0578 3464 usbhub - ok
10:10:44.0687 3464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:10:44.0890 3464 usbohci - ok
10:10:44.0953 3464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:10:45.0171 3464 USBSTOR - ok
10:10:45.0203 3464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:10:45.0421 3464 usbuhci - ok
10:10:45.0468 3464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:10:45.0687 3464 VgaSave - ok
10:10:45.0718 3464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:10:45.0921 3464 viaagp - ok
10:10:46.0031 3464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:10:46.0234 3464 ViaIde - ok
10:10:46.0296 3464 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
10:10:46.0500 3464 VolSnap - ok
10:10:46.0546 3464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:10:46.0750 3464 Wanarp - ok
10:10:46.0765 3464 WDICA - ok
10:10:46.0812 3464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:10:47.0015 3464 wdmaud - ok
10:10:47.0109 3464 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:10:47.0203 3464 winachsf - ok
10:10:47.0312 3464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:10:47.0500 3464 WmiAcpi - ok
10:10:47.0625 3464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:10:47.0703 3464 WudfPf - ok
10:10:47.0734 3464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:10:47.0796 3464 WudfRd - ok
10:10:47.0843 3464 MBR (0x1B8) (89685f688d61d591fe668a640b2d74a0) \Device\Harddisk0\DR0
10:10:47.0937 3464 \Device\Harddisk0\DR0 - ok
10:10:47.0937 3464 Boot (0x1200) (004620da451119e64258b4b740802a5b) \Device\Harddisk0\DR0\Partition0
10:10:47.0937 3464 \Device\Harddisk0\DR0\Partition0 - ok
10:10:47.0953 3464 Boot (0x1200) (1524e9a3cacc00add9c208936ce8d29c) \Device\Harddisk0\DR0\Partition1
10:10:47.0953 3464 \Device\Harddisk0\DR0\Partition1 - ok
10:10:47.0953 3464 ============================================================
10:10:47.0953 3464 Scan finished
10:10:47.0953 3464 ============================================================
10:10:48.0062 2632 Detected object count: 5
10:10:48.0062 2632 Actual detected object count: 5
10:11:10.0859 2632 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine
10:11:10.0984 2632 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:11:11.0125 2632 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine
10:11:11.0281 2632 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:11:11.0328 2632 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
10:11:11.0375 2632 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:11:11.0578 2632 C:\WINDOWS\system32\drivers\mqac.sys - copied to quarantine
10:11:11.0703 2632 MQAC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:11:11.0781 2632 C:\WINDOWS\system32\drivers\PxHelp20.sys - copied to quarantine
10:11:11.0828 2632 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
Combofix:
ComboFix 11-12-06.01 - p 07-12-2011 12:29:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1983.1469 [GMT 1:00]
Gestart vanuit: c:\documents and settings\p\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-07 to 2011-12-07 ))))))))))))))))))))))))))))))
.
.
2011-11-22 21:32 . 2011-12-03 13:22 19416 —-a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-11-22 21:31 . 2011-12-03 13:22 121816 —-a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-22 21:31 . 2011-12-03 13:22 486360 —-a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-11-22 21:31 . 2011-12-03 13:22 43992 —-a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-11-22 21:31 . 2011-12-03 13:22 633816 —-a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-11-22 21:31 . 2011-12-03 13:22 555992 —-a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-11-21 22:36 . 2011-11-21 22:36 ——– d—–w- c:\program files\Common Files\Java
2011-11-21 22:14 . 2011-11-21 22:14 ——– d—–w- c:\windows\system32\wbem\Repository
2011-11-21 20:50 . 2011-11-21 20:50 ——– d—–w- c:\documents and settings\p\Local Settings\Application Data\Sun
2011-11-21 10:22 . 2011-11-21 10:22 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2011-11-18 10:59 . 2011-11-18 13:33 ——– d—–w- c:\documents and settings\p\Application Data\Download Manager
2011-11-17 20:10 . 2011-11-17 20:49 ——– d—–w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-11-17 20:10 . 2011-11-17 20:10 ——– d—–w- c:\documents and settings\p\Application Data\OnlineArmor
2011-11-17 20:07 . 2011-11-01 10:34 40296 —-a-w- c:\windows\system32\drivers\oahlp32.sys
2011-11-17 20:07 . 2011-11-01 10:34 29464 —-a-w- c:\windows\system32\drivers\OAnet.sys
2011-11-17 20:07 . 2011-11-01 10:34 25192 —-a-w- c:\windows\system32\drivers\OAmon.sys
2011-11-17 20:06 . 2011-11-01 10:34 205864 —-a-w- c:\windows\system32\drivers\OADriver.sys
2011-11-17 20:06 . 2011-11-29 20:34 ——– d—–w- c:\program files\Online Armor
2011-11-13 15:08 . 2011-11-13 15:08 388096 —-a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-13 15:08 . 2011-11-13 15:08 ——– d—–w- c:\program files\Trend Micro
2011-11-09 11:10 . 2011-11-09 11:11 ——– d—–w- c:\documents and settings\p\Application Data\HpUpdate
2011-11-09 11:10 . 2011-11-09 11:10 ——– d—–w- c:\windows\Hewlett-Packard
2011-11-08 12:50 . 2011-11-08 12:50 ——– d—–w- c:\documents and settings\p\Local Settings\Application Data\Identities
2011-11-07 20:50 . 2011-11-07 20:50 ——– d—–w- c:\windows\system32\URTTEMP
2011-11-07 19:33 . 2011-11-07 19:33 ——– d—–w- c:\program files\Microsoft.NET
2011-11-07 18:51 . 2011-11-07 18:52 ——– d—–w- C:\eb2cb681b9c02191941fc7ed
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-10-10 16:19 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-10 16:19 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-10 16:20 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-10 16:20 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-10 16:20 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-10 16:20 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-10 16:20 111320 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-10 16:20 105176 —-a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-10 16:20 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-10 16:20 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-24 15:14 . 2011-10-10 13:40 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 22:35 . 2011-10-10 16:16 141312 —-a-w- c:\windows\system32\javacpl.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 —-a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 —-a-w- c:\windows\system32\QuickTime.qts
2011-10-12 01:10 . 2011-10-12 01:10 89680 —-a-w- c:\documents and settings\p\MSSSerif120.fon
2011-10-10 14:22 . 2006-04-11 04:00 692736 —-a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-10-10 16:16 472808 —-a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2006-04-11 04:00 602624 —-a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-04-11 04:00 23040 —-a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-04-11 04:00 220160 —-a-w- c:\windows\system32\oleacc.dll
2011-12-03 13:22 . 2011-11-22 21:31 121816 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-10-2011 17:20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-10-2011 17:20 314456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17-11-2011 21:06 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17-11-2011 21:07 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17-11-2011 21:07 29464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-10-2011 17:20 20568]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [17-11-2011 21:06 207936]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [17-11-2011 21:07 40296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [17-11-2011 21:06 4363040]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11-4-2006 5:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\xrtbp34y.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1318508005&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 12:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-12-07 12:41:52
ComboFix-quarantined-files.txt 2011-12-07 11:41
ComboFix2.txt 2011-11-22 19:41
.
Pre-Run: 70.450.454.528 bytes beschikbaar
Post-Run: 70.433.062.912 bytes beschikbaar
.
- - End Of File - - 7FFE3D259FA5C7170BA73C019A9236BA
Bvd groetjes Holly - Alles in orde hoor.
- Okay, gelukkig! Ben denk ik een beetje bang geworden sinds die backdoor. Heb het niet meer op rootkits, begrijp die dingen niet, dus jaagt me schrik aan.
Ben gerust nu. Sorry voor het evt. ongemak. Dank! Groetjes Holly. - Mooi zo, dan gaan we opruimen!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.