Geneste weergave | Lineaire weergave

Crusher · 03-12-2011, 20:18

Onlangs werden wij geïnformeerd door onze ING bank dat zij een hoog aantal pogingen tot login hadden gemerkt. Dit zou kunnen duiden op een trojan. Uiteraard hebben we eerst de bank gebeld en gevraagd of zij achter de brief zitten en dat blijkt inderdaad het geval. Zij stellen een tool (FCleaner) ter beschikking om je pc te controleren. Uit de tool was op te maken dat de masterbootrecord geïnfecteerd was met een mebroot trojan.

Vervolgens heb ik NOD32 en Malware bytes laten zoeken, maar het virus kon niet verwijderd worden. Met een speciale mebroot removal tool van NOD32 lukte in de veilige modus het wel. Nu dacht ik dat het allemaal weer goed was, maar als we de tool van de bank gebruiken heeft hij nog steeds aan dat er een mebroot trojan op zit.

Onderstaand het hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:15, on 3-12-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Patrick\Mijn documenten\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Internet Toolbar - {3BE093E7-4650-438B-AC6F-C944C30F81AD} - C:\Program Files\Jaytown\Internet Toolbar\ChelloMediaShell.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Au...oader4.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10224 bytes

***miekiemoes*** · 04-12-2011, 12:49

Hoi,

Gebruik eens TDSSKiller:
http://support.kaspersky.com/faq/?qid=208280684
Plaats daarna de log die het gemaakt heeft in je volgend antwoord.
de log kan je vinden op je C:\

Crusher · 05-12-2011, 20:26

19:25:38.0687 0268 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:25:39.0015 0268 ============================================================
19:25:39.0015 0268 Current date / time: 2011/12/05 19:25:39.0015
19:25:39.0015 0268 SystemInfo:
19:25:39.0015 0268
19:25:39.0015 0268 OS Version: 5.1.2600 ServicePack: 3.0
19:25:39.0015 0268 Product type: Workstation
19:25:39.0015 0268 ComputerName: DE-68468CA9E917
19:25:39.0015 0268 UserName: Patrick
19:25:39.0015 0268 Windows directory: C:\WINDOWS
19:25:39.0015 0268 System windows directory: C:\WINDOWS
19:25:39.0015 0268 Processor architecture: Intel x86
19:25:39.0015 0268 Number of processors: 2
19:25:39.0015 0268 Page size: 0x1000
19:25:39.0015 0268 Boot type: Normal boot
19:25:39.0015 0268 ============================================================
19:25:41.0203 0268 Initialize success
19:25:44.0265 3680 ============================================================
19:25:44.0265 3680 Scan started
19:25:44.0265 3680 Mode: Manual;
19:25:44.0265 3680 ============================================================
19:25:46.0453 3680 Abiosdsk - ok
19:25:46.0531 3680 abp480n5 - ok
19:25:46.0578 3680 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:25:46.0593 3680 ACPI - ok
19:25:46.0625 3680 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:25:46.0625 3680 ACPIEC - ok
19:25:46.0671 3680 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:25:46.0671 3680 ADIHdAudAddService - ok
19:25:46.0687 3680 adpu160m - ok
19:25:46.0718 3680 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:25:46.0718 3680 AEAudio - ok
19:25:46.0781 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:25:46.0781 3680 aec - ok
19:25:46.0828 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:25:46.0828 3680 AFD - ok
19:25:46.0828 3680 Aha154x - ok
19:25:46.0843 3680 aic78u2 - ok
19:25:46.0859 3680 aic78xx - ok
19:25:46.0875 3680 AliIde - ok
19:25:46.0921 3680 AMON (687c3f2e78aeb209ade1cc265a2560bb) C:\WINDOWS\system32\drivers\amon.sys
19:25:46.0953 3680 AMON - ok
19:25:46.0953 3680 amsint - ok
19:25:46.0968 3680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:25:46.0968 3680 Arp1394 - ok
19:25:46.0984 3680 asc - ok
19:25:46.0984 3680 asc3350p - ok
19:25:47.0000 3680 asc3550 - ok
19:25:47.0046 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:25:47.0046 3680 AsyncMac - ok
19:25:47.0062 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:25:47.0062 3680 atapi - ok
19:25:47.0093 3680 Atdisk - ok
19:25:47.0125 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:25:47.0125 3680 Atmarpc - ok
19:25:47.0156 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:25:47.0156 3680 audstub - ok
19:25:47.0203 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:25:47.0203 3680 Beep - ok
19:25:47.0250 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:25:47.0250 3680 cbidf2k - ok
19:25:47.0250 3680 cd20xrnt - ok
19:25:47.0281 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:25:47.0281 3680 Cdaudio - ok
19:25:47.0296 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:25:47.0296 3680 Cdfs - ok
19:25:47.0328 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:25:47.0328 3680 Cdrom - ok
19:25:47.0343 3680 Changer - ok
19:25:47.0343 3680 CmdIde - ok
19:25:47.0359 3680 Cpqarray - ok
19:25:47.0375 3680 dac2w2k - ok
19:25:47.0390 3680 dac960nt - ok
19:25:47.0421 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:25:47.0421 3680 Disk - ok
19:25:47.0453 3680 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
19:25:47.0484 3680 dmboot - ok
19:25:47.0500 3680 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
19:25:47.0500 3680 dmio - ok
19:25:47.0546 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:25:47.0546 3680 dmload - ok
19:25:47.0562 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:25:47.0562 3680 DMusic - ok
19:25:47.0609 3680 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:25:47.0609 3680 Dot4 - ok
19:25:47.0640 3680 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:25:47.0640 3680 Dot4Print - ok
19:25:47.0687 3680 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
19:25:47.0687 3680 Dot4Scan - ok
19:25:47.0703 3680 dpti2o - ok
19:25:47.0718 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:25:47.0718 3680 drmkaud - ok
19:25:47.0765 3680 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:25:47.0765 3680 DrvAgent32 - ok
19:25:47.0781 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:25:47.0781 3680 Fastfat - ok
19:25:47.0812 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:25:47.0812 3680 Fdc - ok
19:25:47.0828 3680 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
19:25:47.0828 3680 Fips - ok
19:25:47.0843 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:25:47.0843 3680 Flpydisk - ok
19:25:47.0890 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:25:47.0890 3680 FltMgr - ok
19:25:47.0921 3680 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:25:47.0921 3680 fssfltr - ok
19:25:47.0937 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:25:47.0937 3680 Fs_Rec - ok
19:25:47.0953 3680 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:25:47.0953 3680 Ftdisk - ok
19:25:47.0984 3680 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
19:25:47.0984 3680 GcKernel - ok
19:25:48.0046 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:25:48.0046 3680 GEARAspiWDM - ok
19:25:48.0078 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:25:48.0078 3680 Gpc - ok
19:25:48.0093 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:25:48.0093 3680 HDAudBus - ok
19:25:48.0140 3680 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
19:25:48.0140 3680 HIDSwvd - ok
19:25:48.0187 3680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:25:48.0187 3680 HidUsb - ok
19:25:48.0203 3680 hpn - ok
19:25:48.0234 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:25:48.0250 3680 HTTP - ok
19:25:48.0250 3680 i2omgmt - ok
19:25:48.0265 3680 i2omp - ok
19:25:48.0281 3680 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:25:48.0281 3680 i8042prt - ok
19:25:48.0296 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:25:48.0296 3680 Imapi - ok
19:25:48.0312 3680 ini910u - ok
19:25:48.0328 3680 IntelIde - ok
19:25:48.0343 3680 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:25:48.0343 3680 intelppm - ok
19:25:48.0375 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:25:48.0375 3680 Ip6Fw - ok
19:25:48.0406 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:25:48.0406 3680 IpFilterDriver - ok
19:25:48.0421 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:25:48.0421 3680 IpInIp - ok
19:25:48.0437 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:25:48.0437 3680 IpNat - ok
19:25:48.0453 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:25:48.0453 3680 IPSec - ok
19:25:48.0484 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:25:48.0500 3680 IRENUM - ok
19:25:48.0500 3680 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:25:48.0500 3680 isapnp - ok
19:25:48.0562 3680 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
19:25:48.0578 3680 JGOGO - ok
19:25:48.0687 3680 JRAID (cec10d44dc8de67d672e62b057fdae71) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:25:48.0687 3680 JRAID - ok
19:25:48.0703 3680 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:25:48.0703 3680 Kbdclass - ok
19:25:48.0718 3680 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:25:48.0718 3680 kbdhid - ok
19:25:48.0734 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:25:48.0750 3680 kmixer - ok
19:25:48.0765 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:25:48.0765 3680 KSecDD - ok
19:25:48.0781 3680 lbrtfdc - ok
19:25:48.0859 3680 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
19:25:48.0906 3680 LVMVDrv - ok
19:25:48.0937 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:25:48.0937 3680 mnmdd - ok
19:25:48.0984 3680 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
19:25:48.0984 3680 Modem - ok
19:25:49.0000 3680 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:25:49.0000 3680 Mouclass - ok
19:25:49.0015 3680 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:25:49.0015 3680 mouhid - ok
19:25:49.0031 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:25:49.0031 3680 MountMgr - ok
19:25:49.0046 3680 mraid35x - ok
19:25:49.0062 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:25:49.0062 3680 MRxDAV - ok
19:25:49.0093 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:25:49.0109 3680 MRxSmb - ok
19:25:49.0125 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:25:49.0125 3680 Msfs - ok
19:25:49.0156 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:25:49.0156 3680 MSKSSRV - ok
19:25:49.0171 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:25:49.0171 3680 MSPCLOCK - ok
19:25:49.0187 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:25:49.0187 3680 MSPQM - ok
19:25:49.0234 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:25:49.0234 3680 mssmbios - ok
19:25:49.0265 3680 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:25:49.0265 3680 MTsensor - ok
19:25:49.0296 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:25:49.0312 3680 Mup - ok
19:25:49.0328 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:25:49.0328 3680 NDIS - ok
19:25:49.0359 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:25:49.0359 3680 NdisTapi - ok
19:25:49.0375 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:25:49.0375 3680 Ndisuio - ok
19:25:49.0390 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:25:49.0390 3680 NdisWan - ok
19:25:49.0421 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:25:49.0421 3680 NDProxy - ok
19:25:49.0453 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:25:49.0453 3680 NetBIOS - ok
19:25:49.0484 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:25:49.0484 3680 NetBT - ok
19:25:49.0515 3680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:25:49.0515 3680 NIC1394 - ok
19:25:49.0562 3680 nod32drv (b4ea8cba9a69d0921b7bd89c8cf9e032) C:\WINDOWS\system32\drivers\nod32drv.sys
19:25:49.0609 3680 nod32drv - ok
19:25:49.0640 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:25:49.0640 3680 Npfs - ok
19:25:49.0937 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:25:49.0968 3680 Ntfs - ok
19:25:50.0156 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:25:50.0156 3680 Null - ok
19:25:50.0546 3680 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:25:50.0781 3680 nv - ok
19:25:50.0812 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:25:50.0812 3680 NwlnkFlt - ok
19:25:50.0828 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:25:50.0828 3680 NwlnkFwd - ok
19:25:50.0843 3680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:25:50.0843 3680 ohci1394 - ok
19:25:50.0859 3680 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
19:25:50.0859 3680 Parport - ok
19:25:50.0859 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:25:50.0875 3680 PartMgr - ok
19:25:50.0906 3680 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
19:25:50.0906 3680 ParVdm - ok
19:25:50.0921 3680 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
19:25:50.0921 3680 PCI - ok
19:25:50.0921 3680 PCIDump - ok
19:25:50.0953 3680 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:25:50.0953 3680 PCIIde - ok
19:25:50.0984 3680 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:25:50.0984 3680 Pcmcia - ok
19:25:51.0000 3680 PDCOMP - ok
19:25:51.0015 3680 PDFRAME - ok
19:25:51.0015 3680 PDRELI - ok
19:25:51.0031 3680 PDRFRAME - ok
19:25:51.0046 3680 perc2 - ok
19:25:51.0046 3680 perc2hib - ok
19:25:51.0093 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:25:51.0093 3680 PptpMiniport - ok
19:25:51.0109 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:25:51.0109 3680 PSched - ok
19:25:51.0109 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:25:51.0125 3680 Ptilink - ok
19:25:51.0140 3680 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:25:51.0140 3680 PxHelp20 - ok
19:25:51.0156 3680 ql1080 - ok
19:25:51.0156 3680 Ql10wnt - ok
19:25:51.0171 3680 ql12160 - ok
19:25:51.0187 3680 ql1240 - ok
19:25:51.0187 3680 ql1280 - ok
19:25:51.0203 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:25:51.0203 3680 RasAcd - ok
19:25:51.0218 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:25:51.0218 3680 Rasl2tp - ok
19:25:51.0234 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:25:51.0234 3680 RasPppoe - ok
19:25:51.0250 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:25:51.0250 3680 Raspti - ok
19:25:51.0296 3680 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\WINDOWS\system32\Drivers\DB3G.sys
19:25:51.0296 3680 Razerlow - ok
19:25:51.0312 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:25:51.0312 3680 Rdbss - ok
19:25:51.0328 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:25:51.0328 3680 RDPCDD - ok
19:25:51.0343 3680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:25:51.0343 3680 RDPWD - ok
19:25:51.0359 3680 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:25:51.0375 3680 redbook - ok
19:25:51.0406 3680 RTLE8023xp (0e74171ee80a8640de564b72dbbb397b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:25:51.0406 3680 RTLE8023xp - ok
19:25:51.0421 3680 scrcap (8d837882b0c6750eda99b82a13e5c9e2) C:\WINDOWS\system32\DRIVERS\scrcap.sys
19:25:51.0421 3680 scrcap - ok
19:25:51.0453 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:25:51.0453 3680 Secdrv - ok
19:25:51.0515 3680 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
19:25:51.0515 3680 SenFiltService - ok
19:25:51.0546 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:25:51.0546 3680 serenum - ok
19:25:51.0562 3680 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
19:25:51.0562 3680 Serial - ok
19:25:51.0578 3680 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:25:51.0578 3680 sfdrv01 - ok
19:25:51.0593 3680 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:25:51.0593 3680 sfhlp02 - ok
19:25:51.0609 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:25:51.0609 3680 Sfloppy - ok
19:25:51.0625 3680 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
19:25:51.0640 3680 sfsync02 - ok
19:25:51.0640 3680 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
19:25:51.0640 3680 sfvfs02 - ok
19:25:51.0656 3680 Simbad - ok
19:25:51.0671 3680 Sparrow - ok
19:25:51.0703 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:25:51.0703 3680 splitter - ok
19:25:51.0734 3680 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
19:25:51.0734 3680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
19:25:51.0734 3680 sptd ( LockedFile.Multi.Generic ) - warning
19:25:51.0734 3680 sptd - detected LockedFile.Multi.Generic (1)
19:25:51.0765 3680 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:51.0765 3680 sr - ok
19:25:51.0796 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:51.0812 3680 Srv - ok
19:25:51.0859 3680 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:25:51.0859 3680 sscdbus - ok
19:25:51.0953 3680 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:25:51.0953 3680 sscdmdfl - ok
19:25:52.0015 3680 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:25:52.0015 3680 sscdmdm - ok
19:25:52.0046 3680 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
19:25:52.0046 3680 StarOpen - ok
19:25:52.0062 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:52.0062 3680 swenum - ok
19:25:52.0078 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:25:52.0093 3680 swmidi - ok
19:25:52.0109 3680 symc810 - ok
19:25:52.0109 3680 symc8xx - ok
19:25:52.0125 3680 sym_hi - ok
19:25:52.0140 3680 sym_u3 - ok
19:25:52.0156 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:52.0156 3680 sysaudio - ok
19:25:52.0234 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:25:52.0234 3680 Tcpip - ok
19:25:52.0265 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:52.0265 3680 TDPIPE - ok
19:25:52.0281 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:52.0281 3680 TDTCP - ok
19:25:52.0296 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:52.0296 3680 TermDD - ok
19:25:52.0312 3680 TosIde - ok
19:25:52.0328 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:25:52.0328 3680 Udfs - ok
19:25:52.0343 3680 ultra - ok
19:25:52.0375 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:25:52.0390 3680 Update - ok
19:25:52.0421 3680 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:25:52.0421 3680 USBAAPL - ok
19:25:52.0437 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:25:52.0437 3680 usbccgp - ok
19:25:52.0453 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:52.0468 3680 usbehci - ok
19:25:52.0468 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:52.0468 3680 usbhub - ok
19:25:52.0484 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:25:52.0500 3680 usbscan - ok
19:25:52.0515 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:52.0515 3680 USBSTOR - ok
19:25:52.0531 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:25:52.0531 3680 usbuhci - ok
19:25:52.0546 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:25:52.0546 3680 VgaSave - ok
19:25:52.0562 3680 ViaIde - ok
19:25:52.0578 3680 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:52.0578 3680 VolSnap - ok
19:25:52.0593 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:52.0593 3680 Wanarp - ok
19:25:52.0609 3680 WDICA - ok
19:25:52.0625 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:52.0625 3680 wdmaud - ok
19:25:52.0671 3680 WmBEnum (c8a3f4b7d6ec50a428101ac8c9ff973c) C:\WINDOWS\system32\drivers\WmBEnum.sys
19:25:52.0671 3680 WmBEnum - ok
19:25:52.0703 3680 WmFilter (10a7b8281210f5cbd5a0d978ac547fa6) C:\WINDOWS\system32\drivers\WmFilter.sys
19:25:52.0703 3680 WmFilter - ok
19:25:52.0734 3680 WmHidLo (baef5220c34238fce2921aaeb9bb21ff) C:\WINDOWS\system32\drivers\WmHidLo.sys
19:25:52.0734 3680 WmHidLo - ok
19:25:52.0750 3680 WmVirHid (a12f19c9234836c66e109513d5be636b) C:\WINDOWS\system32\drivers\WmVirHid.sys
19:25:52.0750 3680 WmVirHid - ok
19:25:52.0765 3680 WmXlCore (79755654f4845b7a5ddd35e68899a44d) C:\WINDOWS\system32\drivers\WmXlCore.sys
19:25:52.0765 3680 WmXlCore - ok
19:25:52.0796 3680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:25:52.0796 3680 WS2IFSL - ok
19:25:52.0812 3680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:25:52.0828 3680 WudfPf - ok
19:25:52.0859 3680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:25:52.0859 3680 WudfRd - ok
19:25:52.0875 3680 xcpip - ok
19:25:52.0890 3680 xpsec - ok
19:25:52.0906 3680 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
19:25:52.0984 3680 \Device\Harddisk0\DR0 - ok
19:25:53.0453 3680 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
19:25:53.0453 3680 \Device\Harddisk1\DR2 - ok
19:25:53.0468 3680 Boot (0x1200) (c0c01c143cf281960868fc315e92ec76) \Device\Harddisk0\DR0\Partition0
19:25:53.0468 3680 \Device\Harddisk0\DR0\Partition0 - ok
19:25:53.0484 3680 Boot (0x1200) (132c1c03751256e8de0603a059ba8a48) \Device\Harddisk1\DR2\Partition0
19:25:53.0484 3680 \Device\Harddisk1\DR2\Partition0 - ok
19:25:53.0484 3680 ============================================================
19:25:53.0484 3680 Scan finished
19:25:53.0484 3680 ============================================================
19:25:53.0484 3676 Detected object count: 1
19:25:53.0484 3676 Actual detected object count: 1
19:26:02.0265 3676 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:26:02.0265 3676 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:26:06.0609 3572 Deinitialize success

***miekiemoes*** · 05-12-2011, 20:52

Citaat:19:25:52.0906 3680 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
19:25:52.0984 3680 \Device\Harddisk0\DR0 - ok
19:25:53.0453 3680 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
19:25:53.0453 3680 \Device\Harddisk1\DR2 - ok
19:25:53.0468 3680 Boot (0x1200) (c0c01c143cf281960868fc315e92ec76) \Device\Harddisk0\DR0\Partition0
19:25:53.0468 3680 \Device\Harddisk0\DR0\Partition0 - ok
19:25:53.0484 3680 Boot (0x1200) (132c1c03751256e8de0603a059ba8a48) \Device\Harddisk1\DR2\Partition0
19:25:53.0484 3680 \Device\Harddisk1\DR2\Partition0 - ok

Ziet er OK uit hoor.

Crusher · 05-12-2011, 21:00

Ziet er OK uit hoor.

[/quote]

Ok bedankt voor de hulp!

***miekiemoes*** · 05-12-2011, 21:02

Graag gedaan Icon_smile

***miekiemoes*** · 07-04-2012, 16:58

Aangezien het probleem opgelost is, wordt deze thread verplaatst naar het "Opgeloste/Inactieve HijackThislogs" forum, waar je niet meer kan posten, enkel lezen.

Indien je terug problemen ondervindt in de eerstvolgende dagen, gelieve een PM te sturen naar één van de Moderators of Administrators om deze thread terug te zetten zodat je verder kan geholpen worden.

Bij problemen die opduiken na enkele weken is het beter om een nieuwe thread te starten met een nieuwe log.
Indien er problemen zijn die niks met malware te maken hebben, gelieve een nieuwe thread te starten in het juist forumonderdeel.