Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ben
Hallo renate,
Ik bedoel wat anders (dit is vervolg op)
Dus lees goed wat er staat en voer dat uit.
http://antivirus.startpagina.nl/prikbord/15102084/15104483/re-logfile-hijack-en-combofix#msg-15104483
Gr.Ben
Hoi Ben,
Dit is de log van combofix. (mijn pc liep trouwens vast met het aanmelden dus moest ik de pc uitzetten en weer opnieuw aanmelden)
ComboFix 12-02-02.01 - Gebruiker 02-02-2012 11:35:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1402
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt..txt
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_xcpip
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-02 to 2012-02-02 ))))))))))))))))))))))))))))))
.
.
2012-02-02 10:31 . 2012-02-02 10:31 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2012-02-01 18:04 . 2012-02-01 18:04 388096 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 18:04 . 2012-02-01 18:04 ——– d—–w- c:\program files\Trend Micro
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Uniblue
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\program files\Uniblue
2012-02-01 10:24 . 2012-02-01 10:24 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 10:23 . 2012-02-01 10:23 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-01-28 14:37 . 2012-01-28 14:37 ——– d—–w- c:\windows\system32\wbem\Repository
2012-01-24 19:50 . 2007-03-09 10:25 2321288 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-24 19:50 . 2012-01-17 03:39 6557240 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBC13CF3-27CF-4B39-80AC-8186FC282A67}\mpengine.dll
2012-01-24 19:49 . 2012-01-24 19:49 ——– d—–w- c:\program files\Windows Defender
2012-01-24 19:45 . 2012-01-24 19:45 ——– d—–w- c:\program files\Common Files\Bitdefender
2012-01-24 18:18 . 2012-01-24 18:18 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET
2012-01-24 12:27 . 2006-06-19 12:01 69632 —-a-w- c:\windows\system32\ztvcabinet.dll
2012-01-24 12:27 . 2006-05-25 14:52 162304 —-a-w- c:\windows\system32\ztvunrar36.dll
2012-01-24 12:27 . 2005-08-26 00:50 77312 —-a-w- c:\windows\system32\ztvunace26.dll
2012-01-24 12:27 . 2003-02-02 19:06 153088 —-a-w- c:\windows\system32\UNRAR3.dll
2012-01-24 12:27 . 2002-03-06 00:00 75264 —-a-w- c:\windows\system32\unacev2.dll
2012-01-24 12:27 . 2012-01-24 12:27 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Simply Super Software
2012-01-22 17:49 . 2012-01-31 12:44 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:39 . 2012-01-20 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallMate
2012-01-20 15:30 . 2012-01-22 01:19 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Xefy
2012-01-17 16:22 . 2012-01-17 16:22 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DDMSettings
2012-01-17 16:20 . 2012-01-18 11:44 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DivX
2012-01-17 16:18 . 2012-01-17 16:19 ——– d—–w- c:\program files\Common Files\DivX Shared
2012-01-17 16:16 . 2012-01-20 15:57 ——– d—–w- c:\program files\DivX
2012-01-17 16:15 . 2012-01-17 16:20 ——– d—–w- c:\documents and settings\All Users\Application Data\DivX
2012-01-04 00:48 . 2012-01-04 00:48 354176 —-a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-10-29 15:10 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 12:54 . 2011-11-29 12:54 82380 —-a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-23 01:41 . 2011-06-03 17:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2008-04-15 12:00 385024 —-a-w- c:\windows\system32\html.iec
2008-09-03 06:25 77312 –sh–r- c:\windows\system32\devcon_001.exe
.
.
——- Sigcheck ——-
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Fout !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“SkyTel”=“SkyTel.EXE”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“NvMCTray.dll”
“nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
c:\windows\system32\dumprep 0 -k
.
2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
2009-08-20 23:04 154256 —-a-w- c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll
.
2011-07-28 23:08 1259376 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2001-07-09 09:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
.
2011-11-07 08:26 67456 —-a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
2004-11-02 18:24 32768 —-a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
2012-01-20 13:03 4027056 —-a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\spotify.exe
.
2009-08-20 23:03 105616 —-a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“AntiVirusOverride”=dword:00000001
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgam.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Application Data\\Spotify\\spotify.exe”=
.
“65533:TCP”= 65533:TCP:Services
“52344:TCP”= 52344:TCP:Services
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys
R3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*Deregistered* - xcpip
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322571564.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
2012-02-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.zeelandnet.nl/index.php
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 11:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(4076)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-02 11:44:28 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-02 10:44
ComboFix2.txt 2012-02-01 22:01
.
Pre-Run: 45.528.731.648 bytes beschikbaar
Post-Run: 45.531.459.584 bytes beschikbaar
.
- - End Of File - - DFF538CA83F0D5918859C1BB51E34242
Groetjes Renate 
Hallo renate,
(let: op sommige kunnen verborgen staan dus eerst even dit uitvoeren:
Mijn documenten > extra > mapopties > tabblad Weergave > klik verborgen bestanden en mappen weergeven > OK):
Het volgende programma kan ernstige schade toebrengen wanneer je hem niet goed gebruikt.
Lees daarom de instructies grondig door.
Download TDSSKiller en sla het op je Bureaublad op.
• Pak de bestanden in tdsskiller.zip uit.
• Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
.jpg)
• Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op je Bureaublad op.
• Start TDSSkiller opnieuw.
• Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
•
.jpg)
• Klik op de knop "Start Scan" en volg de instructies.
Note!
Als er "Threats" gevonden worden volgt er automatisch een vervolgscherm na de scan.
Bij een "Fail signature" melding hoef je geen actie te ondernemen.( Gebruik Skip.)
Standaard wordt bij een "Suspicious object" Skip ingevuld. Laat deze actie zo staan. Eventueel zeggen we later wat je hiermee moet doen.
Bij een "Malicious object" wordt er automatisch de actie Cure of Delete ingevuld.
Kies hierbij altijd voor Cure. Wanneer dit niet mogelijk is, selecteer dan Skip.
Alleen bij een "TDSS File System" kies je voor Delete als Cure niet mogelijk is.
Als je niet weet wat in te vullen, gebruik dan Skip en wacht even op wat we adviseren, voordat je iets Delete.
Klik nu op Continue om verder te gaan.
• Wanneer de scan klaar is klik je op de knop "Report".
• Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.___log.txt
Doe hierna Combofix ook nog een keer en plaats dan:
Het TDSS en Combo logje.
suc6 Ben
Hoi Ben,
(Hier zijn de logs van TDSS en Combofix) ik moet strakjes weg dus als ik lees je berichtje later oké
Groetjes Renate
12:45:38.0312 5940 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
12:45:39.0171 5940 ============================================================
12:45:39.0171 5940 Current date / time: 2012/02/02 12:45:39.0171
12:45:39.0171 5940 SystemInfo:
12:45:39.0171 5940
12:45:39.0171 5940 OS Version: 5.1.2600 ServicePack: 3.0
12:45:39.0171 5940 Product type: Workstation
12:45:39.0171 5940 ComputerName: 2A8DF47D8786474
12:45:39.0171 5940 UserName: Gebruiker
12:45:39.0171 5940 Windows directory: C:\WINDOWS
12:45:39.0171 5940 System windows directory: C:\WINDOWS
12:45:39.0171 5940 Processor architecture: Intel x86
12:45:39.0171 5940 Number of processors: 2
12:45:39.0171 5940 Page size: 0x1000
12:45:39.0171 5940 Boot type: Normal boot
12:45:39.0171 5940 ============================================================
12:45:40.0328 5940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000058
12:45:40.0343 5940 \Device\Harddisk0\DR0:
12:45:40.0359 5940 MBR used
12:45:40.0359 5940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
12:45:40.0375 5940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x27E8A10F
12:45:40.0421 5940 Initialize success
12:45:40.0421 5940 ============================================================
12:47:18.0625 3716 ============================================================
12:47:18.0625 3716 Scan started
12:47:18.0625 3716 Mode: Manual; SigCheck; TDLFS;
12:47:18.0625 3716 ============================================================
12:47:18.0906 3716 Abiosdsk - ok
12:47:18.0921 3716 abp480n5 - ok
12:47:18.0953 3716 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:47:19.0156 3716 ACPI - ok
12:47:19.0187 3716 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:47:19.0296 3716 ACPIEC - ok
12:47:19.0312 3716 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
12:47:19.0421 3716 ADM8511 - ok
12:47:19.0437 3716 adpu160m - ok
12:47:19.0468 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:47:19.0578 3716 aec - ok
12:47:19.0625 3716 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:47:19.0656 3716 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0656 3716 AegisP - detected UnsignedFile.Multi.Generic (1)
12:47:19.0687 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:47:19.0718 3716 AFD - ok
12:47:19.0750 3716 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
12:47:19.0750 3716 AFS2K ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0750 3716 AFS2K - detected UnsignedFile.Multi.Generic (1)
12:47:19.0765 3716 Aha154x - ok
12:47:19.0765 3716 aic78u2 - ok
12:47:19.0781 3716 aic78xx - ok
12:47:19.0796 3716 AliIde - ok
12:47:19.0828 3716 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
12:47:19.0843 3716 AmdPPM - ok
12:47:19.0859 3716 amsint - ok
12:47:19.0859 3716 asc - ok
12:47:19.0906 3716 asc3350p - ok
12:47:19.0921 3716 asc3550 - ok
12:47:19.0984 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:47:20.0078 3716 AsyncMac - ok
12:47:20.0109 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:47:20.0203 3716 atapi - ok
12:47:20.0218 3716 Atdisk - ok
12:47:20.0234 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:47:20.0343 3716 Atmarpc - ok
12:47:20.0359 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:47:20.0468 3716 audstub - ok
12:47:20.0500 3716 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:47:20.0515 3716 Avgfwdx - ok
12:47:20.0515 3716 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:47:20.0515 3716 Avgfwfd - ok
12:47:20.0562 3716 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:47:20.0593 3716 AVGIDSDriver - ok
12:47:20.0609 3716 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:47:20.0625 3716 AVGIDSEH - ok
12:47:20.0640 3716 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:47:20.0656 3716 AVGIDSFilter - ok
12:47:20.0687 3716 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:47:20.0703 3716 AVGIDSShim - ok
12:47:20.0718 3716 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:47:20.0734 3716 Avgldx86 - ok
12:47:20.0750 3716 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:47:20.0750 3716 Avgmfx86 - ok
12:47:20.0765 3716 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:47:20.0781 3716 Avgrkx86 - ok
12:47:20.0796 3716 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:47:20.0812 3716 Avgtdix - ok
12:47:20.0843 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:47:20.0953 3716 Beep - ok
12:47:20.0968 3716 catchme - ok
12:47:20.0984 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:47:21.0093 3716 cbidf2k - ok
12:47:21.0125 3716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:47:21.0250 3716 CCDECODE - ok
12:47:21.0265 3716 cd20xrnt - ok
12:47:21.0265 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:47:21.0390 3716 Cdaudio - ok
12:47:21.0406 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:47:21.0531 3716 Cdfs - ok
12:47:21.0546 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:47:21.0671 3716 Cdrom - ok
12:47:21.0687 3716 Changer - ok
12:47:21.0703 3716 CmdIde - ok
12:47:21.0718 3716 Cpqarray - ok
12:47:21.0718 3716 dac2w2k - ok
12:47:21.0734 3716 dac960nt - ok
12:47:21.0765 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:47:21.0875 3716 Disk - ok
12:47:21.0921 3716 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
12:47:22.0062 3716 dmboot - ok
12:47:22.0078 3716 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
12:47:22.0203 3716 dmio - ok
12:47:22.0218 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:47:22.0343 3716 dmload - ok
12:47:22.0375 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:47:22.0515 3716 DMusic - ok
12:47:22.0531 3716 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
12:47:22.0546 3716 Dot4 HPH11 - ok
12:47:22.0562 3716 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
12:47:22.0578 3716 Dot4Print HPH11 - ok
12:47:22.0609 3716 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
12:47:22.0625 3716 Dot4Usb HPH11 - ok
12:47:22.0640 3716 dpti2o - ok
12:47:22.0640 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:47:22.0765 3716 drmkaud - ok
12:47:22.0796 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:47:22.0921 3716 Fastfat - ok
12:47:22.0937 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:47:23.0062 3716 Fdc - ok
12:47:23.0078 3716 Fips (dc36d0372a92273bf5c3c30db8971417) C:\WINDOWS\system32\drivers\Fips.sys
12:47:23.0093 3716 Fips ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0093 3716 Fips - detected UnsignedFile.Multi.Generic (1)
12:47:23.0109 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:47:23.0234 3716 Flpydisk - ok
12:47:23.0265 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:47:23.0406 3716 FltMgr - ok
12:47:23.0421 3716 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
12:47:23.0437 3716 fssfltr - ok
12:47:23.0453 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:47:23.0578 3716 Fs_Rec - ok
12:47:23.0578 3716 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:47:23.0718 3716 Ftdisk - ok
12:47:23.0734 3716 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:47:23.0859 3716 gameenum - ok
12:47:23.0875 3716 GEARAspiWDM (9355d23fa5bca4d8ecf69b2c77659fe3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:47:23.0890 3716 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0890 3716 GEARAspiWDM - detected UnsignedFile.Multi.Generic (1)
12:47:23.0906 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:47:24.0031 3716 Gpc - ok
12:47:24.0062 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:47:24.0187 3716 HDAudBus - ok
12:47:24.0218 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:47:24.0343 3716 HidUsb - ok
12:47:24.0343 3716 hpn - ok
12:47:24.0375 3716 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:47:24.0406 3716 HPZid412 - ok
12:47:24.0406 3716 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:47:24.0421 3716 HPZipr12 - ok
12:47:24.0453 3716 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:47:24.0468 3716 HPZius12 - ok
12:47:24.0500 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:47:24.0515 3716 HTTP - ok
12:47:24.0531 3716 i2omgmt - ok
12:47:24.0531 3716 i2omp - ok
12:47:24.0562 3716 i8042prt (93eeb122b6203d31719e0dd677643e30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:47:24.0562 3716 i8042prt ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0562 3716 i8042prt - detected UnsignedFile.Multi.Generic (1)
12:47:24.0578 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:47:24.0687 3716 Imapi - ok
12:47:24.0703 3716 ini910u - ok
12:47:24.0828 3716 IntcAzAudAddService (a7d3a1b2cabdab81ead07c204adb7ce1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:47:24.0968 3716 IntcAzAudAddService - ok
12:47:24.0984 3716 IntelIde - ok
12:47:25.0015 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:47:25.0156 3716 Ip6Fw - ok
12:47:25.0187 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:47:25.0296 3716 IpFilterDriver - ok
12:47:25.0312 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:47:25.0437 3716 IpInIp - ok
12:47:25.0437 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:47:25.0562 3716 IpNat - ok
12:47:25.0562 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:47:25.0687 3716 IPSec - ok
12:47:25.0718 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:47:25.0781 3716 IRENUM - ok
12:47:25.0812 3716 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:47:25.0921 3716 isapnp - ok
12:47:25.0937 3716 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:47:26.0078 3716 Kbdclass - ok
12:47:26.0093 3716 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:47:26.0203 3716 kbdhid - ok
12:47:26.0218 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:47:26.0343 3716 kmixer - ok
12:47:26.0359 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:47:26.0390 3716 KSecDD - ok
12:47:26.0406 3716 lbrtfdc - ok
12:47:26.0437 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:47:26.0562 3716 mnmdd - ok
12:47:26.0578 3716 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
12:47:26.0703 3716 Modem - ok
12:47:26.0703 3716 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:47:26.0828 3716 Mouclass - ok
12:47:26.0843 3716 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:47:26.0968 3716 mouhid - ok
12:47:26.0984 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:47:27.0109 3716 MountMgr - ok
12:47:27.0187 3716 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:47:27.0312 3716 MPE - ok
12:47:27.0312 3716 mraid35x - ok
12:47:27.0328 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:47:27.0437 3716 MRxDAV - ok
12:47:27.0484 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:47:27.0500 3716 MRxSmb - ok
12:47:27.0515 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:47:27.0640 3716 Msfs - ok
12:47:27.0671 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:47:27.0781 3716 MSKSSRV - ok
12:47:27.0812 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:47:27.0921 3716 MSPCLOCK - ok
12:47:27.0937 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:47:28.0078 3716 MSPQM - ok
12:47:28.0093 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:47:28.0218 3716 mssmbios - ok
12:47:28.0234 3716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:47:28.0359 3716 MSTEE - ok
12:47:28.0375 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:47:28.0406 3716 Mup - ok
12:47:28.0421 3716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:47:28.0546 3716 NABTSFEC - ok
12:47:28.0546 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:47:28.0671 3716 NDIS - ok
12:47:28.0687 3716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:47:28.0812 3716 NdisIP - ok
12:47:28.0843 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:47:28.0859 3716 NdisTapi - ok
12:47:28.0875 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:47:28.0984 3716 Ndisuio - ok
12:47:29.0000 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:47:29.0125 3716 NdisWan - ok
12:47:29.0125 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:47:29.0156 3716 NDProxy - ok
12:47:29.0171 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:47:29.0296 3716 NetBIOS - ok
12:47:29.0312 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:47:29.0437 3716 NetBT - ok
12:47:29.0468 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:47:29.0578 3716 Npfs - ok
12:47:29.0625 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:47:29.0750 3716 Ntfs - ok
12:47:29.0765 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:47:29.0890 3716 Null - ok
12:47:30.0187 3716 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:47:30.0531 3716 nv - ok
12:47:30.0625 3716 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:47:30.0640 3716 NVENETFD - ok
12:47:30.0656 3716 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
12:47:30.0671 3716 nvgts - ok
12:47:30.0687 3716 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:47:30.0718 3716 nvnetbus - ok
12:47:30.0750 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:47:30.0859 3716 NwlnkFlt - ok
12:47:30.0859 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:47:31.0000 3716 NwlnkFwd - ok
12:47:31.0031 3716 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
12:47:31.0140 3716 Parport - ok
12:47:31.0156 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:47:31.0281 3716 PartMgr - ok
12:47:31.0296 3716 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
12:47:31.0421 3716 ParVdm - ok
12:47:31.0437 3716 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
12:47:31.0562 3716 PCI - ok
12:47:31.0562 3716 PCIDump - ok
12:47:31.0578 3716 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:47:31.0671 3716 PCIIde - ok
12:47:31.0703 3716 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:47:31.0812 3716 Pcmcia - ok
12:47:31.0828 3716 PDCOMP - ok
12:47:31.0828 3716 PDFRAME - ok
12:47:31.0843 3716 PDRELI - ok
12:47:31.0843 3716 PDRFRAME - ok
12:47:31.0859 3716 perc2 - ok
12:47:31.0859 3716 perc2hib - ok
12:47:31.0906 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:47:32.0015 3716 PptpMiniport - ok
12:47:32.0046 3716 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
12:47:32.0156 3716 Processor - ok
12:47:32.0171 3716 prodrv06 (5ac2dcbbceb5534bfcd88c2670993f3c) C:\WINDOWS\System32\drivers\prodrv06.sys
12:47:32.0218 3716 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0218 3716 prodrv06 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0234 3716 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
12:47:32.0234 3716 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0234 3716 prohlp02 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0265 3716 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
12:47:32.0265 3716 prosync1 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0265 3716 prosync1 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0281 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:47:32.0390 3716 PSched - ok
12:47:32.0406 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:47:32.0515 3716 Ptilink - ok
12:47:32.0531 3716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:47:32.0546 3716 PxHelp20 - ok
12:47:32.0546 3716 ql1080 - ok
12:47:32.0562 3716 Ql10wnt - ok
12:47:32.0562 3716 ql12160 - ok
12:47:32.0578 3716 ql1240 - ok
12:47:32.0593 3716 ql1280 - ok
12:47:32.0593 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:47:32.0734 3716 RasAcd - ok
12:47:32.0750 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:47:32.0843 3716 Rasl2tp - ok
12:47:32.0859 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:47:32.0984 3716 RasPppoe - ok
12:47:32.0984 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:47:33.0093 3716 Raspti - ok
12:47:33.0125 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:47:33.0234 3716 Rdbss - ok
12:47:33.0250 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:47:33.0375 3716 RDPCDD - ok
12:47:33.0406 3716 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:47:33.0421 3716 RDPWD - ok
12:47:33.0468 3716 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:47:33.0562 3716 redbook - ok
12:47:33.0593 3716 RTLWUSB - ok
12:47:33.0625 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:47:33.0671 3716 Secdrv - ok
12:47:33.0687 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:47:33.0796 3716 serenum - ok
12:47:33.0796 3716 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
12:47:33.0921 3716 Serial - ok
12:47:33.0953 3716 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
12:47:33.0953 3716 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
12:47:33.0953 3716 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
12:47:33.0968 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:47:34.0078 3716 Sfloppy - ok
12:47:34.0093 3716 Simbad - ok
12:47:34.0125 3716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:47:34.0234 3716 SLIP - ok
12:47:34.0250 3716 SMIGrabber3C - ok
12:47:34.0265 3716 Sparrow - ok
12:47:34.0296 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:47:34.0421 3716 splitter - ok
12:47:34.0468 3716 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
12:47:34.0468 3716 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
12:47:34.0468 3716 sptd ( LockedFile.Multi.Generic ) - warning
12:47:34.0468 3716 sptd - detected LockedFile.Multi.Generic (1)
12:47:34.0484 3716 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
12:47:34.0546 3716 sr - ok
12:47:34.0562 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:47:34.0578 3716 Srv - ok
12:47:34.0593 3716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:47:34.0703 3716 streamip - ok
12:47:34.0718 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:47:34.0843 3716 swenum - ok
12:47:34.0859 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:47:34.0968 3716 swmidi - ok
12:47:34.0968 3716 symc810 - ok
12:47:34.0984 3716 symc8xx - ok
12:47:35.0000 3716 sym_hi - ok
12:47:35.0000 3716 sym_u3 - ok
12:47:35.0015 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:47:35.0140 3716 sysaudio - ok
12:47:35.0171 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:47:35.0203 3716 Tcpip - ok
12:47:35.0218 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:47:35.0328 3716 TDPIPE - ok
12:47:35.0343 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:47:35.0468 3716 TDTCP - ok
12:47:35.0484 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:47:35.0593 3716 TermDD - ok
12:47:35.0609 3716 TosIde - ok
12:47:35.0640 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:47:35.0750 3716 Udfs - ok
12:47:35.0765 3716 ultra - ok
12:47:35.0781 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:47:35.0890 3716 Update - ok
12:47:35.0921 3716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:47:36.0046 3716 usbaudio - ok
12:47:36.0062 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:47:36.0156 3716 usbccgp - ok
12:47:36.0187 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:47:36.0296 3716 usbehci - ok
12:47:36.0328 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:47:36.0437 3716 usbhub - ok
12:47:36.0453 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:47:36.0562 3716 usbohci - ok
12:47:36.0578 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:47:36.0703 3716 usbprint - ok
12:47:36.0718 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:47:36.0843 3716 usbscan - ok
12:47:36.0859 3716 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:47:36.0968 3716 usbstor - ok
12:47:37.0000 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:47:37.0109 3716 VgaSave - ok
12:47:37.0109 3716 ViaIde - ok
12:47:37.0140 3716 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
12:47:37.0250 3716 VolSnap - ok
12:47:37.0265 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:47:37.0375 3716 Wanarp - ok
12:47:37.0375 3716 WDICA - ok
12:47:37.0406 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:47:37.0531 3716 wdmaud - ok
12:47:37.0593 3716 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:47:37.0625 3716 WpdUsb - ok
12:47:37.0656 3716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:47:37.0765 3716 WS2IFSL - ok
12:47:37.0796 3716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:47:37.0921 3716 WSTCODEC - ok
12:47:37.0937 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:47:37.0953 3716 WudfPf - ok
12:47:37.0968 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:47:37.0984 3716 WudfRd - ok
12:47:38.0000 3716 xpsec - ok
12:47:38.0031 3716 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0
12:47:38.0031 3716 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
12:47:38.0031 3716 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
12:47:38.0109 3716 Boot (0x1200) (c8c4af41e08fb811d872c8a5f28d09b3) \Device\Harddisk0\DR0\Partition0
12:47:38.0109 3716 \Device\Harddisk0\DR0\Partition0 - ok
12:47:38.0109 3716 Boot (0x1200) (2a1ceef7309fc669b0cba46ac40f1dce) \Device\Harddisk0\DR0\Partition1
12:47:38.0109 3716 \Device\Harddisk0\DR0\Partition1 - ok
12:47:38.0109 3716 ============================================================
12:47:38.0109 3716 Scan finished
12:47:38.0109 3716 ============================================================
12:47:38.0218 0628 Detected object count: 11
12:47:38.0218 0628 Actual detected object count: 11
12:48:55.0906 0628 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:48:56.0171 0628 \Device\Harddisk0\DR0\# - copied to quarantine
12:48:56.0171 0628 \Device\Harddisk0\DR0 - copied to quarantine
12:48:56.0171 0628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
12:48:56.0171 0628 \Device\Harddisk0\DR0 - ok
12:48:56.0171 0628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
ComboFix 12-02-02.01 - Gebruiker 02-02-2012 12:56:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1464
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-02 to 2012-02-02 ))))))))))))))))))))))))))))))
.
.
2012-02-02 11:54 . 2012-02-02 11:54 8646 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-02-02 11:54 . 2012-02-02 11:54 6429 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-02-02 11:54 . 2012-02-02 11:54 63115 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-02-02 11:54 . 2012-02-02 11:54 4599 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-02-02 11:48 . 2012-02-02 11:48 ——– d—–w- C:\TDSSKiller_Quarantine
2012-02-02 10:31 . 2012-02-02 11:31 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2012-02-01 18:04 . 2012-02-01 18:04 388096 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 18:04 . 2012-02-01 18:04 ——– d—–w- c:\program files\Trend Micro
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Uniblue
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\program files\Uniblue
2012-02-01 10:24 . 2012-02-01 10:24 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 10:23 . 2012-02-01 10:23 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-01-28 14:37 . 2012-01-28 14:37 ——– d—–w- c:\windows\system32\wbem\Repository
2012-01-24 19:50 . 2007-03-09 10:25 2321288 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-24 19:50 . 2012-01-17 03:39 6557240 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBC13CF3-27CF-4B39-80AC-8186FC282A67}\mpengine.dll
2012-01-24 19:49 . 2012-01-24 19:49 ——– d—–w- c:\program files\Windows Defender
2012-01-24 19:45 . 2012-01-24 19:45 ——– d—–w- c:\program files\Common Files\Bitdefender
2012-01-24 18:18 . 2012-01-24 18:18 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET
2012-01-24 12:27 . 2006-06-19 12:01 69632 —-a-w- c:\windows\system32\ztvcabinet.dll
2012-01-24 12:27 . 2006-05-25 14:52 162304 —-a-w- c:\windows\system32\ztvunrar36.dll
2012-01-24 12:27 . 2005-08-26 00:50 77312 —-a-w- c:\windows\system32\ztvunace26.dll
2012-01-24 12:27 . 2003-02-02 19:06 153088 —-a-w- c:\windows\system32\UNRAR3.dll
2012-01-24 12:27 . 2002-03-06 00:00 75264 —-a-w- c:\windows\system32\unacev2.dll
2012-01-24 12:27 . 2012-01-24 12:27 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Simply Super Software
2012-01-22 17:49 . 2012-01-31 12:44 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:39 . 2012-01-20 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallMate
2012-01-20 15:30 . 2012-01-22 01:19 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Xefy
2012-01-17 16:22 . 2012-01-17 16:22 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DDMSettings
2012-01-17 16:20 . 2012-01-18 11:44 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DivX
2012-01-17 16:18 . 2012-01-17 16:19 ——– d—–w- c:\program files\Common Files\DivX Shared
2012-01-17 16:16 . 2012-01-20 15:57 ——– d—–w- c:\program files\DivX
2012-01-17 16:15 . 2012-01-17 16:20 ——– d—–w- c:\documents and settings\All Users\Application Data\DivX
2012-01-04 00:48 . 2012-01-04 00:48 354176 —-a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-10-29 15:10 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 12:54 . 2011-11-29 12:54 82380 —-a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-23 01:41 . 2011-06-03 17:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2008-09-03 06:25 77312 –sh–r- c:\windows\system32\devcon_001.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_21.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 11:53 . 2012-02-02 11:53 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“SkyTel”=“SkyTel.EXE”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“NvMCTray.dll”
“nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
c:\windows\system32\dumprep 0 -k
.
2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
2009-08-20 23:04 154256 —-a-w- c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll
.
2011-07-28 23:08 1259376 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2001-07-09 09:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
.
2011-11-07 08:26 67456 —-a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
2004-11-02 18:24 32768 —-a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
2012-01-20 13:03 4027056 —-a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\spotify.exe
.
2009-08-20 23:03 105616 —-a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“AntiVirusOverride”=dword:00000001
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgam.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Application Data\\Spotify\\spotify.exe”=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys –> c:\windows\system32\Drivers\SmiUsbGrabber3C.sys
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322571564.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
2012-02-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.zeelandnet.nl/index.php
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-02 13:01:54
ComboFix-quarantined-files.txt 2012-02-02 12:01
ComboFix2.txt 2012-02-02 10:44
ComboFix3.txt 2012-02-01 22:01
.
Pre-Run: 45.551.550.464 bytes beschikbaar
Post-Run: 45.550.325.760 bytes beschikbaar
.
- - End Of File - - 88AA0B31AAE405257D2A8D422A8D5608
Hoi Huib,
Ben net terug wat een heerlijke wandeling ong 2 uur geleden had Ben mij een progamma link verstuurd om TDSSkiller te downloaden ik heb dat inmiddels gedaan en dit was de log.
Ook moest ik opnieuw combofix laten draaien daar heb ik ook de log van (zie onder log TDSSkiller)
De Pc is inmiddels wel sneller geworden (opstarten en kan sneller op internet komen)
Groetjes Renate
12:45:38.0312 5940 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
12:45:39.0171 5940 ============================================================
12:45:39.0171 5940 Current date / time: 2012/02/02 12:45:39.0171
12:45:39.0171 5940 SystemInfo:
12:45:39.0171 5940
12:45:39.0171 5940 OS Version: 5.1.2600 ServicePack: 3.0
12:45:39.0171 5940 Product type: Workstation
12:45:39.0171 5940 ComputerName: 2A8DF47D8786474
12:45:39.0171 5940 UserName: Gebruiker
12:45:39.0171 5940 Windows directory: C:\WINDOWS
12:45:39.0171 5940 System windows directory: C:\WINDOWS
12:45:39.0171 5940 Processor architecture: Intel x86
12:45:39.0171 5940 Number of processors: 2
12:45:39.0171 5940 Page size: 0x1000
12:45:39.0171 5940 Boot type: Normal boot
12:45:39.0171 5940 ============================================================
12:45:40.0328 5940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000058
12:45:40.0343 5940 \Device\Harddisk0\DR0:
12:45:40.0359 5940 MBR used
12:45:40.0359 5940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
12:45:40.0375 5940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x27E8A10F
12:45:40.0421 5940 Initialize success
12:45:40.0421 5940 ============================================================
12:47:18.0625 3716 ============================================================
12:47:18.0625 3716 Scan started
12:47:18.0625 3716 Mode: Manual; SigCheck; TDLFS;
12:47:18.0625 3716 ============================================================
12:47:18.0906 3716 Abiosdsk - ok
12:47:18.0921 3716 abp480n5 - ok
12:47:18.0953 3716 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:47:19.0156 3716 ACPI - ok
12:47:19.0187 3716 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:47:19.0296 3716 ACPIEC - ok
12:47:19.0312 3716 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
12:47:19.0421 3716 ADM8511 - ok
12:47:19.0437 3716 adpu160m - ok
12:47:19.0468 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:47:19.0578 3716 aec - ok
12:47:19.0625 3716 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:47:19.0656 3716 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0656 3716 AegisP - detected UnsignedFile.Multi.Generic (1)
12:47:19.0687 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:47:19.0718 3716 AFD - ok
12:47:19.0750 3716 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
12:47:19.0750 3716 AFS2K ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0750 3716 AFS2K - detected UnsignedFile.Multi.Generic (1)
12:47:19.0765 3716 Aha154x - ok
12:47:19.0765 3716 aic78u2 - ok
12:47:19.0781 3716 aic78xx - ok
12:47:19.0796 3716 AliIde - ok
12:47:19.0828 3716 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
12:47:19.0843 3716 AmdPPM - ok
12:47:19.0859 3716 amsint - ok
12:47:19.0859 3716 asc - ok
12:47:19.0906 3716 asc3350p - ok
12:47:19.0921 3716 asc3550 - ok
12:47:19.0984 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:47:20.0078 3716 AsyncMac - ok
12:47:20.0109 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:47:20.0203 3716 atapi - ok
12:47:20.0218 3716 Atdisk - ok
12:47:20.0234 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:47:20.0343 3716 Atmarpc - ok
12:47:20.0359 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:47:20.0468 3716 audstub - ok
12:47:20.0500 3716 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:47:20.0515 3716 Avgfwdx - ok
12:47:20.0515 3716 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:47:20.0515 3716 Avgfwfd - ok
12:47:20.0562 3716 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:47:20.0593 3716 AVGIDSDriver - ok
12:47:20.0609 3716 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:47:20.0625 3716 AVGIDSEH - ok
12:47:20.0640 3716 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:47:20.0656 3716 AVGIDSFilter - ok
12:47:20.0687 3716 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:47:20.0703 3716 AVGIDSShim - ok
12:47:20.0718 3716 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:47:20.0734 3716 Avgldx86 - ok
12:47:20.0750 3716 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:47:20.0750 3716 Avgmfx86 - ok
12:47:20.0765 3716 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:47:20.0781 3716 Avgrkx86 - ok
12:47:20.0796 3716 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:47:20.0812 3716 Avgtdix - ok
12:47:20.0843 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:47:20.0953 3716 Beep - ok
12:47:20.0968 3716 catchme - ok
12:47:20.0984 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:47:21.0093 3716 cbidf2k - ok
12:47:21.0125 3716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:47:21.0250 3716 CCDECODE - ok
12:47:21.0265 3716 cd20xrnt - ok
12:47:21.0265 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:47:21.0390 3716 Cdaudio - ok
12:47:21.0406 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:47:21.0531 3716 Cdfs - ok
12:47:21.0546 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:47:21.0671 3716 Cdrom - ok
12:47:21.0687 3716 Changer - ok
12:47:21.0703 3716 CmdIde - ok
12:47:21.0718 3716 Cpqarray - ok
12:47:21.0718 3716 dac2w2k - ok
12:47:21.0734 3716 dac960nt - ok
12:47:21.0765 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:47:21.0875 3716 Disk - ok
12:47:21.0921 3716 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
12:47:22.0062 3716 dmboot - ok
12:47:22.0078 3716 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
12:47:22.0203 3716 dmio - ok
12:47:22.0218 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:47:22.0343 3716 dmload - ok
12:47:22.0375 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:47:22.0515 3716 DMusic - ok
12:47:22.0531 3716 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
12:47:22.0546 3716 Dot4 HPH11 - ok
12:47:22.0562 3716 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
12:47:22.0578 3716 Dot4Print HPH11 - ok
12:47:22.0609 3716 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
12:47:22.0625 3716 Dot4Usb HPH11 - ok
12:47:22.0640 3716 dpti2o - ok
12:47:22.0640 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:47:22.0765 3716 drmkaud - ok
12:47:22.0796 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:47:22.0921 3716 Fastfat - ok
12:47:22.0937 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:47:23.0062 3716 Fdc - ok
12:47:23.0078 3716 Fips (dc36d0372a92273bf5c3c30db8971417) C:\WINDOWS\system32\drivers\Fips.sys
12:47:23.0093 3716 Fips ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0093 3716 Fips - detected UnsignedFile.Multi.Generic (1)
12:47:23.0109 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:47:23.0234 3716 Flpydisk - ok
12:47:23.0265 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:47:23.0406 3716 FltMgr - ok
12:47:23.0421 3716 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
12:47:23.0437 3716 fssfltr - ok
12:47:23.0453 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:47:23.0578 3716 Fs_Rec - ok
12:47:23.0578 3716 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:47:23.0718 3716 Ftdisk - ok
12:47:23.0734 3716 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:47:23.0859 3716 gameenum - ok
12:47:23.0875 3716 GEARAspiWDM (9355d23fa5bca4d8ecf69b2c77659fe3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:47:23.0890 3716 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0890 3716 GEARAspiWDM - detected UnsignedFile.Multi.Generic (1)
12:47:23.0906 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:47:24.0031 3716 Gpc - ok
12:47:24.0062 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:47:24.0187 3716 HDAudBus - ok
12:47:24.0218 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:47:24.0343 3716 HidUsb - ok
12:47:24.0343 3716 hpn - ok
12:47:24.0375 3716 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:47:24.0406 3716 HPZid412 - ok
12:47:24.0406 3716 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:47:24.0421 3716 HPZipr12 - ok
12:47:24.0453 3716 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:47:24.0468 3716 HPZius12 - ok
12:47:24.0500 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:47:24.0515 3716 HTTP - ok
12:47:24.0531 3716 i2omgmt - ok
12:47:24.0531 3716 i2omp - ok
12:47:24.0562 3716 i8042prt (93eeb122b6203d31719e0dd677643e30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:47:24.0562 3716 i8042prt ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0562 3716 i8042prt - detected UnsignedFile.Multi.Generic (1)
12:47:24.0578 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:47:24.0687 3716 Imapi - ok
12:47:24.0703 3716 ini910u - ok
12:47:24.0828 3716 IntcAzAudAddService (a7d3a1b2cabdab81ead07c204adb7ce1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:47:24.0968 3716 IntcAzAudAddService - ok
12:47:24.0984 3716 IntelIde - ok
12:47:25.0015 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:47:25.0156 3716 Ip6Fw - ok
12:47:25.0187 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:47:25.0296 3716 IpFilterDriver - ok
12:47:25.0312 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:47:25.0437 3716 IpInIp - ok
12:47:25.0437 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:47:25.0562 3716 IpNat - ok
12:47:25.0562 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:47:25.0687 3716 IPSec - ok
12:47:25.0718 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:47:25.0781 3716 IRENUM - ok
12:47:25.0812 3716 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:47:25.0921 3716 isapnp - ok
12:47:25.0937 3716 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:47:26.0078 3716 Kbdclass - ok
12:47:26.0093 3716 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:47:26.0203 3716 kbdhid - ok
12:47:26.0218 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:47:26.0343 3716 kmixer - ok
12:47:26.0359 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:47:26.0390 3716 KSecDD - ok
12:47:26.0406 3716 lbrtfdc - ok
12:47:26.0437 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:47:26.0562 3716 mnmdd - ok
12:47:26.0578 3716 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
12:47:26.0703 3716 Modem - ok
12:47:26.0703 3716 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:47:26.0828 3716 Mouclass - ok
12:47:26.0843 3716 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:47:26.0968 3716 mouhid - ok
12:47:26.0984 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:47:27.0109 3716 MountMgr - ok
12:47:27.0187 3716 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:47:27.0312 3716 MPE - ok
12:47:27.0312 3716 mraid35x - ok
12:47:27.0328 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:47:27.0437 3716 MRxDAV - ok
12:47:27.0484 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:47:27.0500 3716 MRxSmb - ok
12:47:27.0515 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:47:27.0640 3716 Msfs - ok
12:47:27.0671 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:47:27.0781 3716 MSKSSRV - ok
12:47:27.0812 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:47:27.0921 3716 MSPCLOCK - ok
12:47:27.0937 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:47:28.0078 3716 MSPQM - ok
12:47:28.0093 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:47:28.0218 3716 mssmbios - ok
12:47:28.0234 3716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:47:28.0359 3716 MSTEE - ok
12:47:28.0375 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:47:28.0406 3716 Mup - ok
12:47:28.0421 3716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:47:28.0546 3716 NABTSFEC - ok
12:47:28.0546 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:47:28.0671 3716 NDIS - ok
12:47:28.0687 3716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:47:28.0812 3716 NdisIP - ok
12:47:28.0843 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:47:28.0859 3716 NdisTapi - ok
12:47:28.0875 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:47:28.0984 3716 Ndisuio - ok
12:47:29.0000 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:47:29.0125 3716 NdisWan - ok
12:47:29.0125 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:47:29.0156 3716 NDProxy - ok
12:47:29.0171 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:47:29.0296 3716 NetBIOS - ok
12:47:29.0312 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:47:29.0437 3716 NetBT - ok
12:47:29.0468 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:47:29.0578 3716 Npfs - ok
12:47:29.0625 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:47:29.0750 3716 Ntfs - ok
12:47:29.0765 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:47:29.0890 3716 Null - ok
12:47:30.0187 3716 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:47:30.0531 3716 nv - ok
12:47:30.0625 3716 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:47:30.0640 3716 NVENETFD - ok
12:47:30.0656 3716 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
12:47:30.0671 3716 nvgts - ok
12:47:30.0687 3716 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:47:30.0718 3716 nvnetbus - ok
12:47:30.0750 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:47:30.0859 3716 NwlnkFlt - ok
12:47:30.0859 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:47:31.0000 3716 NwlnkFwd - ok
12:47:31.0031 3716 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
12:47:31.0140 3716 Parport - ok
12:47:31.0156 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:47:31.0281 3716 PartMgr - ok
12:47:31.0296 3716 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
12:47:31.0421 3716 ParVdm - ok
12:47:31.0437 3716 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
12:47:31.0562 3716 PCI - ok
12:47:31.0562 3716 PCIDump - ok
12:47:31.0578 3716 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:47:31.0671 3716 PCIIde - ok
12:47:31.0703 3716 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:47:31.0812 3716 Pcmcia - ok
12:47:31.0828 3716 PDCOMP - ok
12:47:31.0828 3716 PDFRAME - ok
12:47:31.0843 3716 PDRELI - ok
12:47:31.0843 3716 PDRFRAME - ok
12:47:31.0859 3716 perc2 - ok
12:47:31.0859 3716 perc2hib - ok
12:47:31.0906 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:47:32.0015 3716 PptpMiniport - ok
12:47:32.0046 3716 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
12:47:32.0156 3716 Processor - ok
12:47:32.0171 3716 prodrv06 (5ac2dcbbceb5534bfcd88c2670993f3c) C:\WINDOWS\System32\drivers\prodrv06.sys
12:47:32.0218 3716 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0218 3716 prodrv06 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0234 3716 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
12:47:32.0234 3716 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0234 3716 prohlp02 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0265 3716 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
12:47:32.0265 3716 prosync1 ( UnsignedFile.Multi.Generic ) - warning
12:47:32.0265 3716 prosync1 - detected UnsignedFile.Multi.Generic (1)
12:47:32.0281 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:47:32.0390 3716 PSched - ok
12:47:32.0406 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:47:32.0515 3716 Ptilink - ok
12:47:32.0531 3716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:47:32.0546 3716 PxHelp20 - ok
12:47:32.0546 3716 ql1080 - ok
12:47:32.0562 3716 Ql10wnt - ok
12:47:32.0562 3716 ql12160 - ok
12:47:32.0578 3716 ql1240 - ok
12:47:32.0593 3716 ql1280 - ok
12:47:32.0593 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:47:32.0734 3716 RasAcd - ok
12:47:32.0750 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:47:32.0843 3716 Rasl2tp - ok
12:47:32.0859 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:47:32.0984 3716 RasPppoe - ok
12:47:32.0984 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:47:33.0093 3716 Raspti - ok
12:47:33.0125 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:47:33.0234 3716 Rdbss - ok
12:47:33.0250 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:47:33.0375 3716 RDPCDD - ok
12:47:33.0406 3716 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:47:33.0421 3716 RDPWD - ok
12:47:33.0468 3716 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:47:33.0562 3716 redbook - ok
12:47:33.0593 3716 RTLWUSB - ok
12:47:33.0625 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:47:33.0671 3716 Secdrv - ok
12:47:33.0687 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:47:33.0796 3716 serenum - ok
12:47:33.0796 3716 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
12:47:33.0921 3716 Serial - ok
12:47:33.0953 3716 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
12:47:33.0953 3716 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
12:47:33.0953 3716 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
12:47:33.0968 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:47:34.0078 3716 Sfloppy - ok
12:47:34.0093 3716 Simbad - ok
12:47:34.0125 3716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:47:34.0234 3716 SLIP - ok
12:47:34.0250 3716 SMIGrabber3C - ok
12:47:34.0265 3716 Sparrow - ok
12:47:34.0296 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:47:34.0421 3716 splitter - ok
12:47:34.0468 3716 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
12:47:34.0468 3716 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
12:47:34.0468 3716 sptd ( LockedFile.Multi.Generic ) - warning
12:47:34.0468 3716 sptd - detected LockedFile.Multi.Generic (1)
12:47:34.0484 3716 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
12:47:34.0546 3716 sr - ok
12:47:34.0562 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:47:34.0578 3716 Srv - ok
12:47:34.0593 3716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:47:34.0703 3716 streamip - ok
12:47:34.0718 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:47:34.0843 3716 swenum - ok
12:47:34.0859 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:47:34.0968 3716 swmidi - ok
12:47:34.0968 3716 symc810 - ok
12:47:34.0984 3716 symc8xx - ok
12:47:35.0000 3716 sym_hi - ok
12:47:35.0000 3716 sym_u3 - ok
12:47:35.0015 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:47:35.0140 3716 sysaudio - ok
12:47:35.0171 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:47:35.0203 3716 Tcpip - ok
12:47:35.0218 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:47:35.0328 3716 TDPIPE - ok
12:47:35.0343 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:47:35.0468 3716 TDTCP - ok
12:47:35.0484 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:47:35.0593 3716 TermDD - ok
12:47:35.0609 3716 TosIde - ok
12:47:35.0640 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:47:35.0750 3716 Udfs - ok
12:47:35.0765 3716 ultra - ok
12:47:35.0781 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:47:35.0890 3716 Update - ok
12:47:35.0921 3716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:47:36.0046 3716 usbaudio - ok
12:47:36.0062 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:47:36.0156 3716 usbccgp - ok
12:47:36.0187 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:47:36.0296 3716 usbehci - ok
12:47:36.0328 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:47:36.0437 3716 usbhub - ok
12:47:36.0453 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:47:36.0562 3716 usbohci - ok
12:47:36.0578 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:47:36.0703 3716 usbprint - ok
12:47:36.0718 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:47:36.0843 3716 usbscan - ok
12:47:36.0859 3716 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:47:36.0968 3716 usbstor - ok
12:47:37.0000 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:47:37.0109 3716 VgaSave - ok
12:47:37.0109 3716 ViaIde - ok
12:47:37.0140 3716 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
12:47:37.0250 3716 VolSnap - ok
12:47:37.0265 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:47:37.0375 3716 Wanarp - ok
12:47:37.0375 3716 WDICA - ok
12:47:37.0406 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:47:37.0531 3716 wdmaud - ok
12:47:37.0593 3716 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:47:37.0625 3716 WpdUsb - ok
12:47:37.0656 3716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:47:37.0765 3716 WS2IFSL - ok
12:47:37.0796 3716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:47:37.0921 3716 WSTCODEC - ok
12:47:37.0937 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:47:37.0953 3716 WudfPf - ok
12:47:37.0968 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:47:37.0984 3716 WudfRd - ok
12:47:38.0000 3716 xpsec - ok
12:47:38.0031 3716 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0
12:47:38.0031 3716 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
12:47:38.0031 3716 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
12:47:38.0109 3716 Boot (0x1200) (c8c4af41e08fb811d872c8a5f28d09b3) \Device\Harddisk0\DR0\Partition0
12:47:38.0109 3716 \Device\Harddisk0\DR0\Partition0 - ok
12:47:38.0109 3716 Boot (0x1200) (2a1ceef7309fc669b0cba46ac40f1dce) \Device\Harddisk0\DR0\Partition1
12:47:38.0109 3716 \Device\Harddisk0\DR0\Partition1 - ok
12:47:38.0109 3716 ============================================================
12:47:38.0109 3716 Scan finished
12:47:38.0109 3716 ============================================================
12:47:38.0218 0628 Detected object count: 11
12:47:38.0218 0628 Actual detected object count: 11
12:48:55.0906 0628 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:55.0906 0628 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:48:55.0906 0628 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:48:56.0171 0628 \Device\Harddisk0\DR0\# - copied to quarantine
12:48:56.0171 0628 \Device\Harddisk0\DR0 - copied to quarantine
12:48:56.0171 0628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
12:48:56.0171 0628 \Device\Harddisk0\DR0 - ok
12:48:56.0171 0628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
(Combofix Log)
ComboFix 12-02-02.01 - Gebruiker 02-02-2012 12:56:17.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1464
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-02 to 2012-02-02 ))))))))))))))))))))))))))))))
.
.
2012-02-02 11:54 . 2012-02-02 11:54 8646 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-02-02 11:54 . 2012-02-02 11:54 6429 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-02-02 11:54 . 2012-02-02 11:54 63115 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-02-02 11:54 . 2012-02-02 11:54 4599 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-02-02 11:48 . 2012-02-02 11:48 ——– d—–w- C:\TDSSKiller_Quarantine
2012-02-02 10:31 . 2012-02-02 11:31 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2012-02-01 18:04 . 2012-02-01 18:04 388096 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 18:04 . 2012-02-01 18:04 ——– d—–w- c:\program files\Trend Micro
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Uniblue
2012-02-01 10:24 . 2012-02-01 22:14 ——– d—–w- c:\program files\Uniblue
2012-02-01 10:24 . 2012-02-01 10:24 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 10:23 . 2012-02-01 10:23 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-01-28 14:37 . 2012-01-28 14:37 ——– d—–w- c:\windows\system32\wbem\Repository
2012-01-24 19:50 . 2007-03-09 10:25 2321288 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-24 19:50 . 2012-01-17 03:39 6557240 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBC13CF3-27CF-4B39-80AC-8186FC282A67}\mpengine.dll
2012-01-24 19:49 . 2012-01-24 19:49 ——– d—–w- c:\program files\Windows Defender
2012-01-24 19:45 . 2012-01-24 19:45 ——– d—–w- c:\program files\Common Files\Bitdefender
2012-01-24 18:18 . 2012-01-24 18:18 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET
2012-01-24 12:27 . 2006-06-19 12:01 69632 —-a-w- c:\windows\system32\ztvcabinet.dll
2012-01-24 12:27 . 2006-05-25 14:52 162304 —-a-w- c:\windows\system32\ztvunrar36.dll
2012-01-24 12:27 . 2005-08-26 00:50 77312 —-a-w- c:\windows\system32\ztvunace26.dll
2012-01-24 12:27 . 2003-02-02 19:06 153088 —-a-w- c:\windows\system32\UNRAR3.dll
2012-01-24 12:27 . 2002-03-06 00:00 75264 —-a-w- c:\windows\system32\unacev2.dll
2012-01-24 12:27 . 2012-01-24 12:27 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Simply Super Software
2012-01-22 17:49 . 2012-01-31 12:44 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:39 . 2012-01-20 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallMate
2012-01-20 15:30 . 2012-01-22 01:19 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Xefy
2012-01-17 16:22 . 2012-01-17 16:22 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DDMSettings
2012-01-17 16:20 . 2012-01-18 11:44 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DivX
2012-01-17 16:18 . 2012-01-17 16:19 ——– d—–w- c:\program files\Common Files\DivX Shared
2012-01-17 16:16 . 2012-01-20 15:57 ——– d—–w- c:\program files\DivX
2012-01-17 16:15 . 2012-01-17 16:20 ——– d—–w- c:\documents and settings\All Users\Application Data\DivX
2012-01-04 00:48 . 2012-01-04 00:48 354176 —-a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-10-29 15:10 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 12:54 . 2011-11-29 12:54 82380 —-a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-23 01:41 . 2011-06-03 17:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2008-09-03 06:25 77312 –sh–r- c:\windows\system32\devcon_001.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_21.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 11:53 . 2012-02-02 11:53 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“SkyTel”=“SkyTel.EXE”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“NvMCTray.dll”
“nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
c:\windows\system32\dumprep 0 -k
.
2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
2009-08-20 23:04 154256 —-a-w- c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll
.
2011-07-28 23:08 1259376 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2001-07-09 09:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
.
2011-11-07 08:26 67456 —-a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
2004-11-02 18:24 32768 —-a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
2012-01-20 13:03 4027056 —-a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\spotify.exe
.
2009-08-20 23:03 105616 —-a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“AntiVirusOverride”=dword:00000001
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgam.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Application Data\\Spotify\\spotify.exe”=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys –> c:\windows\system32\Drivers\SmiUsbGrabber3C.sys
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322571564.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
2012-02-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.zeelandnet.nl/index.php
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-02 13:01:54
ComboFix-quarantined-files.txt 2012-02-02 12:01
ComboFix2.txt 2012-02-02 10:44
ComboFix3.txt 2012-02-01 22:01
.
Pre-Run: 45.551.550.464 bytes beschikbaar
Post-Run: 45.550.325.760 bytes beschikbaar
.
- - End Of File - - 88AA0B31AAE405257D2A8D422A8D5608
