Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

S.v.p. HJT log checken na regelmaat crashes laptop

Anoniem
Abraham54
39 antwoorden
  • Hallo,

    De laptop is een Presario V6000 van Compaq. Met (antiek) XP. Avast antivirus. MBAM voor wekelijkse ondersteuning. En Online Armor als firewall. Ik ben eerder op het forum geweest, toen was er een backdoor :S dus nu ben ik bang dat er weer iets aan de laptop is, doordat het systeem soms rare dingen doet.

    Zodoende zou ik graag mijn laptop weer eens laten controleren met het HJT-log, gezien er regelmatig blauwe schermen plots de pc laten rebooten. Of de pc wil niet opstarten, of blijft 6x rebooten voor ie is opgestart…

    Naast het HJT-log heb ik EsetScanOnline gedaan, maar geen besmetting. MBAM, ook geen besmetting. Avast, ook geen besmetting.

    Wel viel me na even zoeken op dat er een verschil is in Mijncomputer mbt partities: C: en D: drives. In Apparaatbeheer is er een 3e partitie van ongeveer 1Gb maar die heb ik er niet ingezet, ik heb geen externe apparaten erop, en de partitie heeft geen aanduiding waarvan het wel is…dus vreemd vind ik.

    Heb toch een keer Combofix gedraaid, heel voorzichtig, ondanks dat ik weet dat dat niet de bedoeling is zonder specialist. Het toonde naderhand in het log een verborgen bestand.

    TDSSrootkit scan toont nog steeds 7 errors. Die zet ik in quarantaine, maar naderhand staan ze er weer.

    HJTlog:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:01:01, on 10-2-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Online Armor\OAcat.exe
    C:\Program Files\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre8\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Online Armor\OAui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (file missing)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318272596312
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
    O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe


    End of file - 8147 bytes



    Alvast dank!
    Groet Holly.[b:473f52a1b2][/b:473f52a1b2]




  • Hoi, wil je nu dan eerst het log van ComboFix en die van TDSSKiller posten?

    Te vinden in:

    C:\Combofix.txt en
    C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • Hallo Abraham,

    dank voor je reactie

    Hierbij de logs:

    Combofix:

    ComboFix 12-02-11.03 - p 11-02-2012 20:45:11.7.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1983.1409 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\p\Bureaublad\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-11 to 2012-02-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-06 09:10 . 2012-02-11 15:22 592824 —-a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-02-06 09:10 . 2012-02-11 15:22 43960 —-a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-02-05 12:40 . 2012-02-05 12:40 ——– d—–w- C:\TDSSStarter
    2012-01-26 21:17 . 2012-01-26 21:17 ——– d—–w- c:\windows\system32\wbem\Repository
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-07 09:52 . 2012-01-07 09:52 388096 —-a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-02 13:50 . 2011-10-12 01:10 89680 —-a-w- c:\documents and settings\p\MSSSerif120.fon
    2011-12-14 11:33 . 2011-12-14 11:33 193024 —-a-w- c:\windows\system32\fsquirt.exe
    2011-12-10 14:24 . 2011-10-10 22:34 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 02:28 . 2011-12-29 12:45 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
    2011-11-29 02:28 . 2011-12-29 12:45 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-11-29 02:28 . 2011-12-29 12:45 126448 ——w- c:\windows\system32\pxinsi64.exe
    2011-11-29 02:28 . 2011-12-29 12:45 123888 ——w- c:\windows\system32\pxcpyi64.exe
    2011-11-29 02:28 . 2011-12-29 12:45 133616 ——w- c:\windows\system32\pxafs.dll
    2011-11-29 02:28 . 2005-04-25 08:03 45648 ——w- c:\windows\system32\drivers\pxhelp20.sys
    2011-11-28 18:01 . 2011-10-10 16:19 41184 —-a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-10-10 16:19 199816 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-10 16:20 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-10-10 16:20 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-10-10 16:20 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-10-10 16:20 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-10-10 16:20 111320 —-a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2011-10-10 16:20 105176 —-a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2011-10-10 16:20 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2011-10-10 16:20 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-25 21:57 . 2006-04-11 04:00 293888 —-a-w- c:\windows\system32\winsrv.dll
    2011-11-24 15:14 . 2011-10-10 13:40 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 14:40 . 2006-04-11 04:00 1859712 —-a-w- c:\windows\system32\win32k.sys
    2011-11-21 22:35 . 2011-10-10 16:16 141312 —-a-w- c:\windows\system32\javacpl.cpl
    2011-11-20 06:12 . 2006-04-11 04:00 60928 —-a-w- c:\windows\system32\packager.exe
    2011-11-16 14:22 . 2006-04-11 04:00 354816 —-a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:22 . 2006-04-11 04:00 152064 —-a-w- c:\windows\system32\schannel.dll
    2012-02-11 15:22 . 2011-11-22 21:31 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-11_11.24.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-11 14:18 . 2012-02-11 14:18 16384 c:\windows\Temp\Perflib_Perfdata_8a8.dat
    + 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(9).drv
    + 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(8).drv
    + 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(7).drv
    + 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(11).drv
    + 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(10).drv
    + 2006-06-29 09:30 . 2012-01-26 21:07 97900 c:\windows\system32\perfc009.dat
    + 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32
    vmctray(9).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32
    vmctray(8).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32
    vmctray(7).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32
    vmctray(11).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32
    vmctray(10).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32
    vcod(9).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32
    vcod(8).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32
    vcod(7).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32
    vcod(11).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32
    vcod(10).dll
    - 2006-04-11 04:00 . 2008-04-14 17:02 23040 c:\windows\system32\mciseq.dll
    + 2006-04-11 04:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    + 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe
    + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    - 2006-09-20 06:25 . 2011-10-10 14:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-09-20 06:25 . 2012-01-11 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-09-20 06:25 . 2012-01-11 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2006-09-20 06:25 . 2011-10-10 14:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2012-01-11 14:40 . 2012-01-11 14:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-02 13:39 . 2012-02-02 13:39 22016 c:\windows\Installer\d07ca3.msi
    + 2012-01-11 16:24 . 2008-04-14 17:02 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
    + 2012-01-11 16:23 . 2008-04-14 17:03 58880 c:\windows\$NtUninstallKB2584146$\packager.exe
    + 2012-01-11 16:26 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2646524\spmsg.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2631813\spmsg.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2603381\spmsg.dll
    + 2012-01-11 16:24 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
    + 2012-01-11 16:24 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2598479\spmsg.dll
    + 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
    + 2012-01-14 15:04 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
    + 2012-01-14 15:04 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2585542\spmsg.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2584146\spmsg.dll
    + 2011-11-20 06:11 . 2011-11-20 06:11 60928 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
    + 2012-01-11 13:55 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
    - 2006-04-11 04:00 . 2008-04-14 17:02 179200 c:\windows\system32\winmm.dll
    + 2006-04-11 04:00 . 2011-10-14 14:47 179200 c:\windows\system32\winmm.dll
    + 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(9).dll
    + 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(8).dll
    + 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(7).dll
    + 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(11).dll
    + 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(10).dll
    + 2011-10-10 20:44 . 2012-01-26 21:17 355592 c:\windows\system32\Restore\rstrlog.dat
    - 2005-06-29 09:56 . 2008-04-14 17:02 386560 c:\windows\system32\qdvd.dll
    + 2005-06-29 09:56 . 2011-11-03 15:29 386560 c:\windows\system32\qdvd.dll
    + 2006-06-29 09:30 . 2012-01-26 21:07 621398 c:\windows\system32\perfh013.dat
    + 2006-06-29 09:30 . 2012-01-26 21:07 544354 c:\windows\system32\perfh009.dat
    + 2006-06-29 09:30 . 2012-01-26 21:07 122310 c:\windows\system32\perfc013.dat
    + 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32
    vsvc32(9).exe
    + 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32
    vsvc32(8).exe
    + 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32
    vsvc32(7).exe
    + 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32
    vsvc32(11).exe
    + 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32
    vsvc32(10).exe
    + 2006-04-11 04:00 . 2011-10-28 16:07 726528 c:\windows\system32\jscript.dll
    - 2006-04-11 04:00 . 2011-03-04 06:36 726528 c:\windows\system32\jscript.dll
    + 2011-04-26 11:07 . 2011-11-25 21:57 293888 c:\windows\system32\dllcache\winsrv.dll
    - 2011-04-26 11:07 . 2011-06-20 17:44 293888 c:\windows\system32\dllcache\winsrv.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 179200 c:\windows\system32\dllcache\winmm.dll
    - 2008-12-16 12:33 . 2009-08-25 09:20 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-12-16 12:33 . 2011-11-16 14:22 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2006-04-11 04:00 . 2011-11-16 14:22 152064 c:\windows\system32\dllcache\schannel.dll
    + 2011-11-03 15:29 . 2011-11-03 15:29 386560 c:\windows\system32\dllcache\qdvd.dll
    - 2006-04-11 04:00 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll
    + 2006-04-11 04:00 . 2011-10-28 16:07 726528 c:\windows\system32\dllcache\jscript.dll
    + 2012-01-14 15:18 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2632503-IE8\spuninst\updspapi.dll
    + 2012-01-14 15:18 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2632503-IE8\spuninst\spuninst.exe
    + 2012-01-14 15:18 . 2011-03-04 06:36 726528 c:\windows\ie8updates\KB2632503-IE8\jscript.dll
    + 2005-12-15 18:11 . 2011-11-02 08:25 107008 c:\windows\ehome\mstvcapn.dll
    - 2005-12-15 18:11 . 2006-10-09 14:12 107008 c:\windows\ehome\mstvcapn.dll
    + 2012-01-11 16:26 . 2011-06-20 17:44 293888 c:\windows\$NtUninstallKB2646524$\winsrv.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
    + 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
    + 2012-01-11 16:26 . 2008-04-14 17:02 386560 c:\windows\$NtUninstallKB2631813$\qdvd.dll
    + 2012-01-11 16:23 . 2010-12-21 10:36 401272 c:\windows\$NtUninstallKB2628259$\spuninst\updspapi.dll
    + 2012-01-11 16:23 . 2010-12-21 10:36 234872 c:\windows\$NtUninstallKB2628259$\spuninst\spuninst.exe
    + 2012-01-11 16:23 . 2006-10-09 14:12 107008 c:\windows\$NtUninstallKB2628259$\mstvcapn.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
    + 2012-01-11 16:24 . 2008-04-14 17:02 179200 c:\windows\$NtUninstallKB2598479$\winmm.dll
    + 2012-01-11 16:24 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
    + 2012-01-11 16:24 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
    + 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
    + 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2646524\update\update.exe
    + 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2646524\spuninst.exe
    + 2011-11-25 21:56 . 2011-11-25 21:56 293888 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
    + 2012-01-11 16:26 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2631813\update\update.exe
    + 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2631813\spuninst.exe
    + 2011-11-03 15:27 . 2011-11-03 15:27 386560 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2603381\update\update.exe
    + 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2603381\spuninst.exe
    + 2012-01-11 16:24 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
    + 2012-01-11 16:24 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2598479\update\update.exe
    + 2012-01-11 16:24 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2598479\spuninst.exe
    + 2011-10-14 14:45 . 2011-10-14 14:45 179200 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
    + 2012-01-14 15:04 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
    + 2012-01-14 15:04 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2585542\update\update.exe
    + 2012-01-14 15:04 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2585542\spuninst.exe
    + 2011-11-16 14:20 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
    + 2011-11-16 14:20 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
    + 2012-01-11 16:23 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2584146\update\update.exe
    + 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2584146\spuninst.exe
    + 2005-08-30 12:17 . 2011-11-03 15:29 1296384 c:\windows\system32\quartz.dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32
    v4_disp(9).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32
    v4_disp(8).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32
    v4_disp(7).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32
    v4_disp(6).dll
    + 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32
    v4_disp(5).dll
    + 2009-11-27 17:14 . 2011-11-03 15:29 1296384 c:\windows\system32\dllcache\quartz.dll
    + 2012-01-11 16:26 . 2010-02-05 18:27 1295872 c:\windows\$NtUninstallKB2631813$\quartz.dll
    + 2011-11-03 15:27 . 2011-11-03 15:27 1296384 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
    + 2011-10-10 12:50 . 2012-01-11 16:24 52128560 c:\windows\system32\MRT.exe
    + 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\2e1c9.msp
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-10-2011 17:20 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-10-2011 17:20 314456]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17-11-2011 21:06 205864]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17-11-2011 21:07 25192]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17-11-2011 21:07 29464]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-10-2011 17:20 20568]
    R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [17-11-2011 21:06 207936]
    S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [17-11-2011 21:07 40296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
    S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25-1-2011 11:41 2336072]
    S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [17-11-2011 21:06 4363040]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [30-12-2011 23:47 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [30-12-2011 23:47 8456]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11-4-2006 5:00 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
    .
    2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
    FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\xrtbp34y.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1318508005&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-11 20:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(3480)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2012-02-11 20:57:40
    ComboFix-quarantined-files.txt 2012-02-11 19:57
    ComboFix2.txt 2012-01-11 11:27
    ComboFix3.txt 2011-12-07 11:41
    .
    Pre-Run: 59.580.256.256 bytes beschikbaar
    Post-Run: 59.562.352.640 bytes beschikbaar
    .
    - - End Of File - - 82305DD171741566F5C0EF3DA87F9884




    TDSS Killer:

    21:16:53.0546 0152 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    21:16:53.0640 0152 ============================================================
    21:16:53.0640 0152 Current date / time: 2012/02/11 21:16:53.0640
    21:16:53.0640 0152 SystemInfo:
    21:16:53.0640 0152
    21:16:53.0640 0152 OS Version: 5.1.2600 ServicePack: 3.0
    21:16:53.0640 0152 Product type: Workstation
    21:16:53.0640 0152 ComputerName: PC284571089395
    21:16:53.0640 0152 UserName: p
    21:16:53.0640 0152 Windows directory: C:\WINDOWS
    21:16:53.0640 0152 System windows directory: C:\WINDOWS
    21:16:53.0640 0152 Processor architecture: Intel x86
    21:16:53.0640 0152 Number of processors: 2
    21:16:53.0640 0152 Page size: 0x1000
    21:16:53.0640 0152 Boot type: Normal boot
    21:16:53.0640 0152 ============================================================
    21:16:58.0296 0152 Initialize success
    21:17:08.0625 1196 ============================================================
    21:17:08.0625 1196 Scan started
    21:17:08.0625 1196 Mode: Manual; SigCheck; TDLFS;
    21:17:08.0625 1196 ============================================================
    21:17:09.0109 1196 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
    21:17:09.0421 1196 Aavmker4 - ok
    21:17:09.0437 1196 Abiosdsk - ok
    21:17:09.0468 1196 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    21:17:09.0593 1196 abp480n5 - ok
    21:17:09.0625 1196 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:17:09.0812 1196 ACPI - ok
    21:17:09.0937 1196 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    21:17:10.0109 1196 ACPIEC - ok
    21:17:10.0125 1196 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    21:17:10.0312 1196 adpu160m - ok
    21:17:10.0343 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:17:10.0531 1196 aec - ok
    21:17:10.0578 1196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    21:17:10.0625 1196 AFD - ok
    21:17:10.0671 1196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:17:10.0875 1196 agp440 - ok
    21:17:10.0984 1196 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    21:17:11.0203 1196 agpCPQ - ok
    21:17:11.0234 1196 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    21:17:11.0343 1196 Aha154x - ok
    21:17:11.0359 1196 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    21:17:11.0562 1196 aic78u2 - ok
    21:17:11.0593 1196 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    21:17:11.0781 1196 aic78xx - ok
    21:17:11.0812 1196 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    21:17:12.0015 1196 AliIde - ok
    21:17:12.0140 1196 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    21:17:12.0359 1196 alim1541 - ok
    21:17:12.0390 1196 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    21:17:12.0609 1196 amdagp - ok
    21:17:12.0640 1196 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    21:17:12.0703 1196 AmdK8 - ok
    21:17:12.0796 1196 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    21:17:12.0906 1196 amsint - ok
    21:17:12.0953 1196 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:17:13.0156 1196 Arp1394 - ok
    21:17:13.0203 1196 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    21:17:13.0406 1196 asc - ok
    21:17:13.0515 1196 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    21:17:13.0625 1196 asc3350p - ok
    21:17:13.0640 1196 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    21:17:13.0843 1196 asc3550 - ok
    21:17:13.0906 1196 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    21:17:13.0937 1196 aswFsBlk - ok
    21:17:13.0953 1196 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
    21:17:13.0984 1196 aswMon2 - ok
    21:17:14.0015 1196 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
    21:17:14.0046 1196 aswRdr - ok
    21:17:14.0078 1196 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
    21:17:14.0125 1196 aswSnx - ok
    21:17:14.0296 1196 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
    21:17:14.0328 1196 aswSP - ok
    21:17:14.0375 1196 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
    21:17:14.0406 1196 aswTdi - ok
    21:17:14.0453 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:17:14.0656 1196 AsyncMac - ok
    21:17:14.0687 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:17:14.0890 1196 atapi - ok
    21:17:14.0984 1196 Atdisk - ok
    21:17:15.0015 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:17:15.0218 1196 Atmarpc - ok
    21:17:15.0265 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:17:15.0468 1196 audstub - ok
    21:17:15.0515 1196 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    21:17:15.0593 1196 BCM43XX - ok
    21:17:15.0718 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:17:15.0921 1196 Beep - ok
    21:17:15.0953 1196 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
    21:17:15.0984 1196 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
    21:17:15.0984 1196 BTWUSB - detected UnsignedFile.Multi.Generic (1)
    21:17:16.0031 1196 catchme - ok
    21:17:16.0046 1196 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    21:17:16.0265 1196 cbidf - ok
    21:17:16.0390 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:17:16.0578 1196 cbidf2k - ok
    21:17:16.0593 1196 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    21:17:16.0703 1196 cd20xrnt - ok
    21:17:16.0734 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:17:16.0937 1196 Cdaudio - ok
    21:17:16.0968 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:17:17.0187 1196 Cdfs - ok
    21:17:17.0218 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:17:17.0421 1196 Cdrom - ok
    21:17:17.0546 1196 Changer - ok
    21:17:17.0578 1196 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    21:17:17.0781 1196 CmBatt - ok
    21:17:17.0812 1196 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    21:17:18.0015 1196 CmdIde - ok
    21:17:18.0046 1196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    21:17:18.0250 1196 Compbatt - ok
    21:17:18.0296 1196 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    21:17:18.0515 1196 Cpqarray - ok
    21:17:18.0656 1196 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    21:17:18.0875 1196 dac2w2k - ok
    21:17:18.0890 1196 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    21:17:19.0078 1196 dac960nt - ok
    21:17:19.0125 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:17:19.0328 1196 Disk - ok
    21:17:19.0390 1196 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    21:17:19.0640 1196 dmboot - ok
    21:17:19.0781 1196 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    21:17:19.0984 1196 dmio - ok
    21:17:20.0000 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:17:20.0203 1196 dmload - ok
    21:17:20.0250 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:17:20.0453 1196 DMusic - ok
    21:17:20.0484 1196 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    21:17:20.0687 1196 dpti2o - ok
    21:17:20.0703 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:17:20.0906 1196 drmkaud - ok
    21:17:20.0953 1196 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    21:17:21.0000 1196 eabfiltr - ok
    21:17:21.0078 1196 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    21:17:21.0140 1196 eabusb - ok
    21:17:21.0203 1196 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
    21:17:21.0250 1196 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
    21:17:21.0250 1196 epmntdrv - detected UnsignedFile.Multi.Generic (1)
    21:17:21.0296 1196 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
    21:17:21.0328 1196 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
    21:17:21.0328 1196 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
    21:17:21.0375 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:17:21.0578 1196 Fastfat - ok
    21:17:21.0687 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    21:17:21.0875 1196 Fdc - ok
    21:17:21.0906 1196 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    21:17:22.0109 1196 Fips - ok
    21:17:22.0125 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    21:17:22.0328 1196 Flpydisk - ok
    21:17:22.0375 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:17:22.0593 1196 FltMgr - ok
    21:17:22.0718 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:17:22.0937 1196 Fs_Rec - ok
    21:17:22.0953 1196 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:17:23.0171 1196 Ftdisk - ok
    21:17:23.0234 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:17:23.0453 1196 Gpc - ok
    21:17:23.0593 1196 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    21:17:23.0625 1196 HBtnKey - ok
    21:17:23.0687 1196 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
    21:17:23.0796 1196 HdAudAddService - ok
    21:17:23.0875 1196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:17:24.0093 1196 HDAudBus - ok
    21:17:24.0218 1196 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    21:17:24.0421 1196 hpn - ok
    21:17:24.0453 1196 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    21:17:24.0531 1196 HSFHWAZL - ok
    21:17:24.0609 1196 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    21:17:24.0750 1196 HSF_DPV - ok
    21:17:24.0890 1196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:17:24.0968 1196 HTTP - ok
    21:17:25.0000 1196 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    21:17:25.0218 1196 i2omgmt - ok
    21:17:25.0234 1196 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    21:17:25.0437 1196 i2omp - ok
    21:17:25.0484 1196 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:17:25.0703 1196 i8042prt - ok
    21:17:25.0859 1196 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    21:17:25.0937 1196 iaStor ( UnsignedFile.Multi.Generic ) - warning
    21:17:25.0937 1196 iaStor - detected UnsignedFile.Multi.Generic (1)
    21:17:26.0000 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:17:26.0203 1196 Imapi - ok
    21:17:26.0328 1196 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    21:17:26.0531 1196 ini910u - ok
    21:17:26.0562 1196 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:17:26.0781 1196 IntelIde - ok
    21:17:26.0828 1196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:17:27.0031 1196 Ip6Fw - ok
    21:17:27.0046 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:17:27.0265 1196 IpFilterDriver - ok
    21:17:27.0375 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:17:27.0578 1196 IpInIp - ok
    21:17:27.0625 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:17:27.0828 1196 IpNat - ok
    21:17:27.0875 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:17:28.0078 1196 IPSec - ok
    21:17:28.0109 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:17:28.0218 1196 IRENUM - ok
    21:17:28.0343 1196 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:17:28.0546 1196 isapnp - ok
    21:17:28.0562 1196 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:17:28.0781 1196 Kbdclass - ok
    21:17:28.0812 1196 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:17:29.0015 1196 kbdhid - ok
    21:17:29.0156 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:17:29.0359 1196 kmixer - ok
    21:17:29.0406 1196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:17:29.0437 1196 KSecDD - ok
    21:17:29.0453 1196 lbrtfdc - ok
    21:17:29.0515 1196 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    21:17:29.0578 1196 mdmxsdk - ok
    21:17:29.0609 1196 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    21:17:29.0640 1196 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
    21:17:29.0640 1196 MHNDRV - detected UnsignedFile.Multi.Generic (1)
    21:17:29.0765 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:17:29.0968 1196 mnmdd - ok
    21:17:30.0000 1196 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    21:17:30.0218 1196 Modem - ok
    21:17:30.0234 1196 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:17:30.0437 1196 Mouclass - ok
    21:17:30.0468 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:17:30.0656 1196 MountMgr - ok
    21:17:30.0796 1196 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
    21:17:30.0812 1196 MQAC ( UnsignedFile.Multi.Generic ) - warning
    21:17:30.0812 1196 MQAC - detected UnsignedFile.Multi.Generic (1)
    21:17:30.0843 1196 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    21:17:31.0046 1196 mraid35x - ok
    21:17:31.0109 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:17:31.0296 1196 MRxDAV - ok
    21:17:31.0453 1196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:17:31.0546 1196 MRxSmb - ok
    21:17:31.0640 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:17:31.0828 1196 Msfs - ok
    21:17:31.0875 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:17:32.0062 1196 MSKSSRV - ok
    21:17:32.0218 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:17:32.0421 1196 MSPCLOCK - ok
    21:17:32.0453 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:17:32.0656 1196 MSPQM - ok
    21:17:32.0718 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:17:32.0921 1196 mssmbios - ok
    21:17:33.0062 1196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    21:17:33.0109 1196 Mup - ok
    21:17:33.0171 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:17:33.0359 1196 NDIS - ok
    21:17:33.0406 1196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    21:17:33.0453 1196 NdisTapi - ok
    21:17:33.0609 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    21:17:33.0796 1196 Ndisuio - ok
    21:17:33.0843 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    21:17:34.0062 1196 NdisWan - ok
    21:17:34.0093 1196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:17:34.0140 1196 NDProxy - ok
    21:17:34.0187 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    21:17:34.0375 1196 NetBIOS - ok
    21:17:34.0484 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    21:17:34.0703 1196 NetBT - ok
    21:17:34.0750 1196 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    21:17:34.0968 1196 NIC1394 - ok
    21:17:35.0000 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:17:35.0218 1196 Npfs - ok
    21:17:35.0343 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:17:35.0546 1196 Ntfs - ok
    21:17:35.0609 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:17:35.0812 1196 Null - ok
    21:17:36.0015 1196 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    21:17:36.0203 1196 nv - ok
    21:17:36.0406 1196 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS
    vata.sys
    21:17:36.0453 1196 nvata - ok
    21:17:36.0484 1196 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    21:17:36.0515 1196 NVENETFD - ok
    21:17:36.0546 1196 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS
    vnetbus.sys
    21:17:36.0578 1196 nvnetbus - ok
    21:17:36.0609 1196 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS
    vsmu.sys
    21:17:36.0656 1196 nvsmu - ok
    21:17:36.0796 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    21:17:37.0000 1196 NwlnkFlt - ok
    21:17:37.0031 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    21:17:37.0234 1196 NwlnkFwd - ok
    21:17:37.0281 1196 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys
    21:17:37.0328 1196 OADevice - ok
    21:17:37.0453 1196 oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys
    21:17:37.0500 1196 oahlpXX - ok
    21:17:37.0515 1196 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys
    21:17:37.0546 1196 OAmon - ok
    21:17:37.0593 1196 OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys
    21:17:37.0625 1196 OAnet - ok
    21:17:37.0640 1196 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:17:37.0859 1196 ohci1394 - ok
    21:17:37.0906 1196 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    21:17:38.0093 1196 Parport - ok
    21:17:38.0234 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:17:38.0437 1196 PartMgr - ok
    21:17:38.0468 1196 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:17:38.0656 1196 ParVdm - ok
    21:17:38.0687 1196 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:17:38.0890 1196 PCI - ok
    21:17:38.0921 1196 PCIDump - ok
    21:17:39.0046 1196 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:17:39.0250 1196 PCIIde - ok
    21:17:39.0265 1196 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    21:17:39.0468 1196 Pcmcia - ok
    21:17:39.0484 1196 PDCOMP - ok
    21:17:39.0500 1196 PDFRAME - ok
    21:17:39.0515 1196 PDRELI - ok
    21:17:39.0531 1196 PDRFRAME - ok
    21:17:39.0546 1196 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    21:17:39.0750 1196 perc2 - ok
    21:17:39.0765 1196 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    21:17:39.0968 1196 perc2hib - ok
    21:17:40.0031 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:17:40.0250 1196 PptpMiniport - ok
    21:17:40.0375 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:17:40.0562 1196 Ptilink - ok
    21:17:40.0593 1196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:17:40.0625 1196 PxHelp20 - ok
    21:17:40.0656 1196 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    21:17:40.0843 1196 ql1080 - ok
    21:17:40.0890 1196 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    21:17:41.0093 1196 Ql10wnt - ok
    21:17:41.0234 1196 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    21:17:41.0453 1196 ql12160 - ok
    21:17:41.0484 1196 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    21:17:41.0671 1196 ql1240 - ok
    21:17:41.0703 1196 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    21:17:41.0890 1196 ql1280 - ok
    21:17:41.0921 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:17:42.0140 1196 RasAcd - ok
    21:17:42.0281 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:17:42.0468 1196 Rasl2tp - ok
    21:17:42.0484 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:17:42.0671 1196 RasPppoe - ok
    21:17:42.0718 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:17:42.0906 1196 Raspti - ok
    21:17:42.0937 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:17:43.0156 1196 Rdbss - ok
    21:17:43.0296 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:17:43.0484 1196 RDPCDD - ok
    21:17:43.0531 1196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:17:43.0718 1196 rdpdr - ok
    21:17:43.0765 1196 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:17:43.0812 1196 RDPWD - ok
    21:17:43.0968 1196 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:17:44.0140 1196 redbook - ok
    21:17:44.0203 1196 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    21:17:44.0250 1196 rimmptsk - ok
    21:17:44.0265 1196 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    21:17:44.0312 1196 rimsptsk - ok
    21:17:44.0343 1196 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    21:17:44.0390 1196 rismxdp - ok
    21:17:44.0437 1196 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
    21:17:44.0484 1196 RMCAST - ok
    21:17:44.0625 1196 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    21:17:44.0828 1196 rtl8139 - ok
    21:17:44.0906 1196 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    21:17:45.0093 1196 sdbus - ok
    21:17:45.0125 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:17:45.0250 1196 Secdrv - ok
    21:17:45.0390 1196 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
    21:17:45.0593 1196 Serial - ok
    21:17:45.0640 1196 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    21:17:45.0828 1196 sffdisk - ok
    21:17:45.0875 1196 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    21:17:46.0078 1196 sffp_sd - ok
    21:17:46.0125 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:17:46.0328 1196 Sfloppy - ok
    21:17:46.0453 1196 Simbad - ok
    21:17:46.0500 1196 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    21:17:46.0687 1196 sisagp - ok
    21:17:46.0734 1196 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    21:17:46.0843 1196 Sparrow - ok
    21:17:46.0906 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:17:47.0078 1196 splitter - ok
    21:17:47.0218 1196 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:17:47.0328 1196 sr - ok
    21:17:47.0375 1196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:17:47.0421 1196 Srv - ok
    21:17:47.0500 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:17:47.0671 1196 swenum - ok
    21:17:47.0812 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:17:48.0015 1196 swmidi - ok
    21:17:48.0062 1196 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    21:17:48.0234 1196 symc810 - ok
    21:17:48.0281 1196 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    21:17:48.0484 1196 symc8xx - ok
    21:17:48.0546 1196 SYMIDSCO - ok
    21:17:48.0671 1196 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    21:17:48.0875 1196 sym_hi - ok
    21:17:48.0921 1196 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    21:17:49.0109 1196 sym_u3 - ok
    21:17:49.0156 1196 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    21:17:49.0203 1196 SynTP - ok
    21:17:49.0234 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:17:49.0421 1196 sysaudio - ok
    21:17:49.0578 1196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:17:49.0656 1196 Tcpip - ok
    21:17:49.0718 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:17:49.0921 1196 TDPIPE - ok
    21:17:49.0953 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:17:50.0156 1196 TDTCP - ok
    21:17:50.0296 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:17:50.0484 1196 TermDD - ok
    21:17:50.0546 1196 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
    21:17:50.0718 1196 TosIde - ok
    21:17:50.0765 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:17:51.0000 1196 Udfs - ok
    21:17:51.0031 1196 UIUSys - ok
    21:17:51.0156 1196 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    21:17:51.0265 1196 ultra - ok
    21:17:51.0328 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:17:51.0515 1196 Update - ok
    21:17:51.0562 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:17:51.0765 1196 usbehci - ok
    21:17:51.0890 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:17:52.0093 1196 usbhub - ok
    21:17:52.0140 1196 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    21:17:52.0343 1196 usbohci - ok
    21:17:52.0375 1196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:17:52.0562 1196 USBSTOR - ok
    21:17:52.0593 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:17:52.0796 1196 usbuhci - ok
    21:17:52.0937 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:17:53.0140 1196 VgaSave - ok
    21:17:53.0187 1196 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    21:17:53.0375 1196 viaagp - ok
    21:17:53.0406 1196 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    21:17:53.0593 1196 ViaIde - ok
    21:17:53.0625 1196 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:17:53.0843 1196 VolSnap - ok
    21:17:53.0984 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:17:54.0171 1196 Wanarp - ok
    21:17:54.0187 1196 WDICA - ok
    21:17:54.0218 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:17:54.0406 1196 wdmaud - ok
    21:17:54.0468 1196 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    21:17:54.0578 1196 winachsf - ok
    21:17:54.0687 1196 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    21:17:54.0890 1196 WmiAcpi - ok
    21:17:55.0015 1196 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    21:17:55.0203 1196 WS2IFSL - ok
    21:17:55.0250 1196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:17:55.0296 1196 WudfPf - ok
    21:17:55.0328 1196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:17:55.0375 1196 WudfRd - ok
    21:17:55.0421 1196 MBR (0x1B8) (89685f688d61d591fe668a640b2d74a0) \Device\Harddisk0\DR0
    21:17:55.0515 1196 \Device\Harddisk0\DR0 - ok
    21:17:55.0515 1196 Boot (0x1200) (004620da451119e64258b4b740802a5b) \Device\Harddisk0\DR0\Partition0
    21:17:55.0531 1196 \Device\Harddisk0\DR0\Partition0 - ok
    21:17:55.0546 1196 Boot (0x1200) (50d4d20c050033b15d6e6a2ed8c7239d) \Device\Harddisk0\DR0\Partition1
    21:17:55.0546 1196 \Device\Harddisk0\DR0\Partition1 - ok
    21:17:55.0546 1196 ============================================================
    21:17:55.0546 1196 Scan finished
    21:17:55.0546 1196 ============================================================
    21:17:55.0656 1216 Detected object count: 6
    21:17:55.0656 1216 Actual detected object count: 6
    21:18:05.0390 1216 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine
    21:18:05.0500 1216 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    21:18:05.0593 1216 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine
    21:18:05.0656 1216 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    21:18:05.0703 1216 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine
    21:18:05.0750 1216 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    21:18:05.0859 1216 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine
    21:18:05.0937 1216 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    21:18:06.0109 1216 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
    21:18:06.0125 1216 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    21:18:06.0187 1216 C:\WINDOWS\system32\drivers\mqac.sys - copied to quarantine
    21:18:06.0218 1216 MQAC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine


    Groet Holly.

































  • Hoi Holly, wil je niet meer op eigen houtje met TDSSKiller en ComboFix spelen!
    Vooral TDSSKiller is daarvoor te gevaarlijk.
    Alles wat je in quarantaine hebt laten zetten zijn legitieme files!
    O.a. zal bluetooth mogelijk niet meer goed funktioneren.


    [b:172697e373]Welk programma[/b:172697e373]: Zoek.exe van Smeenk
    [b:172697e373]Waarvoor/waarom[/b:172697e373]: multifunktioneel tool
    [b:172697e373]Moeilijkheidsgraad[/b:172697e373]: geen.
    [b:172697e373]Download[/b:172697e373]: [b:172697e373]zoek.exe van Smeenk[/b:172697e373]

    [b:172697e373]"Zoek.exe van Smeenk" gebruiken[/b:172697e373]:
    [list:172697e373][*:172697e373] [b:172697e373]
  • Hallo Abraham,

    van Combofix wist ik, maar had zeker voorzichtig gedaan. Van TDSS wist ik niet, zal het zeker niet meer doen, beide niet, sorry.

    Het lukte in eerste instantie niet: ONLINE ARMOR FIREWALL ZAT IN DE WEG, maar hier het log:
    ==================
    Zoek.exe by smeenk
    Updated 25-01-2012
    ==================
    *************Folders************

    **************Files*************

    — C:\WINDOWS\system32\drivers\btwusb.sys —
    Company: Broadcom Corporation.
    File Description: Driver for Bluetooth USB Devices
    File Version: 4.0.1.3500
    Product Name: Bluetooth Software 4.0.1.3500
    Copyright: Copyright 2000-2006, Broadcom Corporation.
    Original Filename: BTWUSB.SYS
    File size: 57320
    Created time: 2006-05-12 20:05:02
    Modified time: 2006-05-12 20:05:02
    MD5: 4272BAB9291D26DA5AC913BC79C3CE85
    SHA1: 7E73924E5DE094F6055068B46E9F83F52D0C9B1B


    — C:\SWSetup\BTOOTH\btwusb.sys —
    Company: Broadcom Corporation.
    File Description: Driver for Bluetooth USB Devices
    File Version: 4.0.1.3500
    Product Name: Bluetooth Software 4.0.1.3500
    Copyright: Copyright 2000-2006, Broadcom Corporation.
    Original Filename: BTWUSB.SYS
    File size: 57320
    Created time: 2006-05-12 20:05:02
    Modified time: 2006-05-12 20:05:02
    MD5: 4272BAB9291D26DA5AC913BC79C3CE85
    SHA1: 7E73924E5DE094F6055068B46E9F83F52D0C9B1B


    — C:\WINDOWS\system32\epmntdrv.sys —
    Company: ——
    File Description: ——
    File Version: ——
    Product Name: ——
    Copyright: ——
    Original Filename: ——
    File size: 13192
    Created time: 2011-12-30 22:47:05
    Modified time: 2011-07-29 12:54:56
    MD5: F07BA56B0235F15EFF8F10DC6389C42E
    SHA1: 67D4E043DF4B8579BB36612AC396FCAB964BDB8D


    — C:\WINDOWS\system32\EuGdiDrv.sys —
    Company: ——
    File Description: ——
    File Version: ——
    Product Name: ——
    Copyright: ——
    Original Filename: ——
    File size: 8456
    Created time: 2011-12-30 22:47:05
    Modified time: 2011-07-29 12:54:56
    MD5: 1F2F4AB15CE03ECC257FEB2F6DC5A013
    SHA1: A229482C7F557044A7C8A2C771327B9BB5474C37


    — C:\WINDOWS\system32\drivers\iaStor.sys —
    Company: Intel Corporation
    File Description: Intel Matrix Storage Manager driver
    File Version: 5.5.0.1035
    Product Name: Intel Matrix Storage Manager driver
    Copyright: Copyright(C) Intel Corporation 1994-2005
    Original Filename: iaStor.sys
    File size: 874240
    Created time: 2005-10-13 09:07:12
    Modified time: 2005-10-13 09:07:12
    MD5: 309C4D86D989FB1FCF64BD30DC81C51B
    SHA1: 38B6E9D3377719098B415BD1E34080C06A24D96E


    — C:\SWSetup\HDD\iastor.sys —
    Company: Intel Corporation
    File Description: Intel Matrix Storage Manager driver
    File Version: 5.5.0.1035
    Product Name: Intel Matrix Storage Manager driver
    Copyright: Copyright(C) Intel Corporation 1994-2005
    Original Filename: iaStor.sys
    File size: 874240
    Created time: 2006-09-20 16:18:02
    Modified time: 2005-10-13 09:07:12
    MD5: 309C4D86D989FB1FCF64BD30DC81C51B
    SHA1: 38B6E9D3377719098B415BD1E34080C06A24D96E


    — C:\WINDOWS\system32\drivers\mhndrv.sys —
    Company: Microsoft Corporation
    File Description: Microsoft Multimedia Home Network (MHN) Support Driver
    File Version: 5.1.2600.2180 (private/xpsp_mce.040810-0205)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: mhndrv.sys
    File size: 11008
    Created time: 2004-08-10 09:45:04
    Modified time: 2004-08-10 09:45:04
    MD5: 7F2F1D2815A6449D346FCCCBC569FBD6
    SHA1: 3085859DB0BF86A7014C1222321D68B0605768DD


    — C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys —
    Company: Microsoft Corporation
    File Description: Windows NT MQ Access Control Device Driver
    File Version: 5.01.1111
    Product Name: Microsoft Message Queue
    Copyright: Copyright (C) Microsoft Corporation. 1981-2000
    Original Filename: MQAC.SYS
    File size: 91776
    Created time: 2009-06-22 11:30:10
    Modified time: 2009-06-22 11:30:10
    MD5: 9229E191FE206628BE17D1E67A5FAED9
    SHA1: 2C0685B1E8B53449A277903DFE164E23CFB52FA1


    — C:\WINDOWS\$NtUninstallKB971032$\mqac.sys —
    Company: Microsoft Corporation
    File Description: Windows NT MQ Access Control Device Driver
    File Version: 5.01.1108
    Product Name: Microsoft Message Queue
    Copyright: Copyright (C) Microsoft Corporation. 1981-2000
    Original Filename: MQAC.SYS
    File size: 72960
    Created time: 2011-10-10 12:47:09
    Modified time: 2006-04-11 04:00:00
    MD5: DB07B0088CDFD20C2A22E675120EDE34
    SHA1: 47CF3A7F653D12EEABC04F500F8043EE42ED657D


    — C:\WINDOWS\ServicePackFiles\i386\mqac.sys —
    Company: Microsoft Corporation
    File Description: Windows NT MQ Access Control Device Driver
    File Version: 5.01.1110
    Product Name: Microsoft Message Queue
    Copyright: Copyright (C) Microsoft Corporation. 1981-2000
    Original Filename: MQAC.SYS
    File size: 92544
    Created time: 2011-10-10 13:59:27
    Modified time: 2008-04-13 18:39:44
    MD5: 70C14F5CCA5CF73F8A645C73A01D8726
    SHA1: B0CB007A0C4A825BC1DC0F563889910D2E8E48F3


    — C:\WINDOWS\system32\dllcache\mqac.sys —
    Company: Microsoft Corporation
    File Description: Windows NT MQ Access Control Device Driver
    File Version: 5.01.1111
    Product Name: Microsoft Message Queue
    Copyright: Copyright (C) Microsoft Corporation. 1981-2000
    Original Filename: MQAC.SYS
    File size: 91776
    Created time: 2009-06-22 11:48:44
    Modified time: 2009-06-22 11:48:44
    MD5: EEE50BF24CAEEDB515A8F3B22756D3BB
    SHA1: A8DF29CC8CDE7A2F6AB9AF9E8A01057D6542F154


    — C:\WINDOWS\system32\drivers\mqac.sys —
    Company: Microsoft Corporation
    File Description: Windows NT MQ Access Control Device Driver
    File Version: 5.01.1111
    Product Name: Microsoft Message Queue
    Copyright: Copyright (C) Microsoft Corporation. 1981-2000
    Original Filename: MQAC.SYS
    File size: 91776
    Created time: 2006-04-11 04:00:00
    Modified time: 2009-06-22 11:48:44
    MD5: EEE50BF24CAEEDB515A8F3B22756D3BB
    SHA1: A8DF29CC8CDE7A2F6AB9AF9E8A01057D6542F154

    ********************************


    Groet Holly.
  • Welnu - zo te zien staan alle files nog in Windows, dus dat is dan alsnog goed gegaan!

    Doe maar het volgende:

    Download de [b:e154c5474d][/b:e154c5474d] naar het bureaublad en pak het [b:e154c5474d]ZIP[/b:e154c5474d] bestand uit.
    [list:e154c5474d]
    [*:e154c5474d] Open de map "[b:e154c5474d]EmsisoftEmergencyKit[/b:e154c5474d]" en dubbelklik op "[b:e154c5474d]Start.exe[/b:e154c5474d]"
    [*:e154c5474d] Klik nu op "[b:e154c5474d]Emergency Kit Scanner[/b:e154c5474d]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:e154c5474d]Ja[/b:e154c5474d]"
    [img:e154c5474d]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:e154c5474d]
    [*:e154c5474d] Als de update gereed is en de melding "[b:e154c5474d]Update process is succesvol afgerond[/b:e154c5474d]" verschijnt klikt u op "[b:e154c5474d]menu[/b:e154c5474d]" en dan op "[b:e154c5474d]Scan PC[/b:e154c5474d]"
    [*:e154c5474d] Selecteer de optie "[b:e154c5474d]Diep[/b:e154c5474d]" als deze niet standaard al zo is ingesteld.
    [*:e154c5474d] Klik Nu op de knop "[b:e154c5474d]Scan[/b:e154c5474d]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:e154c5474d] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

    Opmerking:

    Als u deze melding ziet.

    [b:e154c5474d]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:e154c5474d]

    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:e154c5474d] "Versturen als vals alarm (False Positive)".[/b:e154c5474d]


    [*:e154c5474d] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:e154c5474d]verwijder geselecteerde[/b:e154c5474d]" u zal nu de volgende melding krijgen maar klik hier op "[b:e154c5474d]Ja[/b:e154c5474d]"
    [img:e154c5474d]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:e154c5474d]
    [*:e154c5474d] Als het verwijderen gereed is klikt u op de knop "[b:e154c5474d]View report[/b:e154c5474d]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:e154c5474d]a2scan_110730-111615.txt[/b:e154c5474d]
    [*:e154c5474d] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:e154c5474d] Herstart nu de computer.[/list:u:e154c5474d]
  • Hallo Abraham,

    die scan duurde wel even, maar zonder problemen gelukt. Na een update hier het log van de dieptescan:


    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 12-2-2012 19:18:08

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 12-2-2012 19:19:21


    Gescand

    Bestanden: 213846
    Sporen: 461154
    Cookies: 0
    Processen: 39

    Gevonden

    Bestanden: 0
    Sporen: 0
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 12-2-2012 21:04:09
    Scantijd: 1:44:48

    Bvd. Groet Holly.
  • Wil jij een screenprint posten van Schijfbeheer.
    Wel het venster Schijfbeheer eerst maximeren.
  • Hallo Abraham,

    hier img van schijfbeheer:
    [img:b1dd5f975e]http://www.imgdumper.nl/uploads5/4f3839a13dff8/4f3839a13dc11-schijfbeheer.JPG[/img:b1dd5f975e]

    Groet Holly.
  • Hoi Holly, beschik jij over een XP-installatie CD.

    Want dat scherm van jou geeft nu niet aan welke partitie de bootpartitie is!
  • Hallo Abraham,

    ik heb 3 herstelschijven, maar de 1e schijf doet het niet. Daarbij wordt aangegeven dat die beschadigd is. Terwijl er geen kras op zit en nooit gebruikt is. De vorige keer heb ik uiteindelijk de harde schijf eruit laten halen, laten formatteren en opnieuw laten installeren van iemand die dezelfde laptop had.

    Ik heb wel die Windows7 op schijf, de trial van uw andere site, maar dat was t/m december2011.

    Ik heb het vermoeden dat die installaties die bij aankoop op de pc stonden niet echt helemaal top waren. Ze zijn bij iedereen verschillend, ik ken 4 mensen die deze zelfde laptop hebben gekocht in 2007/2008.

    Ik doe echt bijna niets met de pc meer, eerst wilde ik nog wel eens muziekjes downloaden of een film soms. Maar dat is allemaal eraf na de installatie. En met surfen let ik heel goed op. Nogmaals opnieuw formatteren en installeren dan eigenlijk begrijp ik daaruit?

    Bvd Groet, Holly.
  • Oké, laten we dan eerst een zien, of die 1GB partie te openen is.
    Dat kan sowieso via Schijfbeheer middels rechtsklik op die partitie.
    En laat dan weten wat je daarin zo al aantreft!
    Desnoods via screenprint.
  • Hallo Abraham,

    vreemd, de partitie is niet te openen lijkt het:

    [img:a4a3f47fd0]http://www.imgdumper.nl/uploads5/4f3a70bc17fa0/4f3a70bc17bb0-Partitie_niet_te_openen1.JPG[/img:a4a3f47fd0]

    [img:a4a3f47fd0]http://www.imgdumper.nl/uploads5/4f3a70fe39dbc/4f3a70fe399d8-Partitie_niet_te_openen2.JPG[/img:a4a3f47fd0]

    Alleen de optie 'help' of 'verwijderen' is mogelijk. Erop klikken geeft ook geen resultaat. Lijkt een dummie zonder inhoud die wel 1 Gb dus beslaat.

    Bvd Groet Holly.
  • Zorg ervoor dat jij eigendomsrechten over die partitie krijgt.
  • Hallo Abraham,

    ik heb gecheckt in UAC, bij de useraccounts, ik ben de enige gebruiker en sta ook als beheerder van de pc… dus ik zou toch alle rechten moeten hebben?

    Zoek nog even verder, maar weet niet goed hoe ik het dan moet doen. Of kan ik die partitie gewoon verwijderen, want die optie heb ik wel namelijk.

    Bvd Groet Holly.
  • Hoi Holly, kik hier: http://www.nationaalcomputerforum.nl/showpost.php?p=472275&postcount=2

    En probeer of je dan die partitie wel mag openen.
    Want ik wil gewoon weten wat er in staat!
  • Hallo Abraham,

    heb de instructies gevolgd, maar helaas, geen resultaat. Ik zou ook wel willen weten wat het is of wat er op staat…

    Heb het ook gepoogd om na de CMD-acties via mapopties nog mappen zichtbaar te maken, ik dacht misschien verschijnt er dan eea maar helaas, het is ook geen map maar een partitie waar zich wellicht mappen of bestanden bevinden. Deze partitie laat zich ook niet zien in 'deze Computer' maar alleen in schijfbeheer.

    C: is mijn windowssysteem, waar ik op werk
    D: is de recovery
    E: is mijn dvd/cd-rom-station

    Verder heb ik eigenlijk geen partitie of andere drives.

    Ook heb ik gekeken bij computerbeheer naar gebruikers. Daar sta ik als beheerder, maar er staat ook iets van ASP.NET? Machine account.
    In eigenschappen staat er bij dit dan:
    Account used for running the ASP.NET worker process (aspnet_wp.exe)
    Ik heb (nog) geen idee wat dit is.

    Dank,Groet Holly.
  • Hallo Abraham,

    misschien geeft dit informatie? Heb met EASEUS Partition Master geprobeerd en dan via Explore Partition en krijg ik dit:

    [img:600a4df14a]http://www.imgdumper.nl/uploads5/4f3c16c2a139a/4f3c16c2a0faa-EASEUS_Partition_Master_Xplore_Part.JPG[/img:600a4df14a]

    Geeft dit inzicht of informatie? Of kan ik het op een andere manier via EASEUS of anders nog info halen?

    Dank,Groet Holly.
  • Goed gedaan.
    [img:4a92d2ac33]http://www.smartestcomputing.us.com/public/style_emoticons/default/yahooo.gif[/img:4a92d2ac33]

    Heb je ondertussen ook al in die mappen gesnuffeld?
    Bijv. Program Files?

    En Documents and Settings: zit daar ook een USERSmap in en zo ja ook een gebruikersnaam?
  • Hallo Abraham,

    Eindelijk :) *opgelucht* gelukkig maar hopelijk zit er niets ernstig in verstopt.

    Inmiddels wel, ben mapje voor mapje gaan bekijken wat erin zit, veel heb ik geen idee wat het is of wat het betekent. Het lijkt een stukje kopie van de gewone C: drive, geen Usernames gevonden, maar 2 andere dingen vielen me een beetje op en kan niet snel echt vinden tot nog toe wat het betekent of waar het voor is:

    de MountPointManagerRemoteDatabase in SystemVolume:
    [img:03d0dcdddc]http://www.imgdumper.nl/uploads5/4f3c2e18b815a/4f3c2e18b7d7b-MountPointManagerRemoteDatabase_in_onbekende_partitie.JPG[/img:03d0dcdddc]

    en de SharedAcces.ini in de map ApplicationData\MS\connections :
    [img:03d0dcdddc]http://www.imgdumper.nl/uploads5/4f3c2e58a67cb/4f3c2e58a63e4-sharedacces_ini_in_onbekende_partitie.JPG[/img:03d0dcdddc]

    Morgen ga ik verder met zoeken.

    Dank,Groet Holly.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.