Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Blauw scherm na opstarten 0x000000e4

None
67 antwoorden
  • Hallo,

    Ik ben een beetje ten einde raad! Sinds gisteren, krijg ik op het moment dat ik de computer opstart en Windows binnen kom, een blauw scherm met de code: 0x000000e4. Nu heb ik Avast, zowel als Malwarebytes laten lopen en die had het een en ander opgepikt maar het heeft niets geholpen. Net voordat mijn laptop crashte, vroeg m'n computer om toestemming om bepaalde bestanden op te starten.

    Exe bestanden met wat letters door elkaar. zdvlkndvl.exe bijvoorbeeld. Ik weet niet meer wat voor iets er stond, het waren er een paar en ik kon ze niet, dus drukte op nee. Dit gebeurde vlak nadat ik naar een (schijnbaar geïnfecteerde webpagina ging vanuit een plaatje van Google. Vanaf toen gebeurt dit. Help aub! Ik ben ten einde raad! Ik heb gelezen dat dit niet persé een virus hoeft te zijn, dus ik hoop van niet!!

    Mvg,

    William
  • En of je een zware besmetting in jouw Windows hebt!

    Kan je nog wel in veilige modus opstarten?
  • Jawel, ik bevind me op dit moment in veilige modus. Is het zo erg ja? Ai ai ai. Ik hoop het niet.
  • Oke.

    Laat MBAM nu eerst een snelle scan doen en post dan de inhoud van het log in je volgende bericht.
  • Dat ga ik direct doen, bedankt voor je hulp!
  • Ok, ik heb de scan gedaan, hier onder de log:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6846

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 9.0.7930.16406

    13-6-2011 16:10:50
    mbam-log-2011-06-13 (16-10-50).txt

    Scantype: Snelle scan
    Objecten gescand: 155624
    Verstreken tijd: 4 minuut/minuten, 19 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Dat is een heel oude MBAM - die is in tijden niet meer geupdated!

    Maar goed, we gaan door!

    [b:a464cfb825]Welk programma[/b:a464cfb825]: ComboFix
    [b:a464cfb825]Waarvoor/waarom[/b:a464cfb825]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:a464cfb825]Moeilijkheidsgraad[/b:a464cfb825]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:a464cfb825]Downloadlokatie[/b:a464cfb825]: Dit programma absoluut naar het bureaublad downloaden!
    [b:a464cfb825]Download ComboFix via één van deze locaties[/b:a464cfb825]:
    [list:a464cfb825][*:a464cfb825][b:a464cfb825]Bleepingcomputer[/b:a464cfb825]
    [*:a464cfb825][b:a464cfb825]ForoSpyware[/b:a464cfb825]
    [*:a464cfb825][b:a464cfb825]Geekstogo[/b:a464cfb825][/list:u:a464cfb825]
    [b:a464cfb825]Hier[/b:a464cfb825] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:a464cfb825]Hier[/b:a464cfb825] en [b:a464cfb825]hier[/b:a464cfb825] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:a464cfb825]Voor alle duidelijkheid nogmaals[/b:a464cfb825]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:a464cfb825]Opmerkingen[/b:a464cfb825]:
    [list:a464cfb825][*:a464cfb825] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:a464cfb825]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:a464cfb825]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a464cfb825]
    [b:a464cfb825]ComboFix is opgestart[/b:a464cfb825]:
    [list:a464cfb825][*:a464cfb825]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:a464cfb825]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:a464cfb825]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:a464cfb825]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:a464cfb825]Post de inhoud van dit logbestand in je volgende bericht.
    [*:a464cfb825]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a464cfb825]
    [b:a464cfb825]Belangrijke opmerking[/b:a464cfb825]:
    [list:a464cfb825][*:a464cfb825][b:a464cfb825]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a464cfb825][/b:a464cfb825]
    [*:a464cfb825][b:a464cfb825]Illegal operation attempted on a registery key that has been marked for deletion.[/color:a464cfb825][/b:a464cfb825]
    [*:a464cfb825][b:a464cfb825]Start dan de computer opnieuw op.[/color:a464cfb825][/b:a464cfb825][/list:u:a464cfb825]
  • Dit gaat allemaal goed, totdat hij opnieuw opstart, naar de normale modus om de log te maken en daar crashed hij. Hoe zorg ik er voor dat hij ook dan in de veilige modus opstart?
  • Je bent nu zelf weer in veilige modus aanwezig, zoek dan naar [b:5d1d9af27e]C:\combofix.txt[/b:5d1d9af27e] en post dan de inhoud van dat log.
  • Ja maar hij was nog niet klaar. Hij was nog bezig toen hij was herstart naar de normale modus, om de log te maken.
  • Om telkens naar Veilige modus op te starten dien je via de Systeemconfiguratie een verandering aan te brengen.

    Ga naar [b:9056efb4d8]Start[/b:9056efb4d8] en typ [in de zoekregel [b:9056efb4d8]msconfig[/b:9056efb4d8]; bovenaan het startmenu zie je nu de betreffende snelkoppeling.
    Klik deze snelkoppeling met rechts aan en kies voor [b:9056efb4d8]Als administrator uitvoeren[/b:9056efb4d8].

    Klik op de tab "Computer opstarten" en zet vervolgens een vinkje bij "Opstarten in veilige modus".

    Klik vervolgens op de knoppen Toepassen en OK.
  • ComboFix 11-06-11.01 - chris 13-06-2011 18:16:58.1.2 - x86 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3067.2374 [GMT 2:00]
    Gestart vanuit: c:\users\chris\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\chris\AppData\Roaming\Autorun.vbs
    c:\windows\system32\msvfd32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Service_Adobe Licensing Console
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-13 to 2011-06-13 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-13 16:26 . 2011-06-13 16:55 ——– d—–w- c:\users\chris\AppData\Local\temp
    2011-06-13 12:22 . 2011-06-13 12:22 ——– d—–w- c:\program files\ESET
    2011-06-12 21:34 . 2011-06-14 02:06 ——– d—–w- c:\program files\WhiteSmoke
    2011-06-12 19:34 . 2011-06-12 19:34 ——– d—–w- c:\users\chris\AppData\Roaming\Elephant Games
    2011-06-12 19:34 . 2011-06-12 19:34 ——– d—–w- c:\programdata\Elephant Games
    2011-06-08 13:39 . 2011-06-12 16:53 ——– d—–w- c:\programdata\MumboJumbo
    2011-06-08 13:36 . 2011-06-08 13:36 ——– d—–w- c:\program files\Midnight Mysteries 2 - Salem Witch Trials
    2011-06-06 14:24 . 2011-06-06 14:24 ——– d—–w- C:\found.000
    2011-06-04 22:48 . 2011-06-04 22:48 ——– d—–w- c:\users\chris\AppData\Roaming\MumboJumbo
    2011-06-03 14:20 . 2011-06-03 14:20 ——– d—–w- c:\users\chris\AppData\Roaming\ERS G-Studio
    2011-05-16 20:49 . 2011-05-16 20:49 ——– d—–w- c:\program files\Toontrack
    2011-05-16 14:48 . 2011-05-16 14:48 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2011-03-15 12:18 40112 —-a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-03-15 12:18 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-03-15 12:19 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-03-15 12:19 307928 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-03-15 12:19 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2011-03-15 12:19 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-03-15 12:19 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2011-03-15 12:19 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-12 11:48 . 2009-07-13 23:40 409088 —-a-w- c:\windows\system32\systemcpl.dll
    2011-04-09 16:55 . 2011-04-09 16:55 15453336 —-a-w- c:\windows\system32\xlive.dll
    2011-04-09 16:55 . 2011-04-09 16:55 13642904 —-a-w- c:\windows\system32\xlivefnt.dll
    2011-04-09 06:13 . 2011-05-11 09:51 3957632 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:13 . 2011-05-11 09:51 3901824 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-13 13:39 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-03-30 19:25 . 2011-03-30 19:25 218688 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-03-22 23:07 . 2011-03-21 23:41 214592 —-a-w- c:\windows\system32\PnkBstrB.xtr
    2011-03-22 23:07 . 2011-01-24 14:35 214592 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-03-22 22:45 . 2011-01-24 14:35 138968 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-03-21 23:38 . 2011-01-24 14:35 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-03-21 22:44 . 2011-01-24 14:35 139152 —-a-w- c:\users\chris\AppData\Roaming\PnkBstrK.sys
    2011-03-21 22:44 . 2011-01-24 14:35 794408 —-a-w- c:\windows\system32\pbsvc.exe
    .
    .
    ——- Sigcheck ——-
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-01-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-23 691696]
    R1 aswSnx;aswSnx; [x]
    R1 aswSP;aswSP; [x]
    R1 MpKsl0b23077e;MpKsl0b23077e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AEF6FF7-23A2-49C3-98BD-7523D6F3FC39}\MpKsl0b23077e.sys [x]
    R1 MpKsl3da37183;MpKsl3da37183;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B46F1CD-3932-4299-995B-FB457B59B6F6}\MpKsl3da37183.sys [x]
    R1 MpKsl3ee365fb;MpKsl3ee365fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEE9EE21-12DE-4AB6-BB02-292557A2E9CC}\MpKsl3ee365fb.sys [x]
    R1 MpKsl40f1ff5e;MpKsl40f1ff5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088FCD57-D462-4E14-B483-A2E8B09BE3CC}\MpKsl40f1ff5e.sys [x]
    R1 MpKsl5fb80aac;MpKsl5fb80aac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24DFFBFF-DE76-45DB-8B1D-CEC81C1D906F}\MpKsl5fb80aac.sys [x]
    R1 MpKsl6f79eec8;MpKsl6f79eec8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEE9EE21-12DE-4AB6-BB02-292557A2E9CC}\MpKsl6f79eec8.sys [x]
    R1 MpKsl74f13669;MpKsl74f13669;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088FCD57-D462-4E14-B483-A2E8B09BE3CC}\MpKsl74f13669.sys [x]
    R1 MpKsl7e7fa5aa;MpKsl7e7fa5aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E4E3AC2-019C-48CF-BCBC-50E4E3B988E5}\MpKsl7e7fa5aa.sys [x]
    R1 MpKsl855a6fb4;MpKsl855a6fb4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3E3847D-7AB9-4B75-91E8-067076C6B630}\MpKsl855a6fb4.sys [x]
    R1 MpKsl8f64b385;MpKsl8f64b385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{623F0ABE-AD31-4B3E-B9FB-CBB4E460B1E0}\MpKsl8f64b385.sys [x]
    R1 MpKsl90fe6279;MpKsl90fe6279;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71E54884-DF44-432B-A934-BE7A3ECC25A3}\MpKsl90fe6279.sys [x]
    R1 MpKslbc31b152;MpKslbc31b152;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B46F1CD-3932-4299-995B-FB457B59B6F6}\MpKslbc31b152.sys [x]
    R1 MpKslc478554e;MpKslc478554e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F369D9A-BCEF-4F53-8BBB-8C66837B7629}\MpKslc478554e.sys [x]
    R1 MpKslc9214b83;MpKslc9214b83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3E3847D-7AB9-4B75-91E8-067076C6B630}\MpKslc9214b83.sys [x]
    R1 MpKslca0afb45;MpKslca0afb45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71E54884-DF44-432B-A934-BE7A3ECC25A3}\MpKslca0afb45.sys [x]
    R1 MpKslcaafffb1;MpKslcaafffb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E4E3AC2-019C-48CF-BCBC-50E4E3B988E5}\MpKslcaafffb1.sys [x]
    R1 MpKsld2177935;MpKsld2177935;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24DFFBFF-DE76-45DB-8B1D-CEC81C1D906F}\MpKsld2177935.sys [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
    R3 cpuz134;cpuz134;c:\users\chris\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    R3 WatAdminSvc;WatAdminSvc; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-30 218688]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://www.fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
    FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\qrcra0jp.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]
    "ServiceDll"="%SystemRoot%\system32\themeservice.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"

    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.Defrag]
    "ImagePath"="c:\program files\TuneUp Utilities 2010\TuneUpDefragService.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.UtilitiesSvc]
    "ImagePath"="\"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUpUtilitiesDrv]
    "ImagePath"="\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]
    "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]
    "ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmRdpService]
    "ServiceDll"="%SystemRoot%\System32\umrdp.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbaudio]
    "ImagePath"="system32\drivers\usbaudio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]
    "ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]
    "ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]
    "ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxTuneUp]
    "ServiceDll"="%SystemRoot%\System32\uxtuneup.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
    "ImagePath"="system32\DRIVERS\vdrvroot.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaagp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ViaC7]
    "ImagePath"="\SystemRoot\system32\DRIVERS\viac7.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
    "ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmbus]
    "ImagePath"="\SystemRoot\system32\DRIVERS\vmbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMBusHID]
    "ImagePath"="\SystemRoot\system32\DRIVERS\VMBusHID.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
    "ImagePath"="system32\DRIVERS\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
    "ImagePath"="system32\DRIVERS\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
    "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
    "ImagePath"="system32\DRIVERS\vwifibus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]
    "ImagePath"="system32\DRIVERS\vwififlt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]
    "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
    "ImagePath"="\"%systemroot%\system32\wbengine.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
    "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
    "ImagePath"="system32\DRIVERS\wfplwf.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
    "ImagePath"="system32\drivers\wimmount.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
    "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
    "ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xusb21]
    "ImagePath"="system32\DRIVERS\xusb21.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{31CDAAC5-4CAC-4274-AFB9-ECA143C7B453}]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{9ED94C3B-8D0E-4B13-ABB4-FC5B79F1D1BF}]
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1771469208-3845433601-1095379348-1001\Software\SecuROM\License information*]
    "datasecu"=hex:3d,b8,e9,d4,5d,43,6e,85,17,0c,b7,0f,bc,0c,a6,ce,10,ff,3f,b8,55,
    9c,ee,7b,cb,25,ef,df,7e,7e,66,6c,b6,b7,d5,6c,8e,49,6b,f6,ff,6f,b4,66,40,76,\
    "rkeysecu"=hex:57,52,52,b0,eb,ea,c9,c7,6c,51,16,9a,04,97,57,df
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\conhost.exe
    c:\windows\helppane.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-13 19:10:47 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-13 17:10
    ComboFix2.txt 2011-06-13 15:42
    .
    Pre-Run: 85.016.993.792 bytes beschikbaar
    Post-Run: 84.591.517.696 bytes beschikbaar
    .
    - - End Of File - - 8CF5DC7ADDFC53FD081A79DF2ADCCA91
  • Ik zie dat jij TuneUp 2010 gebruikt.

    Heb je de mogelijkheid alle gemaakte tweaks terug te zetten via dat tool?

    Zoja - absoluut doen!


    Kan je al weer opstarten naar je gewonde bureaublad?


    2 nieuwe scans te doen:

    1) [b:e6f1a1c2eb]Welk programma[/b:e6f1a1c2eb]: MBRCheck.exe
    [b:e6f1a1c2eb]Waarvoor/waarom[/b:e6f1a1c2eb]: speciale scan op mbr-rootkits
    [b:e6f1a1c2eb]Moeilijkheidsgraad[/b:e6f1a1c2eb]: geen.
    [b:e6f1a1c2eb]Download MBRCheck.exe[/b:e6f1a1c2eb]

    [b:e6f1a1c2eb]MBRCheck.exe opstarten[/b:e6f1a1c2eb]:
    Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe".
    Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren".

    [list:e6f1a1c2eb][*:e6f1a1c2eb]een zwart scherm toont zich met enkele data erin.
    [*:e6f1a1c2eb]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:e6f1a1c2eb]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:e6f1a1c2eb]


    2) [b:e6f1a1c2eb]Welk programma[/b:e6f1a1c2eb]: Kaspersky [b:e6f1a1c2eb]TDSSKiller[/b:e6f1a1c2eb]
    [b:e6f1a1c2eb]Waarvoor/waarom[/b:e6f1a1c2eb]: Rootkitscanner
    [b:e6f1a1c2eb]Moeilijkheidsgraad[/b:e6f1a1c2eb]: geen
    [b:e6f1a1c2eb]Downloadlokatie[/b:e6f1a1c2eb]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:e6f1a1c2eb]Download[/b:e6f1a1c2eb] [b:e6f1a1c2eb]TDSSKiller[/b:e6f1a1c2eb] [b:e6f1a1c2eb]hier[/b:e6f1a1c2eb].

    [b:e6f1a1c2eb]Installatie[/b:e6f1a1c2eb]:
    [list:e6f1a1c2eb][*:e6f1a1c2eb] pak het bestand uit op je bureaublad.[/list:u:e6f1a1c2eb]

    [b:e6f1a1c2eb]TDSSKiller gebruiken[/b:e6f1a1c2eb]:
    [list:e6f1a1c2eb][*:e6f1a1c2eb]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:e6f1a1c2eb]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:e6f1a1c2eb]Als Administrator uitvoeren[/b:e6f1a1c2eb].
    [*:e6f1a1c2eb] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:e6f1a1c2eb] Post de inhoud van dat log[/list:u:e6f1a1c2eb]

    [b:e6f1a1c2eb]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:e6f1a1c2eb]
    [list:e6f1a1c2eb][*:e6f1a1c2eb] MBRCheck-log
    [*:e6f1a1c2eb] TDSSKiller-log
    [*:e6f1a1c2eb] laat ook weten wanneer je ergens een probleem mee hebt[/list:u:e6f1a1c2eb]
  • Ik heb geen idee wat Tuneup is, ik heb deze laptop 2ehands overkocht van de vriend van m'n moeder, die heeft er wat spul opgezet. Ik handel nog steeds vanuit veilige modus omdat normale modus nog steeds crashed. Wat moet ik nu doen? Want ik zie hier boven staan dat ik een aantal dingen moet doen als admin, wat ik vanuit veilige modus geloof ik niet kan doen.
  • Doe nu maar die scans zoals aangegeven.

    Heb je geen rechtsklik optie, dan kan je beter gaan nadenken over een recovery-installatie!

    Waarom je dat al niet eerder hebt gedaan, weet ik niet.
    Maar dan was het helemaal jouw Windows geworden!
  • Het is me gelukt om het als admin uit te voeren, het ging nu gewoon (nogmaals bedankt voor de moeite). Hier onder volgt eerst de log van MDR:

    MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies LTD
    System Manufacturer: Packard Bell BV
    System Product Name: EASYNOTE TN65
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 164):
    0x8241A000 \SystemRoot\system32
    tkrnlpa.exe
    0x8282A000 \SystemRoot\system32\halmacpi.dll
    0x85E12000 \SystemRoot\system32\kdcom.dll
    0x82A2E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x82AA6000 \SystemRoot\system32\PSHED.dll
    0x82AB7000 \SystemRoot\system32\BOOTVID.dll
    0x82ABF000 \SystemRoot\system32\CLFS.SYS
    0x82B01000 \SystemRoot\system32\CI.dll
    0x8A83A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8A8AB000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8A9AC000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8A9B5000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x82BAC000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8A9DB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8A9E3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8A800000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8A9EE000 \SystemRoot\System32\drivers\partmgr.sys
    0x8A82A000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x82BF4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82A00000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8AA12000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8AA5D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8AA73000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8AA7C000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8AA9F000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8AAA9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8AAB7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8AAC0000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8AAF4000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8AC14000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8AD43000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8AD6E000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8AD81000 \SystemRoot\System32\Drivers\cng.sys
    0x8ADDE000 \SystemRoot\System32\drivers\pcw.sys
    0x8ADEC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8AB05000 \SystemRoot\system32\drivers
    dis.sys
    0x8ABBC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8AE1A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8AE3F000 \SystemRoot\System32\drivers\tcpip.sys
    0x8AF88000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8AFB9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8B037000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8B07E000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8B0AB000 \SystemRoot\System32\Drivers\mup.sys
    0x8B0BB000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8B0C3000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8B0F5000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8B106000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8B15E000 \SystemRoot\System32\Drivers\Null.SYS
    0x8B165000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B16C000 \SystemRoot\System32\drivers\vga.sys
    0x8B178000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8B199000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B1A6000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B1AE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B1B9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B1C7000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B1DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8A8B9000 \SystemRoot\system32\drivers\afd.sys
    0x8B1F3000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8B000000 \SystemRoot\System32\DRIVERS
    etbt.sys
    0x8B076000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8AFC2000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8AFE1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x8AFF2000 \SystemRoot\system32\DRIVERS
    etbios.sys
    0x8A913000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8B1E9000 \SystemRoot\system32\drivers
    siproxy.sys
    0x8E212000 \SystemRoot\system32\drivers\csc.sys
    0x8E276000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E28E000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8E2AF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8E2CE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8E2D9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8E324000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8E333000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x8E837000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8E9F1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x8E800000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8E818000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8E825000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8E378000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8E397000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8E3A0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8E3AE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8E3BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8E3C5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8E3D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8E3EF000 \SystemRoot\system32\DRIVERS
    distapi.sys
    0x8A954000 \SystemRoot\system32\DRIVERS
    diswan.sys
    0x8AE00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8A976000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8A98D000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8E200000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x8AC00000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8E832000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8EE28000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8EE5C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    0x8EE97000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8EEA5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8EEE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x94260000 \SystemRoot\System32\win32k.sys
    0x8EEFA000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8EF04000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8EF11000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8EF1C000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x8EF26000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x944B0000 \SystemRoot\System32\drivers\dxg.sys
    0x944E0000 \SystemRoot\System32\TSDDD.dll
    0x8EF37000 \SystemRoot\System32\Drivers\RtsUStor.sys
    0x8EF68000 \SystemRoot\System32\Drivers\USBD.SYS
    0x94560000 \SystemRoot\System32\framebuf.dll
    0x8EF6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8EF81000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8EF8C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8EF9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8EFA6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8EFB1000 \SystemRoot\system32\drivers\WudfPf.sys
    0x95A29000 \SystemRoot\system32\DRIVERS
    wifi.sys
    0x95A6F000 \SystemRoot\system32\DRIVERS
    disuio.sys
    0x95A7F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x95A98000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x95AAA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x95ACD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x95B08000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x779F0000 \Windows\System32
    tdll.dll
    0x47FD0000 \Windows\System32\smss.exe
    0x77C30000 \Windows\System32\apisetschema.dll
    0x00EF0000 \Windows\System32\autochk.exe
    0x778E0000 \Windows\System32\urlmon.dll
    0x77B40000 \Windows\System32\kernel32.dll
    0x77810000 \Windows\System32\user32.dll
    0x77B30000 \Windows\System32\psapi.dll
    0x77790000 \Windows\System32\comdlg32.dll
    0x776E0000 \Windows\System32\rpcrt4.dll
    0x77640000 \Windows\System32\usp10.dll
    0x775B0000 \Windows\System32\clbcatq.dll
    0x77590000 \Windows\System32\sechost.dll
    0x773F0000 \Windows\System32\setupapi.dll
    0x77390000 \Windows\System32\shlwapi.dll
    0x77360000 \Windows\System32\imagehlp.dll
    0x77240000 \Windows\System32\wininet.dll
    0x77190000 \Windows\System32\msvcrt.dll
    0x77150000 \Windows\System32\ws2_32.dll
    0x770C0000 \Windows\System32\oleaut32.dll
    0x77020000 \Windows\System32\advapi32.dll
    0x77010000 \Windows\System32
    si.dll
    0x763C0000 \Windows\System32\shell32.dll
    0x76370000 \Windows\System32\gdi32.dll
    0x76360000 \Windows\System32\lpk.dll
    0x76340000 \Windows\System32\imm32.dll
    0x762E0000 \Windows\System32\difxapi.dll
    0x76290000 \Windows\System32\Wldap32.dll
    0x76130000 \Windows\System32\ole32.dll
    0x76120000 \Windows\System32
    ormaliz.dll
    0x75F20000 \Windows\System32\iertutil.dll
    0x75E50000 \Windows\System32\msctf.dll
    0x75E20000 \Windows\System32\cfgmgr32.dll
    0x75DF0000 \Windows\System32\xmllite.dll
    0x75DC0000 \Windows\System32\wintrust.dll
    0x75D30000 \Windows\System32\comctl32.dll
    0x75CE0000 \Windows\System32\KernelBase.dll
    0x75BC0000 \Windows\System32\crypt32.dll
    0x75BA0000 \Windows\System32\devobj.dll
    0x75B90000 \Windows\System32\msasn1.dll

    Processes (total 26):
    0 System Idle Process
    4 System
    236 C:\Windows\System32\smss.exe
    320 csrss.exe
    368 csrss.exe
    376 C:\Windows\System32\wininit.exe
    404 C:\Windows\System32\winlogon.exe
    464 C:\Windows\System32\services.exe
    472 C:\Windows\System32\lsass.exe
    480 C:\Windows\System32\lsm.exe
    572 C:\Windows\System32\svchost.exe
    652 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    868 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1140 C:\Windows\explorer.exe
    1304 C:\Windows\System32\ctfmon.exe
    1752 C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
    1984 C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
    1168 C:\Windows\System32\svchost.exe
    1472 C:\Windows\explorer.exe
    672 C:\Users\chris\Desktop\MBRCheck.exe
    1620 C:\Windows\System32\conhost.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000003`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    ——————————————–
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    Nu de log van TDS:

    2011/06/13 21:16:26.0885 1520 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/13 21:16:26.0940 1520 ================================================================================
    2011/06/13 21:16:26.0940 1520 SystemInfo:
    2011/06/13 21:16:26.0940 1520
    2011/06/13 21:16:26.0940 1520 OS Version: 6.1.7600 ServicePack: 0.0
    2011/06/13 21:16:26.0940 1520 Product type: Workstation
    2011/06/13 21:16:26.0940 1520 ComputerName: CHRIS-PC
    2011/06/13 21:16:26.0940 1520 UserName: chris
    2011/06/13 21:16:26.0940 1520 Windows directory: C:\Windows
    2011/06/13 21:16:26.0940 1520 System windows directory: C:\Windows
    2011/06/13 21:16:26.0940 1520 Processor architecture: Intel x86
    2011/06/13 21:16:26.0940 1520 Number of processors: 2
    2011/06/13 21:16:26.0940 1520 Page size: 0x1000
    2011/06/13 21:16:26.0940 1520 Boot type: Safe boot with network
    2011/06/13 21:16:26.0940 1520 ================================================================================
    2011/06/13 21:16:28.0088 1520 Initialize success
    2011/06/13 21:16:38.0067 1680 ================================================================================
    2011/06/13 21:16:38.0067 1680 Scan started
    2011/06/13 21:16:38.0067 1680 Mode: Manual;
    2011/06/13 21:16:38.0067 1680 ================================================================================
    2011/06/13 21:16:38.0598 1680 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/06/13 21:16:38.0680 1680 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/06/13 21:16:38.0749 1680 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/06/13 21:16:38.0842 1680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/13 21:16:38.0918 1680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/13 21:16:38.0976 1680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/13 21:16:39.0084 1680 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/06/13 21:16:39.0131 1680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/06/13 21:16:39.0203 1680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/06/13 21:16:39.0282 1680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/06/13 21:16:39.0395 1680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/06/13 21:16:39.0441 1680 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/06/13 21:16:39.0515 1680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/13 21:16:39.0723 1680 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/06/13 21:16:39.0863 1680 Scan interrupted by user!
    2011/06/13 21:16:39.0863 1680 Scan interrupted by user!
    2011/06/13 21:16:39.0863 1680 ================================================================================
    2011/06/13 21:16:39.0863 1680 Scan finished
    2011/06/13 21:16:39.0863 1680 ================================================================================
    2011/06/13 21:16:39.0915 0260 Detected object count: 0
    2011/06/13 21:16:39.0915 0260 Actual detected object count: 0
    2011/06/13 21:16:42.0460 0552 ================================================================================
    2011/06/13 21:16:42.0460 0552 Scan started
    2011/06/13 21:16:42.0460 0552 Mode: Manual;
    2011/06/13 21:16:42.0460 0552 ================================================================================
    2011/06/13 21:16:42.0656 0552 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/06/13 21:16:42.0694 0552 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/06/13 21:16:42.0741 0552 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/06/13 21:16:42.0771 0552 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/13 21:16:42.0843 0552 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/13 21:16:42.0878 0552 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/13 21:16:42.0961 0552 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/06/13 21:16:43.0034 0552 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/06/13 21:16:43.0072 0552 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/06/13 21:16:43.0117 0552 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/06/13 21:16:43.0142 0552 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/06/13 21:16:43.0188 0552 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/06/13 21:16:43.0217 0552 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/13 21:16:43.0414 0552 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/06/13 21:16:43.0521 0552 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/06/13 21:16:43.0595 0552 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/13 21:16:43.0660 0552 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/06/13 21:16:43.0736 0552 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/13 21:16:43.0784 0552 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/06/13 21:16:43.0838 0552 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/06/13 21:16:43.0961 0552 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/13 21:16:43.0998 0552 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/13 21:16:44.0105 0552 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/06/13 21:16:44.0194 0552 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/06/13 21:16:44.0273 0552 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
    2011/06/13 21:16:44.0368 0552 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
    2011/06/13 21:16:44.0407 0552 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
    2011/06/13 21:16:44.0485 0552 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
    2011/06/13 21:16:44.0539 0552 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/13 21:16:44.0577 0552 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/06/13 21:16:44.0664 0552 athr (8d6e8178ab4379c932c34a109d27c5a9) C:\Windows\system32\DRIVERS\athr.sys
    2011/06/13 21:16:44.0904 0552 atikmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/06/13 21:16:45.0388 0552 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/06/13 21:16:45.0475 0552 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/06/13 21:16:45.0517 0552 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/06/13 21:16:45.0592 0552 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/13 21:16:45.0701 0552 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/13 21:16:45.0734 0552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/13 21:16:45.0760 0552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/13 21:16:45.0813 0552 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/13 21:16:45.0844 0552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/13 21:16:45.0875 0552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/13 21:16:45.0908 0552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/13 21:16:45.0930 0552 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/13 21:16:46.0150 0552 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/13 21:16:46.0241 0552 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/13 21:16:46.0306 0552 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/13 21:16:46.0350 0552 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/06/13 21:16:46.0465 0552 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/13 21:16:46.0487 0552 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/06/13 21:16:46.0521 0552 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/06/13 21:16:46.0611 0552 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/13 21:16:46.0699 0552 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/06/13 21:16:46.0866 0552 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/13 21:16:47.0099 0552 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/06/13 21:16:47.0177 0552 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/13 21:16:47.0222 0552 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/06/13 21:16:47.0296 0552 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/13 21:16:47.0433 0552 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/13 21:16:47.0527 0552 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/06/13 21:16:47.0577 0552 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/13 21:16:47.0761 0552 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/06/13 21:16:47.0938 0552 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/13 21:16:47.0981 0552 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/06/13 21:16:48.0031 0552 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/06/13 21:16:48.0064 0552 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/06/13 21:16:48.0147 0552 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/13 21:16:48.0187 0552 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/13 21:16:48.0221 0552 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/06/13 21:16:48.0247 0552 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/13 21:16:48.0298 0552 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/13 21:16:48.0343 0552 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/13 21:16:48.0378 0552 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/13 21:16:48.0464 0552 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/13 21:16:48.0486 0552 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/13 21:16:48.0538 0552 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/13 21:16:48.0621 0552 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/13 21:16:48.0704 0552 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/13 21:16:48.0730 0552 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/13 21:16:48.0770 0552 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/13 21:16:48.0838 0552 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/13 21:16:48.0933 0552 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/13 21:16:48.0988 0552 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/06/13 21:16:49.0059 0552 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/06/13 21:16:49.0099 0552 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/13 21:16:49.0121 0552 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/13 21:16:49.0168 0552 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/06/13 21:16:49.0213 0552 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/13 21:16:49.0389 0552 IntcAzAudAddService (441a9adce9394e18ff6c23f77c983c04) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/06/13 21:16:49.0490 0552 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/06/13 21:16:49.0549 0552 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/13 21:16:49.0586 0552 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/13 21:16:49.0620 0552 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/06/13 21:16:49.0650 0552 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/06/13 21:16:49.0720 0552 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/06/13 21:16:49.0736 0552 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/06/13 21:16:49.0775 0552 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/13 21:16:49.0832 0552 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/13 21:16:49.0879 0552 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/06/13 21:16:49.0913 0552 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/13 21:16:49.0962 0552 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/13 21:16:50.0032 0552 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/13 21:16:50.0110 0552 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/13 21:16:50.0135 0552 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/13 21:16:50.0162 0552 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/13 21:16:50.0183 0552 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/13 21:16:50.0232 0552 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/06/13 21:16:50.0346 0552 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
    2011/06/13 21:16:50.0393 0552 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/13 21:16:50.0473 0552 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/13 21:16:50.0498 0552 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/06/13 21:16:50.0579 0552 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/13 21:16:50.0648 0552 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/13 21:16:50.0665 0552 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/13 21:16:50.0716 0552 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/13 21:16:50.0734 0552 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/06/13 21:16:51.0380 0552 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/13 21:16:51.0427 0552 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/13 21:16:51.0514 0552 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/13 21:16:51.0567 0552 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/13 21:16:51.0603 0552 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/13 21:16:51.0626 0552 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/06/13 21:16:51.0656 0552 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/06/13 21:16:51.0704 0552 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/06/13 21:16:51.0732 0552 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/13 21:16:51.0757 0552 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/06/13 21:16:51.0836 0552 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/13 21:16:51.0858 0552 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/13 21:16:51.0874 0552 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/13 21:16:51.0925 0552 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/13 21:16:51.0962 0552 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/13 21:16:51.0996 0552 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/13 21:16:52.0026 0552 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/13 21:16:52.0065 0552 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/06/13 21:16:52.0295 0552 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/06/13 21:16:52.0346 0552 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers
    dis.sys
    2011/06/13 21:16:52.0427 0552 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS
    discap.sys
    2011/06/13 21:16:52.0462 0552 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/06/13 21:16:52.0479 0552 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/06/13 21:16:52.0518 0552 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/06/13 21:16:52.0547 0552 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/13 21:16:52.0592 0552 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/06/13 21:16:52.0615 0552 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/06/13 21:16:52.0700 0552 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/06/13 21:16:52.0722 0552 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/06/13 21:16:52.0749 0552 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers
    siproxy.sys
    2011/06/13 21:16:52.0823 0552 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/13 21:16:52.0881 0552 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/06/13 21:16:52.0930 0552 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS
    vraid.sys
    2011/06/13 21:16:52.0981 0552 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS
    vstor.sys
    2011/06/13 21:16:53.0012 0552 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS
    v_agp.sys
    2011/06/13 21:16:53.0041 0552 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/06/13 21:16:53.0095 0552 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/13 21:16:53.0160 0552 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/06/13 21:16:53.0198 0552 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/06/13 21:16:53.0233 0552 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/06/13 21:16:53.0269 0552 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/06/13 21:16:53.0288 0552 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/13 21:16:53.0341 0552 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/06/13 21:16:53.0388 0552 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/06/13 21:16:53.0603 0552 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/13 21:16:53.0626 0552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/13 21:16:53.0710 0552 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/13 21:16:53.0766 0552 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/13 21:16:53.0868 0552 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/13 21:16:53.0909 0552 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/13 21:16:53.0931 0552 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/13 21:16:53.0987 0552 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/13 21:16:54.0037 0552 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/13 21:16:54.0087 0552 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/13 21:16:54.0163 0552 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/13 21:16:54.0197 0552 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/13 21:16:54.0243 0552 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/13 21:16:54.0280 0552 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/13 21:16:54.0320 0552 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/06/13 21:16:54.0398 0552 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/13 21:16:54.0438 0552 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/13 21:16:54.0471 0552 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/13 21:16:54.0544 0552 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/13 21:16:54.0661 0552 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/13 21:16:54.0754 0552 RSUSBSTOR (f1ed9ffa59c369e72bc53a7631346f61) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/06/13 21:16:54.0835 0552 RTHDMIAzAudService (2fdc33b63f80fbfe95203c2186af0ce8) C:\Windows\system32\drivers\RtHDMIV.sys
    2011/06/13 21:16:54.0876 0552 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/06/13 21:16:54.0917 0552 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/06/13 21:16:54.0966 0552 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/06/13 21:16:55.0059 0552 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
    2011/06/13 21:16:55.0097 0552 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/13 21:16:55.0200 0552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/06/13 21:16:55.0289 0552 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/13 21:16:55.0313 0552 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/13 21:16:55.0346 0552 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/13 21:16:55.0423 0552 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/06/13 21:16:55.0460 0552 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/06/13 21:16:55.0489 0552 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/06/13 21:16:55.0522 0552 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/13 21:16:55.0606 0552 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/06/13 21:16:55.0648 0552 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/13 21:16:55.0671 0552 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/13 21:16:55.0731 0552 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/13 21:16:55.0810 0552 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/06/13 21:16:55.0953 0552 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/06/13 21:16:56.0026 0552 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/13 21:16:56.0102 0552 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/13 21:16:56.0169 0552 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/13 21:16:56.0279 0552 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/13 21:16:56.0364 0552 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/06/13 21:16:56.0405 0552 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/06/13 21:16:56.0431 0552 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/13 21:16:56.0556 0552 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/06/13 21:16:56.0679 0552 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/13 21:16:56.0720 0552 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/13 21:16:56.0760 0552 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/13 21:16:56.0784 0552 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/13 21:16:56.0808 0552 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/13 21:16:56.0846 0552 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/13 21:16:56.0922 0552 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/13 21:16:57.0088 0552 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    2011/06/13 21:16:57.0160 0552 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/13 21:16:57.0187 0552 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/13 21:16:57.0229 0552 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/13 21:16:57.0331 0552 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/06/13 21:16:57.0418 0552 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/13 21:16:57.0470 0552 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/13 21:16:57.0587 0552 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/06/13 21:16:57.0619 0552 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/13 21:16:57.0723 0552 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/06/13 21:16:57.0772 0552 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/13 21:16:57.0850 0552 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/13 21:16:57.0894 0552 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/13 21:16:57.0911 0552 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/13 21:16:57.0944 0552 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/13 21:16:57.0971 0552 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/13 21:16:58.0058 0552 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
    2011/06/13 21:16:58.0162 0552 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/06/13 21:16:58.0196 0552 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/13 21:16:58.0230 0552 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/06/13 21:16:58.0260 0552 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/06/13 21:16:58.0303 0552 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/06/13 21:16:58.0336 0552 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/06/13 21:16:58.0357 0552 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/06/13 21:16:58.0411 0552 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/06/13 21:16:58.0447 0552 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/06/13 21:16:58.0479 0552 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/06/13 21:16:58.0521 0552 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/13 21:16:58.0549 0552 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/06/13 21:16:58.0598 0552 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/13 21:16:58.0639 0552 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/06/13 21:16:58.0720 0552 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/06/13 21:16:58.0761 0552 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/13 21:16:58.0782 0552 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/13 21:16:58.0800 0552 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/13 21:16:58.0899 0552 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/13 21:16:58.0948 0552 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/13 21:16:59.0057 0552 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/13 21:16:59.0080 0552 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/06/13 21:16:59.0200 0552 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/06/13 21:16:59.0303 0552 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/13 21:16:59.0372 0552 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/13 21:16:59.0448 0552 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/13 21:16:59.0608 0552 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/06/13 21:16:59.0648 0552 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
    2011/06/13 21:16:59.0659 0552 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/06/13 21:16:59.0670 0552 ================================================================================
    2011/06/13 21:16:59.0670 0552 Scan finished
    2011/06/13 21:16:59.0670 0552 ================================================================================
    2011/06/13 21:16:59.0708 1976 Detected object count: 1
    2011/06/13 21:16:59.0708 1976 Actual detected object count: 1
    2011/06/13 21:17:09.0046 1976 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/06/13 21:17:09.0046 1976 \Device\Harddisk0\DR0 - ok
    2011/06/13 21:17:09.0047 1976 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/06/13 21:17:28.0931 1724 Deinitialize success


    Bij deze! Nu ga ik de computer rebooten ivm de rootkit die is gevonden en gecured wordt na herstart.
  • Prima, probeer dan of het mogelijk is weer gewoon op te starten.
  • Ehm, ik wil niet te vroeg juichen maar ik ben nu in normale modus en hij doet het nu al een tijdje zonder enige probleem! Kan het de rootkit zijn geweest? Is dit een herkenbaar iets van een rootkit?

    Mocht het nu gefixed zijn, wil ik je echt hartelijk bedanken voor de moeite die je er in hebt gestoken!!!!
  • Die rootkit kan in combinatie met ………. voor een hoop narigheid zorgen inderdaad!
    Bovenal zijn rootkits ook in staat andere malware voor antivirus en normale scans onzichtbaar te maken!

    Start MBAM middels rechtsklik met adminrechten weer op, eerst de tab update aandoen om te controleren op nieuwe database.

    Dan een snelle scan doen en de inhoud van het log in je volgende bericht posten.

    Heb je via msconfig het vinkje voor veilige modus al weer weggehaald?
  • Hallo Abraham, Nu werkte alles een tijdje prima, totdat AVAST weer aangaf een rootkit en malware te hebben ontdekt. In dos heeft ie langer dan een uur gescanned en rootkits en trojans verwijderd.

    Na dit gedaan te hebben wilde ik de scan met MalwareBytes nogmaals doen zoals je zei..Toen gaf ie weer, zowel Avast als MalwareBytes een rootkit, malware en spyware aan, net alsof het steeds terugkomt. We zijn wel een stuk verder dan eerst, ik kan weer in normale modus (al doe ik dat nu niet) maar nu zit ik met die dingen te kijken..Wat nu?

    Zoals je vroeg, nog een log van MalwareBytes:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6854

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    14-6-2011 18:34:55
    mbam-log-2011-06-14 (18-34-55).txt

    Scantype: Snelle scan
    Objecten gescand: 158187
    Verstreken tijd: 5 minuut/minuten, 43 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KB984437.exe (Spyware.Passwords.XGen) -> Value: KB984437.exe -> Delete on reboot.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Windows\System32\config\systemprofile\AppData\Roaming\KB984437.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Windows\temp\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Windows\temp\uswc\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.