Vraag & Antwoord

39 antwoorden

Hallo,

De laptop is een Presario V6000 van Compaq. Met (antiek) XP. Avast antivirus. MBAM voor wekelijkse ondersteuning. En Online Armor als firewall. Ik ben eerder op het forum geweest, toen was er een backdoor :S dus nu ben ik bang dat er weer iets aan de laptop is, doordat het systeem soms rare dingen doet.

Zodoende zou ik graag mijn laptop weer eens laten controleren met het HJT-log, gezien er regelmatig blauwe schermen plots de pc laten rebooten. Of de pc wil niet opstarten, of blijft 6x rebooten voor ie is opgestart…

Naast het HJT-log heb ik EsetScanOnline gedaan, maar geen besmetting. MBAM, ook geen besmetting. Avast, ook geen besmetting.

Wel viel me na even zoeken op dat er een verschil is in Mijncomputer mbt partities: C: en D: drives. In Apparaatbeheer is er een 3e partitie van ongeveer 1Gb maar die heb ik er niet ingezet, ik heb geen externe apparaten erop, en de partitie heeft geen aanduiding waarvan het wel is…dus vreemd vind ik.

Heb toch een keer Combofix gedraaid, heel voorzichtig, ondanks dat ik weet dat dat niet de bedoeling is zonder specialist. Het toonde naderhand in het log een verborgen bestand.

TDSSrootkit scan toont nog steeds 7 errors. Die zet ik in quarantaine, maar naderhand staan ze er weer.

HJTlog:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:01, on 10-2-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Online Armor\OAui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318272596312
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

–
End of file - 8147 bytes

Alvast dank!
Groet Holly.[b:473f52a1b2][/b:473f52a1b2]

Anoniem 10 februari 2012 20:31

Hoi, wil je nu dan eerst het log van ComboFix en die van TDSSKiller posten?

Te vinden in:

C:\Combofix.txt en
C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Anoniem 11 februari 2012 18:04

Hallo Abraham,

dank voor je reactie

Hierbij de logs:

Combofix:

ComboFix 12-02-11.03 - p 11-02-2012 20:45:11.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1983.1409 [GMT 1:00]
Gestart vanuit: c:\documents and settings\p\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-11 to 2012-02-11 ))))))))))))))))))))))))))))))
.
.
2012-02-06 09:10 . 2012-02-11 15:22 592824 —-a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-02-06 09:10 . 2012-02-11 15:22 43960 —-a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-02-05 12:40 . 2012-02-05 12:40 ——– d—–w- C:\TDSSStarter
2012-01-26 21:17 . 2012-01-26 21:17 ——– d—–w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 09:52 . 2012-01-07 09:52 388096 —-a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-02 13:50 . 2011-10-12 01:10 89680 —-a-w- c:\documents and settings\p\MSSSerif120.fon
2011-12-14 11:33 . 2011-12-14 11:33 193024 —-a-w- c:\windows\system32\fsquirt.exe
2011-12-10 14:24 . 2011-10-10 22:34 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 02:28 . 2011-12-29 12:45 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
2011-11-29 02:28 . 2011-12-29 12:45 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
2011-11-29 02:28 . 2011-12-29 12:45 126448 ——w- c:\windows\system32\pxinsi64.exe
2011-11-29 02:28 . 2011-12-29 12:45 123888 ——w- c:\windows\system32\pxcpyi64.exe
2011-11-29 02:28 . 2011-12-29 12:45 133616 ——w- c:\windows\system32\pxafs.dll
2011-11-29 02:28 . 2005-04-25 08:03 45648 ——w- c:\windows\system32\drivers\pxhelp20.sys
2011-11-28 18:01 . 2011-10-10 16:19 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-10 16:19 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-10 16:20 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-10 16:20 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-10 16:20 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-10 16:20 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-10 16:20 111320 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-10 16:20 105176 —-a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-10 16:20 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-10 16:20 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2006-04-11 04:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-24 15:14 . 2011-10-10 13:40 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2006-04-11 04:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-21 22:35 . 2011-10-10 16:16 141312 —-a-w- c:\windows\system32\javacpl.cpl
2011-11-20 06:12 . 2006-04-11 04:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2006-04-11 04:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2006-04-11 04:00 152064 —-a-w- c:\windows\system32\schannel.dll
2012-02-11 15:22 . 2011-11-22 21:31 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-11_11.24.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-11 14:18 . 2012-02-11 14:18 16384 c:\windows\Temp\Perflib_Perfdata_8a8.dat
+ 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(9).drv
+ 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(8).drv
+ 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(7).drv
+ 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(11).drv
+ 2006-04-11 04:00 . 2008-04-14 17:03 23552 c:\windows\system32\wdmaud(10).drv
+ 2006-06-29 09:30 . 2012-01-26 21:07 97900 c:\windows\system32\perfc009.dat
+ 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32\nvmctray(9).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32\nvmctray(8).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32\nvmctray(7).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32\nvmctray(11).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 86016 c:\windows\system32\nvmctray(10).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32\nvcod(9).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32\nvcod(8).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32\nvcod(7).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32\nvcod(11).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 35840 c:\windows\system32\nvcod(10).dll
- 2006-04-11 04:00 . 2008-04-14 17:02 23040 c:\windows\system32\mciseq.dll
+ 2006-04-11 04:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-11-20 06:12 . 2011-11-20 06:12 60928 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2006-09-20 06:25 . 2011-10-10 14:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-09-20 06:25 . 2012-01-11 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-09-20 06:25 . 2012-01-11 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2006-09-20 06:25 . 2011-10-10 14:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2012-01-11 14:40 . 2012-01-11 14:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-02 13:39 . 2012-02-02 13:39 22016 c:\windows\Installer\d07ca3.msi
+ 2012-01-11 16:24 . 2008-04-14 17:02 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-01-11 16:23 . 2008-04-14 17:03 58880 c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2012-01-11 16:26 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-01-11 16:24 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-11 16:24 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2012-01-14 15:04 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-01-14 15:04 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 18808 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-20 06:11 . 2011-11-20 06:11 60928 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2012-01-11 13:55 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2006-04-11 04:00 . 2008-04-14 17:02 179200 c:\windows\system32\winmm.dll
+ 2006-04-11 04:00 . 2011-10-14 14:47 179200 c:\windows\system32\winmm.dll
+ 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(9).dll
+ 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(8).dll
+ 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(7).dll
+ 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(11).dll
+ 2006-03-16 02:06 . 2006-03-16 02:06 118784 c:\windows\system32\UCI32105(10).dll
+ 2011-10-10 20:44 . 2012-01-26 21:17 355592 c:\windows\system32\Restore\rstrlog.dat
- 2005-06-29 09:56 . 2008-04-14 17:02 386560 c:\windows\system32\qdvd.dll
+ 2005-06-29 09:56 . 2011-11-03 15:29 386560 c:\windows\system32\qdvd.dll
+ 2006-06-29 09:30 . 2012-01-26 21:07 621398 c:\windows\system32\perfh013.dat
+ 2006-06-29 09:30 . 2012-01-26 21:07 544354 c:\windows\system32\perfh009.dat
+ 2006-06-29 09:30 . 2012-01-26 21:07 122310 c:\windows\system32\perfc013.dat
+ 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32\nvsvc32(9).exe
+ 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32\nvsvc32(8).exe
+ 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32\nvsvc32(7).exe
+ 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32\nvsvc32(11).exe
+ 2006-08-18 08:00 . 2006-08-18 08:00 143426 c:\windows\system32\nvsvc32(10).exe
+ 2006-04-11 04:00 . 2011-10-28 16:07 726528 c:\windows\system32\jscript.dll
- 2006-04-11 04:00 . 2011-03-04 06:36 726528 c:\windows\system32\jscript.dll
+ 2011-04-26 11:07 . 2011-11-25 21:57 293888 c:\windows\system32\dllcache\winsrv.dll
- 2011-04-26 11:07 . 2011-06-20 17:44 293888 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 179200 c:\windows\system32\dllcache\winmm.dll
- 2008-12-16 12:33 . 2009-08-25 09:20 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:33 . 2011-11-16 14:22 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-04-11 04:00 . 2011-11-16 14:22 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:29 . 2011-11-03 15:29 386560 c:\windows\system32\dllcache\qdvd.dll
- 2006-04-11 04:00 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-04-11 04:00 . 2011-10-28 16:07 726528 c:\windows\system32\dllcache\jscript.dll
+ 2012-01-14 15:18 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2632503-IE8\spuninst\updspapi.dll
+ 2012-01-14 15:18 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2632503-IE8\spuninst\spuninst.exe
+ 2012-01-14 15:18 . 2011-03-04 06:36 726528 c:\windows\ie8updates\KB2632503-IE8\jscript.dll
+ 2005-12-15 18:11 . 2011-11-02 08:25 107008 c:\windows\ehome\mstvcapn.dll
- 2005-12-15 18:11 . 2006-10-09 14:12 107008 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 16:26 . 2011-06-20 17:44 293888 c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
+ 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
+ 2012-01-11 16:26 . 2008-04-14 17:02 386560 c:\windows\$NtUninstallKB2631813$\qdvd.dll
+ 2012-01-11 16:23 . 2010-12-21 10:36 401272 c:\windows\$NtUninstallKB2628259$\spuninst\updspapi.dll
+ 2012-01-11 16:23 . 2010-12-21 10:36 234872 c:\windows\$NtUninstallKB2628259$\spuninst\spuninst.exe
+ 2012-01-11 16:23 . 2006-10-09 14:12 107008 c:\windows\$NtUninstallKB2628259$\mstvcapn.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
+ 2012-01-11 16:24 . 2008-04-14 17:02 179200 c:\windows\$NtUninstallKB2598479$\winmm.dll
+ 2012-01-11 16:24 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
+ 2012-01-11 16:24 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
+ 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
+ 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56 293888 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-11 16:26 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-11 16:26 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 386560 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-01-11 16:24 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-11 16:24 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-11 16:24 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45 179200 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2012-01-14 15:04 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-01-14 15:04 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-01-14 15:04 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2011-11-16 14:20 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2011-11-16 14:20 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 401272 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-11 16:23 . 2010-07-05 13:21 765304 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-11 16:23 . 2010-07-05 13:21 234872 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2005-08-30 12:17 . 2011-11-03 15:29 1296384 c:\windows\system32\quartz.dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32\nv4_disp(9).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32\nv4_disp(8).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32\nv4_disp(7).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32\nv4_disp(6).dll
+ 2006-08-18 08:00 . 2006-08-18 08:00 3989504 c:\windows\system32\nv4_disp(5).dll
+ 2009-11-27 17:14 . 2011-11-03 15:29 1296384 c:\windows\system32\dllcache\quartz.dll
+ 2012-01-11 16:26 . 2010-02-05 18:27 1295872 c:\windows\$NtUninstallKB2631813$\quartz.dll
+ 2011-11-03 15:27 . 2011-11-03 15:27 1296384 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2011-10-10 12:50 . 2012-01-11 16:24 52128560 c:\windows\system32\MRT.exe
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\2e1c9.msp
.
– Snapshot teruggezet naar huidige datum –
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-10-2011 17:20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-10-2011 17:20 314456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17-11-2011 21:06 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17-11-2011 21:07 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17-11-2011 21:07 29464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-10-2011 17:20 20568]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [17-11-2011 21:06 207936]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [17-11-2011 21:07 40296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25-1-2011 11:41 2336072]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [17-11-2011 21:06 4363040]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [30-12-2011 23:47 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [30-12-2011 23:47 8456]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11-4-2006 5:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\xrtbp34y.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1318508005&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-11 20:57:40
ComboFix-quarantined-files.txt 2012-02-11 19:57
ComboFix2.txt 2012-01-11 11:27
ComboFix3.txt 2011-12-07 11:41
.
Pre-Run: 59.580.256.256 bytes beschikbaar
Post-Run: 59.562.352.640 bytes beschikbaar
.
- - End Of File - - 82305DD171741566F5C0EF3DA87F9884

TDSS Killer:

21:16:53.0546 0152 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:16:53.0640 0152 ============================================================
21:16:53.0640 0152 Current date / time: 2012/02/11 21:16:53.0640
21:16:53.0640 0152 SystemInfo:
21:16:53.0640 0152
21:16:53.0640 0152 OS Version: 5.1.2600 ServicePack: 3.0
21:16:53.0640 0152 Product type: Workstation
21:16:53.0640 0152 ComputerName: PC284571089395
21:16:53.0640 0152 UserName: p
21:16:53.0640 0152 Windows directory: C:\WINDOWS
21:16:53.0640 0152 System windows directory: C:\WINDOWS
21:16:53.0640 0152 Processor architecture: Intel x86
21:16:53.0640 0152 Number of processors: 2
21:16:53.0640 0152 Page size: 0x1000
21:16:53.0640 0152 Boot type: Normal boot
21:16:53.0640 0152 ============================================================
21:16:58.0296 0152 Initialize success
21:17:08.0625 1196 ============================================================
21:17:08.0625 1196 Scan started
21:17:08.0625 1196 Mode: Manual; SigCheck; TDLFS;
21:17:08.0625 1196 ============================================================
21:17:09.0109 1196 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:17:09.0421 1196 Aavmker4 - ok
21:17:09.0437 1196 Abiosdsk - ok
21:17:09.0468 1196 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:17:09.0593 1196 abp480n5 - ok
21:17:09.0625 1196 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:09.0812 1196 ACPI - ok
21:17:09.0937 1196 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:17:10.0109 1196 ACPIEC - ok
21:17:10.0125 1196 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:17:10.0312 1196 adpu160m - ok
21:17:10.0343 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:17:10.0531 1196 aec - ok
21:17:10.0578 1196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:17:10.0625 1196 AFD - ok
21:17:10.0671 1196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:17:10.0875 1196 agp440 - ok
21:17:10.0984 1196 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:17:11.0203 1196 agpCPQ - ok
21:17:11.0234 1196 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:17:11.0343 1196 Aha154x - ok
21:17:11.0359 1196 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:17:11.0562 1196 aic78u2 - ok
21:17:11.0593 1196 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:17:11.0781 1196 aic78xx - ok
21:17:11.0812 1196 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:17:12.0015 1196 AliIde - ok
21:17:12.0140 1196 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:17:12.0359 1196 alim1541 - ok
21:17:12.0390 1196 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:17:12.0609 1196 amdagp - ok
21:17:12.0640 1196 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:17:12.0703 1196 AmdK8 - ok
21:17:12.0796 1196 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:17:12.0906 1196 amsint - ok
21:17:12.0953 1196 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:17:13.0156 1196 Arp1394 - ok
21:17:13.0203 1196 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:17:13.0406 1196 asc - ok
21:17:13.0515 1196 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:17:13.0625 1196 asc3350p - ok
21:17:13.0640 1196 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:17:13.0843 1196 asc3550 - ok
21:17:13.0906 1196 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:17:13.0937 1196 aswFsBlk - ok
21:17:13.0953 1196 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
21:17:13.0984 1196 aswMon2 - ok
21:17:14.0015 1196 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
21:17:14.0046 1196 aswRdr - ok
21:17:14.0078 1196 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
21:17:14.0125 1196 aswSnx - ok
21:17:14.0296 1196 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
21:17:14.0328 1196 aswSP - ok
21:17:14.0375 1196 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
21:17:14.0406 1196 aswTdi - ok
21:17:14.0453 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:14.0656 1196 AsyncMac - ok
21:17:14.0687 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:14.0890 1196 atapi - ok
21:17:14.0984 1196 Atdisk - ok
21:17:15.0015 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:15.0218 1196 Atmarpc - ok
21:17:15.0265 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:15.0468 1196 audstub - ok
21:17:15.0515 1196 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:17:15.0593 1196 BCM43XX - ok
21:17:15.0718 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:17:15.0921 1196 Beep - ok
21:17:15.0953 1196 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
21:17:15.0984 1196 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
21:17:15.0984 1196 BTWUSB - detected UnsignedFile.Multi.Generic (1)
21:17:16.0031 1196 catchme - ok
21:17:16.0046 1196 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:17:16.0265 1196 cbidf - ok
21:17:16.0390 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:16.0578 1196 cbidf2k - ok
21:17:16.0593 1196 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:17:16.0703 1196 cd20xrnt - ok
21:17:16.0734 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:16.0937 1196 Cdaudio - ok
21:17:16.0968 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:17.0187 1196 Cdfs - ok
21:17:17.0218 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:17:17.0421 1196 Cdrom - ok
21:17:17.0546 1196 Changer - ok
21:17:17.0578 1196 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:17:17.0781 1196 CmBatt - ok
21:17:17.0812 1196 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:17:18.0015 1196 CmdIde - ok
21:17:18.0046 1196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:17:18.0250 1196 Compbatt - ok
21:17:18.0296 1196 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:17:18.0515 1196 Cpqarray - ok
21:17:18.0656 1196 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:17:18.0875 1196 dac2w2k - ok
21:17:18.0890 1196 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:17:19.0078 1196 dac960nt - ok
21:17:19.0125 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:19.0328 1196 Disk - ok
21:17:19.0390 1196 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
21:17:19.0640 1196 dmboot - ok
21:17:19.0781 1196 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
21:17:19.0984 1196 dmio - ok
21:17:20.0000 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:17:20.0203 1196 dmload - ok
21:17:20.0250 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:17:20.0453 1196 DMusic - ok
21:17:20.0484 1196 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:17:20.0687 1196 dpti2o - ok
21:17:20.0703 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:20.0906 1196 drmkaud - ok
21:17:20.0953 1196 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
21:17:21.0000 1196 eabfiltr - ok
21:17:21.0078 1196 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
21:17:21.0140 1196 eabusb - ok
21:17:21.0203 1196 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
21:17:21.0250 1196 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
21:17:21.0250 1196 epmntdrv - detected UnsignedFile.Multi.Generic (1)
21:17:21.0296 1196 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
21:17:21.0328 1196 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
21:17:21.0328 1196 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
21:17:21.0375 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:21.0578 1196 Fastfat - ok
21:17:21.0687 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:17:21.0875 1196 Fdc - ok
21:17:21.0906 1196 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
21:17:22.0109 1196 Fips - ok
21:17:22.0125 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:17:22.0328 1196 Flpydisk - ok
21:17:22.0375 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:17:22.0593 1196 FltMgr - ok
21:17:22.0718 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:22.0937 1196 Fs_Rec - ok
21:17:22.0953 1196 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:23.0171 1196 Ftdisk - ok
21:17:23.0234 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:23.0453 1196 Gpc - ok
21:17:23.0593 1196 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
21:17:23.0625 1196 HBtnKey - ok
21:17:23.0687 1196 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
21:17:23.0796 1196 HdAudAddService - ok
21:17:23.0875 1196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:24.0093 1196 HDAudBus - ok
21:17:24.0218 1196 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:17:24.0421 1196 hpn - ok
21:17:24.0453 1196 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:17:24.0531 1196 HSFHWAZL - ok
21:17:24.0609 1196 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:17:24.0750 1196 HSF_DPV - ok
21:17:24.0890 1196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:24.0968 1196 HTTP - ok
21:17:25.0000 1196 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:17:25.0218 1196 i2omgmt - ok
21:17:25.0234 1196 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:17:25.0437 1196 i2omp - ok
21:17:25.0484 1196 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:25.0703 1196 i8042prt - ok
21:17:25.0859 1196 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:17:25.0937 1196 iaStor ( UnsignedFile.Multi.Generic ) - warning
21:17:25.0937 1196 iaStor - detected UnsignedFile.Multi.Generic (1)
21:17:26.0000 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:26.0203 1196 Imapi - ok
21:17:26.0328 1196 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:17:26.0531 1196 ini910u - ok
21:17:26.0562 1196 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:17:26.0781 1196 IntelIde - ok
21:17:26.0828 1196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:17:27.0031 1196 Ip6Fw - ok
21:17:27.0046 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:27.0265 1196 IpFilterDriver - ok
21:17:27.0375 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:27.0578 1196 IpInIp - ok
21:17:27.0625 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:27.0828 1196 IpNat - ok
21:17:27.0875 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:28.0078 1196 IPSec - ok
21:17:28.0109 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:28.0218 1196 IRENUM - ok
21:17:28.0343 1196 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:28.0546 1196 isapnp - ok
21:17:28.0562 1196 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:28.0781 1196 Kbdclass - ok
21:17:28.0812 1196 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:29.0015 1196 kbdhid - ok
21:17:29.0156 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:17:29.0359 1196 kmixer - ok
21:17:29.0406 1196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:29.0437 1196 KSecDD - ok
21:17:29.0453 1196 lbrtfdc - ok
21:17:29.0515 1196 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:17:29.0578 1196 mdmxsdk - ok
21:17:29.0609 1196 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:17:29.0640 1196 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:17:29.0640 1196 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:17:29.0765 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:29.0968 1196 mnmdd - ok
21:17:30.0000 1196 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
21:17:30.0218 1196 Modem - ok
21:17:30.0234 1196 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:30.0437 1196 Mouclass - ok
21:17:30.0468 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:30.0656 1196 MountMgr - ok
21:17:30.0796 1196 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
21:17:30.0812 1196 MQAC ( UnsignedFile.Multi.Generic ) - warning
21:17:30.0812 1196 MQAC - detected UnsignedFile.Multi.Generic (1)
21:17:30.0843 1196 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:17:31.0046 1196 mraid35x - ok
21:17:31.0109 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:31.0296 1196 MRxDAV - ok
21:17:31.0453 1196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:31.0546 1196 MRxSmb - ok
21:17:31.0640 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:17:31.0828 1196 Msfs - ok
21:17:31.0875 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:32.0062 1196 MSKSSRV - ok
21:17:32.0218 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:32.0421 1196 MSPCLOCK - ok
21:17:32.0453 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:32.0656 1196 MSPQM - ok
21:17:32.0718 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:32.0921 1196 mssmbios - ok
21:17:33.0062 1196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:17:33.0109 1196 Mup - ok
21:17:33.0171 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:17:33.0359 1196 NDIS - ok
21:17:33.0406 1196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:33.0453 1196 NdisTapi - ok
21:17:33.0609 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:33.0796 1196 Ndisuio - ok
21:17:33.0843 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:34.0062 1196 NdisWan - ok
21:17:34.0093 1196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:34.0140 1196 NDProxy - ok
21:17:34.0187 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:34.0375 1196 NetBIOS - ok
21:17:34.0484 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:34.0703 1196 NetBT - ok
21:17:34.0750 1196 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:17:34.0968 1196 NIC1394 - ok
21:17:35.0000 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:35.0218 1196 Npfs - ok
21:17:35.0343 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:35.0546 1196 Ntfs - ok
21:17:35.0609 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:35.0812 1196 Null - ok
21:17:36.0015 1196 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:36.0203 1196 nv - ok
21:17:36.0406 1196 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:17:36.0453 1196 nvata - ok
21:17:36.0484 1196 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:17:36.0515 1196 NVENETFD - ok
21:17:36.0546 1196 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:17:36.0578 1196 nvnetbus - ok
21:17:36.0609 1196 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
21:17:36.0656 1196 nvsmu - ok
21:17:36.0796 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:37.0000 1196 NwlnkFlt - ok
21:17:37.0031 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:37.0234 1196 NwlnkFwd - ok
21:17:37.0281 1196 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys
21:17:37.0328 1196 OADevice - ok
21:17:37.0453 1196 oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys
21:17:37.0500 1196 oahlpXX - ok
21:17:37.0515 1196 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys
21:17:37.0546 1196 OAmon - ok
21:17:37.0593 1196 OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys
21:17:37.0625 1196 OAnet - ok
21:17:37.0640 1196 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:17:37.0859 1196 ohci1394 - ok
21:17:37.0906 1196 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
21:17:38.0093 1196 Parport - ok
21:17:38.0234 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:38.0437 1196 PartMgr - ok
21:17:38.0468 1196 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:38.0656 1196 ParVdm - ok
21:17:38.0687 1196 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:38.0890 1196 PCI - ok
21:17:38.0921 1196 PCIDump - ok
21:17:39.0046 1196 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:39.0250 1196 PCIIde - ok
21:17:39.0265 1196 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:17:39.0468 1196 Pcmcia - ok
21:17:39.0484 1196 PDCOMP - ok
21:17:39.0500 1196 PDFRAME - ok
21:17:39.0515 1196 PDRELI - ok
21:17:39.0531 1196 PDRFRAME - ok
21:17:39.0546 1196 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:17:39.0750 1196 perc2 - ok
21:17:39.0765 1196 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:17:39.0968 1196 perc2hib - ok
21:17:40.0031 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:40.0250 1196 PptpMiniport - ok
21:17:40.0375 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:40.0562 1196 Ptilink - ok
21:17:40.0593 1196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:17:40.0625 1196 PxHelp20 - ok
21:17:40.0656 1196 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:17:40.0843 1196 ql1080 - ok
21:17:40.0890 1196 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:17:41.0093 1196 Ql10wnt - ok
21:17:41.0234 1196 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:17:41.0453 1196 ql12160 - ok
21:17:41.0484 1196 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:17:41.0671 1196 ql1240 - ok
21:17:41.0703 1196 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:17:41.0890 1196 ql1280 - ok
21:17:41.0921 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:42.0140 1196 RasAcd - ok
21:17:42.0281 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:42.0468 1196 Rasl2tp - ok
21:17:42.0484 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:42.0671 1196 RasPppoe - ok
21:17:42.0718 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:42.0906 1196 Raspti - ok
21:17:42.0937 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:43.0156 1196 Rdbss - ok
21:17:43.0296 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:43.0484 1196 RDPCDD - ok
21:17:43.0531 1196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:17:43.0718 1196 rdpdr - ok
21:17:43.0765 1196 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:43.0812 1196 RDPWD - ok
21:17:43.0968 1196 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:44.0140 1196 redbook - ok
21:17:44.0203 1196 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:17:44.0250 1196 rimmptsk - ok
21:17:44.0265 1196 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:17:44.0312 1196 rimsptsk - ok
21:17:44.0343 1196 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:17:44.0390 1196 rismxdp - ok
21:17:44.0437 1196 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
21:17:44.0484 1196 RMCAST - ok
21:17:44.0625 1196 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:17:44.0828 1196 rtl8139 - ok
21:17:44.0906 1196 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:17:45.0093 1196 sdbus - ok
21:17:45.0125 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:45.0250 1196 Secdrv - ok
21:17:45.0390 1196 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
21:17:45.0593 1196 Serial - ok
21:17:45.0640 1196 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:17:45.0828 1196 sffdisk - ok
21:17:45.0875 1196 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:17:46.0078 1196 sffp_sd - ok
21:17:46.0125 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:46.0328 1196 Sfloppy - ok
21:17:46.0453 1196 Simbad - ok
21:17:46.0500 1196 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:17:46.0687 1196 sisagp - ok
21:17:46.0734 1196 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:17:46.0843 1196 Sparrow - ok
21:17:46.0906 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:47.0078 1196 splitter - ok
21:17:47.0218 1196 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:47.0328 1196 sr - ok
21:17:47.0375 1196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:47.0421 1196 Srv - ok
21:17:47.0500 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:47.0671 1196 swenum - ok
21:17:47.0812 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:48.0015 1196 swmidi - ok
21:17:48.0062 1196 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:17:48.0234 1196 symc810 - ok
21:17:48.0281 1196 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:17:48.0484 1196 symc8xx - ok
21:17:48.0546 1196 SYMIDSCO - ok
21:17:48.0671 1196 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:17:48.0875 1196 sym_hi - ok
21:17:48.0921 1196 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:17:49.0109 1196 sym_u3 - ok
21:17:49.0156 1196 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:17:49.0203 1196 SynTP - ok
21:17:49.0234 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:49.0421 1196 sysaudio - ok
21:17:49.0578 1196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:49.0656 1196 Tcpip - ok
21:17:49.0718 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:49.0921 1196 TDPIPE - ok
21:17:49.0953 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:50.0156 1196 TDTCP - ok
21:17:50.0296 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:50.0484 1196 TermDD - ok
21:17:50.0546 1196 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
21:17:50.0718 1196 TosIde - ok
21:17:50.0765 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:51.0000 1196 Udfs - ok
21:17:51.0031 1196 UIUSys - ok
21:17:51.0156 1196 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:17:51.0265 1196 ultra - ok
21:17:51.0328 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:51.0515 1196 Update - ok
21:17:51.0562 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:51.0765 1196 usbehci - ok
21:17:51.0890 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:52.0093 1196 usbhub - ok
21:17:52.0140 1196 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:17:52.0343 1196 usbohci - ok
21:17:52.0375 1196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:52.0562 1196 USBSTOR - ok
21:17:52.0593 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:52.0796 1196 usbuhci - ok
21:17:52.0937 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:53.0140 1196 VgaSave - ok
21:17:53.0187 1196 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:17:53.0375 1196 viaagp - ok
21:17:53.0406 1196 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:17:53.0593 1196 ViaIde - ok
21:17:53.0625 1196 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:53.0843 1196 VolSnap - ok
21:17:53.0984 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:54.0171 1196 Wanarp - ok
21:17:54.0187 1196 WDICA - ok
21:17:54.0218 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:54.0406 1196 wdmaud - ok
21:17:54.0468 1196 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:17:54.0578 1196 winachsf - ok
21:17:54.0687 1196 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:17:54.0890 1196 WmiAcpi - ok
21:17:55.0015 1196 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:17:55.0203 1196 WS2IFSL - ok
21:17:55.0250 1196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:55.0296 1196 WudfPf - ok
21:17:55.0328 1196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:55.0375 1196 WudfRd - ok
21:17:55.0421 1196 MBR (0x1B8) (89685f688d61d591fe668a640b2d74a0) \Device\Harddisk0\DR0
21:17:55.0515 1196 \Device\Harddisk0\DR0 - ok
21:17:55.0515 1196 Boot (0x1200) (004620da451119e64258b4b740802a5b) \Device\Harddisk0\DR0\Partition0
21:17:55.0531 1196 \Device\Harddisk0\DR0\Partition0 - ok
21:17:55.0546 1196 Boot (0x1200) (50d4d20c050033b15d6e6a2ed8c7239d) \Device\Harddisk0\DR0\Partition1
21:17:55.0546 1196 \Device\Harddisk0\DR0\Partition1 - ok
21:17:55.0546 1196 ============================================================
21:17:55.0546 1196 Scan finished
21:17:55.0546 1196 ============================================================
21:17:55.0656 1216 Detected object count: 6
21:17:55.0656 1216 Actual detected object count: 6
21:18:05.0390 1216 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine
21:18:05.0500 1216 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:18:05.0593 1216 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine
21:18:05.0656 1216 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:18:05.0703 1216 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine
21:18:05.0750 1216 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:18:05.0859 1216 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine
21:18:05.0937 1216 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:18:06.0109 1216 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
21:18:06.0125 1216 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:18:06.0187 1216 C:\WINDOWS\system32\drivers\mqac.sys - copied to quarantine
21:18:06.0218 1216 MQAC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

Groet Holly.

Anoniem 11 februari 2012 20:22

Hoi Holly, wil je niet meer op eigen houtje met TDSSKiller en ComboFix spelen!
Vooral TDSSKiller is daarvoor te gevaarlijk.
Alles wat je in quarantaine hebt laten zetten zijn legitieme files!
O.a. zal bluetooth mogelijk niet meer goed funktioneren.

[b:172697e373]Welk programma[/b:172697e373]: Zoek.exe van Smeenk
[b:172697e373]Waarvoor/waarom[/b:172697e373]: multifunktioneel tool
[b:172697e373]Moeilijkheidsgraad[/b:172697e373]: geen.
[b:172697e373]Download[/b:172697e373]: [b:172697e373]zoek.exe van Smeenk[/b:172697e373]

[b:172697e373]"Zoek.exe van Smeenk" gebruiken[/b:172697e373]:
[list:172697e373][*:172697e373] [b:172697e373]

Anoniem 11 februari 2012 22:13

Hallo Abraham,

van Combofix wist ik, maar had zeker voorzichtig gedaan. Van TDSS wist ik niet, zal het zeker niet meer doen, beide niet, sorry.

Het lukte in eerste instantie niet: ONLINE ARMOR FIREWALL ZAT IN DE WEG, maar hier het log:
==================
Zoek.exe by smeenk
Updated 25-01-2012
==================
*************Folders************

**************Files*************

— C:\WINDOWS\system32\drivers\btwusb.sys —
Company: Broadcom Corporation.
File Description: Driver for Bluetooth USB Devices
File Version: 4.0.1.3500
Product Name: Bluetooth Software 4.0.1.3500
Copyright: Copyright 2000-2006, Broadcom Corporation.
Original Filename: BTWUSB.SYS
File size: 57320
Created time: 2006-05-12 20:05:02
Modified time: 2006-05-12 20:05:02
MD5: 4272BAB9291D26DA5AC913BC79C3CE85
SHA1: 7E73924E5DE094F6055068B46E9F83F52D0C9B1B

— C:\SWSetup\BTOOTH\btwusb.sys —
Company: Broadcom Corporation.
File Description: Driver for Bluetooth USB Devices
File Version: 4.0.1.3500
Product Name: Bluetooth Software 4.0.1.3500
Copyright: Copyright 2000-2006, Broadcom Corporation.
Original Filename: BTWUSB.SYS
File size: 57320
Created time: 2006-05-12 20:05:02
Modified time: 2006-05-12 20:05:02
MD5: 4272BAB9291D26DA5AC913BC79C3CE85
SHA1: 7E73924E5DE094F6055068B46E9F83F52D0C9B1B

— C:\WINDOWS\system32\epmntdrv.sys —
Company: ——
File Description: ——
File Version: ——
Product Name: ——
Copyright: ——
Original Filename: ——
File size: 13192
Created time: 2011-12-30 22:47:05
Modified time: 2011-07-29 12:54:56
MD5: F07BA56B0235F15EFF8F10DC6389C42E
SHA1: 67D4E043DF4B8579BB36612AC396FCAB964BDB8D

— C:\WINDOWS\system32\EuGdiDrv.sys —
Company: ——
File Description: ——
File Version: ——
Product Name: ——
Copyright: ——
Original Filename: ——
File size: 8456
Created time: 2011-12-30 22:47:05
Modified time: 2011-07-29 12:54:56
MD5: 1F2F4AB15CE03ECC257FEB2F6DC5A013
SHA1: A229482C7F557044A7C8A2C771327B9BB5474C37

— C:\WINDOWS\system32\drivers\iaStor.sys —
Company: Intel Corporation
File Description: Intel Matrix Storage Manager driver
File Version: 5.5.0.1035
Product Name: Intel Matrix Storage Manager driver
Copyright: Copyright(C) Intel Corporation 1994-2005
Original Filename: iaStor.sys
File size: 874240
Created time: 2005-10-13 09:07:12
Modified time: 2005-10-13 09:07:12
MD5: 309C4D86D989FB1FCF64BD30DC81C51B
SHA1: 38B6E9D3377719098B415BD1E34080C06A24D96E

— C:\SWSetup\HDD\iastor.sys —
Company: Intel Corporation
File Description: Intel Matrix Storage Manager driver
File Version: 5.5.0.1035
Product Name: Intel Matrix Storage Manager driver
Copyright: Copyright(C) Intel Corporation 1994-2005
Original Filename: iaStor.sys
File size: 874240
Created time: 2006-09-20 16:18:02
Modified time: 2005-10-13 09:07:12
MD5: 309C4D86D989FB1FCF64BD30DC81C51B
SHA1: 38B6E9D3377719098B415BD1E34080C06A24D96E

— C:\WINDOWS\system32\drivers\mhndrv.sys —
Company: Microsoft Corporation
File Description: Microsoft Multimedia Home Network (MHN) Support Driver
File Version: 5.1.2600.2180 (private/xpsp_mce.040810-0205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: mhndrv.sys
File size: 11008
Created time: 2004-08-10 09:45:04
Modified time: 2004-08-10 09:45:04
MD5: 7F2F1D2815A6449D346FCCCBC569FBD6
SHA1: 3085859DB0BF86A7014C1222321D68B0605768DD

— C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys —
Company: Microsoft Corporation
File Description: Windows NT MQ Access Control Device Driver
File Version: 5.01.1111
Product Name: Microsoft Message Queue
Copyright: Copyright (C) Microsoft Corporation. 1981-2000
Original Filename: MQAC.SYS
File size: 91776
Created time: 2009-06-22 11:30:10
Modified time: 2009-06-22 11:30:10
MD5: 9229E191FE206628BE17D1E67A5FAED9
SHA1: 2C0685B1E8B53449A277903DFE164E23CFB52FA1

— C:\WINDOWS\$NtUninstallKB971032$\mqac.sys —
Company: Microsoft Corporation
File Description: Windows NT MQ Access Control Device Driver
File Version: 5.01.1108
Product Name: Microsoft Message Queue
Copyright: Copyright (C) Microsoft Corporation. 1981-2000
Original Filename: MQAC.SYS
File size: 72960
Created time: 2011-10-10 12:47:09
Modified time: 2006-04-11 04:00:00
MD5: DB07B0088CDFD20C2A22E675120EDE34
SHA1: 47CF3A7F653D12EEABC04F500F8043EE42ED657D

— C:\WINDOWS\ServicePackFiles\i386\mqac.sys —
Company: Microsoft Corporation
File Description: Windows NT MQ Access Control Device Driver
File Version: 5.01.1110
Product Name: Microsoft Message Queue
Copyright: Copyright (C) Microsoft Corporation. 1981-2000
Original Filename: MQAC.SYS
File size: 92544
Created time: 2011-10-10 13:59:27
Modified time: 2008-04-13 18:39:44
MD5: 70C14F5CCA5CF73F8A645C73A01D8726
SHA1: B0CB007A0C4A825BC1DC0F563889910D2E8E48F3

— C:\WINDOWS\system32\dllcache\mqac.sys —
Company: Microsoft Corporation
File Description: Windows NT MQ Access Control Device Driver
File Version: 5.01.1111
Product Name: Microsoft Message Queue
Copyright: Copyright (C) Microsoft Corporation. 1981-2000
Original Filename: MQAC.SYS
File size: 91776
Created time: 2009-06-22 11:48:44
Modified time: 2009-06-22 11:48:44
MD5: EEE50BF24CAEEDB515A8F3B22756D3BB
SHA1: A8DF29CC8CDE7A2F6AB9AF9E8A01057D6542F154

— C:\WINDOWS\system32\drivers\mqac.sys —
Company: Microsoft Corporation
File Description: Windows NT MQ Access Control Device Driver
File Version: 5.01.1111
Product Name: Microsoft Message Queue
Copyright: Copyright (C) Microsoft Corporation. 1981-2000
Original Filename: MQAC.SYS
File size: 91776
Created time: 2006-04-11 04:00:00
Modified time: 2009-06-22 11:48:44
MD5: EEE50BF24CAEEDB515A8F3B22756D3BB
SHA1: A8DF29CC8CDE7A2F6AB9AF9E8A01057D6542F154

********************************

Groet Holly.

Anoniem 12 februari 2012 16:13

Welnu - zo te zien staan alle files nog in Windows, dus dat is dan alsnog goed gegaan!

Doe maar het volgende:

Download de [b:e154c5474d][/b:e154c5474d] naar het bureaublad en pak het [b:e154c5474d]ZIP[/b:e154c5474d] bestand uit.
[list:e154c5474d]
[*:e154c5474d] Open de map "[b:e154c5474d]EmsisoftEmergencyKit[/b:e154c5474d]" en dubbelklik op "[b:e154c5474d]Start.exe[/b:e154c5474d]"
[*:e154c5474d] Klik nu op "[b:e154c5474d]Emergency Kit Scanner[/b:e154c5474d]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:e154c5474d]Ja[/b:e154c5474d]"
[img:e154c5474d]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:e154c5474d]
[*:e154c5474d] Als de update gereed is en de melding "[b:e154c5474d]Update process is succesvol afgerond[/b:e154c5474d]" verschijnt klikt u op "[b:e154c5474d]menu[/b:e154c5474d]" en dan op "[b:e154c5474d]Scan PC[/b:e154c5474d]"
[*:e154c5474d] Selecteer de optie "[b:e154c5474d]Diep[/b:e154c5474d]" als deze niet standaard al zo is ingesteld.
[*:e154c5474d] Klik Nu op de knop "[b:e154c5474d]Scan[/b:e154c5474d]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
[*:e154c5474d] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

Opmerking:

Als u deze melding ziet.

[b:e154c5474d]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:e154c5474d]

Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:e154c5474d] "Versturen als vals alarm (False Positive)".[/b:e154c5474d]

[*:e154c5474d] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:e154c5474d]verwijder geselecteerde[/b:e154c5474d]" u zal nu de volgende melding krijgen maar klik hier op "[b:e154c5474d]Ja[/b:e154c5474d]"
[img:e154c5474d]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:e154c5474d]
[*:e154c5474d] Als het verwijderen gereed is klikt u op de knop "[b:e154c5474d]View report[/b:e154c5474d]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:e154c5474d]a2scan_110730-111615.txt[/b:e154c5474d]
[*:e154c5474d] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
[*:e154c5474d] Herstart nu de computer.[/list:u:e154c5474d]

Anoniem 12 februari 2012 17:05

Hallo Abraham,

die scan duurde wel even, maar zonder problemen gelukt. Na een update hier het log van de dieptescan:

Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 12-2-2012 19:18:08

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 12-2-2012 19:19:21

Gescand

Bestanden: 213846
Sporen: 461154
Cookies: 0
Processen: 39

Gevonden

Bestanden: 0
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0

Scan Geëindigd: 12-2-2012 21:04:09
Scantijd: 1:44:48

Bvd. Groet Holly.

Anoniem 12 februari 2012 21:22

Wil jij een screenprint posten van Schijfbeheer.
Wel het venster Schijfbeheer eerst maximeren.

Anoniem 12 februari 2012 21:39

Hallo Abraham,

hier img van schijfbeheer:
[img:b1dd5f975e]http://www.imgdumper.nl/uploads5/4f3839a13dff8/4f3839a13dc11-schijfbeheer.JPG[/img:b1dd5f975e]

Groet Holly.

Anoniem 12 februari 2012 22:14

Hoi Holly, beschik jij over een XP-installatie CD.

Want dat scherm van jou geeft nu niet aan welke partitie de bootpartitie is!

Anoniem 13 februari 2012 13:46

Hallo Abraham,

ik heb 3 herstelschijven, maar de 1e schijf doet het niet. Daarbij wordt aangegeven dat die beschadigd is. Terwijl er geen kras op zit en nooit gebruikt is. De vorige keer heb ik uiteindelijk de harde schijf eruit laten halen, laten formatteren en opnieuw laten installeren van iemand die dezelfde laptop had.

Ik heb wel die Windows7 op schijf, de trial van uw andere site, maar dat was t/m december2011.

Ik heb het vermoeden dat die installaties die bij aankoop op de pc stonden niet echt helemaal top waren. Ze zijn bij iedereen verschillend, ik ken 4 mensen die deze zelfde laptop hebben gekocht in 2007/2008.

Ik doe echt bijna niets met de pc meer, eerst wilde ik nog wel eens muziekjes downloaden of een film soms. Maar dat is allemaal eraf na de installatie. En met surfen let ik heel goed op. Nogmaals opnieuw formatteren en installeren dan eigenlijk begrijp ik daaruit?

Bvd Groet, Holly.

Anoniem 13 februari 2012 20:16

Oké, laten we dan eerst een zien, of die 1GB partie te openen is.
Dat kan sowieso via Schijfbeheer middels rechtsklik op die partitie.
En laat dan weten wat je daarin zo al aantreft!
Desnoods via screenprint.

Anoniem 13 februari 2012 20:50

Hallo Abraham,

vreemd, de partitie is niet te openen lijkt het:

[img:a4a3f47fd0]http://www.imgdumper.nl/uploads5/4f3a70bc17fa0/4f3a70bc17bb0-Partitie_niet_te_openen1.JPG[/img:a4a3f47fd0]

[img:a4a3f47fd0]http://www.imgdumper.nl/uploads5/4f3a70fe39dbc/4f3a70fe399d8-Partitie_niet_te_openen2.JPG[/img:a4a3f47fd0]

Alleen de optie 'help' of 'verwijderen' is mogelijk. Erop klikken geeft ook geen resultaat. Lijkt een dummie zonder inhoud die wel 1 Gb dus beslaat.

Bvd Groet Holly.

Anoniem 14 februari 2012 14:37

Zorg ervoor dat jij eigendomsrechten over die partitie krijgt.

Anoniem 15 februari 2012 09:52

Hallo Abraham,

ik heb gecheckt in UAC, bij de useraccounts, ik ben de enige gebruiker en sta ook als beheerder van de pc… dus ik zou toch alle rechten moeten hebben?

Zoek nog even verder, maar weet niet goed hoe ik het dan moet doen. Of kan ik die partitie gewoon verwijderen, want die optie heb ik wel namelijk.

Bvd Groet Holly.

Anoniem 15 februari 2012 13:17

Hoi Holly, kik hier: http://www.nationaalcomputerforum.nl/showpost.php?p=472275&postcount=2

En probeer of je dan die partitie wel mag openen.
Want ik wil gewoon weten wat er in staat!

Anoniem 15 februari 2012 14:49

Hallo Abraham,

heb de instructies gevolgd, maar helaas, geen resultaat. Ik zou ook wel willen weten wat het is of wat er op staat…

Heb het ook gepoogd om na de CMD-acties via mapopties nog mappen zichtbaar te maken, ik dacht misschien verschijnt er dan eea maar helaas, het is ook geen map maar een partitie waar zich wellicht mappen of bestanden bevinden. Deze partitie laat zich ook niet zien in 'deze Computer' maar alleen in schijfbeheer.

C: is mijn windowssysteem, waar ik op werk
D: is de recovery
E: is mijn dvd/cd-rom-station

Verder heb ik eigenlijk geen partitie of andere drives.

Ook heb ik gekeken bij computerbeheer naar gebruikers. Daar sta ik als beheerder, maar er staat ook iets van ASP.NET? Machine account.
In eigenschappen staat er bij dit dan:
Account used for running the ASP.NET worker process (aspnet_wp.exe)
Ik heb (nog) geen idee wat dit is.

Dank,Groet Holly.

Anoniem 15 februari 2012 20:27

Hallo Abraham,

misschien geeft dit informatie? Heb met EASEUS Partition Master geprobeerd en dan via Explore Partition en krijg ik dit:

[img:600a4df14a]http://www.imgdumper.nl/uploads5/4f3c16c2a139a/4f3c16c2a0faa-EASEUS_Partition_Master_Xplore_Part.JPG[/img:600a4df14a]

Geeft dit inzicht of informatie? Of kan ik het op een andere manier via EASEUS of anders nog info halen?

Dank,Groet Holly.

Anoniem 15 februari 2012 20:37

Goed gedaan.
[img:4a92d2ac33]http://www.smartestcomputing.us.com/public/style_emoticons/default/yahooo.gif[/img:4a92d2ac33]

Heb je ondertussen ook al in die mappen gesnuffeld?
Bijv. Program Files?

En Documents and Settings: zit daar ook een USERSmap in en zo ja ook een gebruikersnaam?

Anoniem 15 februari 2012 20:56

Hallo Abraham,

Eindelijk *opgelucht* gelukkig maar hopelijk zit er niets ernstig in verstopt.

Inmiddels wel, ben mapje voor mapje gaan bekijken wat erin zit, veel heb ik geen idee wat het is of wat het betekent. Het lijkt een stukje kopie van de gewone C: drive, geen Usernames gevonden, maar 2 andere dingen vielen me een beetje op en kan niet snel echt vinden tot nog toe wat het betekent of waar het voor is:

de MountPointManagerRemoteDatabase in SystemVolume:
[img:03d0dcdddc]http://www.imgdumper.nl/uploads5/4f3c2e18b815a/4f3c2e18b7d7b-MountPointManagerRemoteDatabase_in_onbekende_partitie.JPG[/img:03d0dcdddc]

en de SharedAcces.ini in de map ApplicationData\MS\connections :
[img:03d0dcdddc]http://www.imgdumper.nl/uploads5/4f3c2e58a67cb/4f3c2e58a63e4-sharedacces_ini_in_onbekende_partitie.JPG[/img:03d0dcdddc]

Morgen ga ik verder met zoeken.

Dank,Groet Holly.

Anoniem 15 februari 2012 22:22

Vorige
1
2
Volgende

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.