Vraag & Antwoord

Beveiliging & privacy

Blauw scherm na opstarten 0x000000e4

67 antwoorden
  • En of je een zware besmetting in jouw Windows hebt! Kan je nog wel in veilige modus opstarten?
  • Jawel, ik bevind me op dit moment in veilige modus. Is het zo erg ja? Ai ai ai. Ik hoop het niet.
  • Oke. Laat MBAM nu eerst een snelle scan doen en post dan de inhoud van het log in je volgende bericht.
  • Dat ga ik direct doen, bedankt voor je hulp!
  • Ok, ik heb de scan gedaan, hier onder de log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6846 Windows 6.1.7600 (Safe Mode) Internet Explorer 9.0.7930.16406 13-6-2011 16:10:50 mbam-log-2011-06-13 (16-10-50).txt Scantype: Snelle scan Objecten gescand: 155624 Verstreken tijd: 4 minuut/minuten, 19 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  • Dat is een heel oude MBAM - die is in tijden niet meer geupdated! Maar goed, we gaan door! [b:a464cfb825]Welk programma[/b:a464cfb825]: ComboFix [b:a464cfb825]Waarvoor/waarom[/b:a464cfb825]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:a464cfb825]Moeilijkheidsgraad[/b:a464cfb825]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:a464cfb825]Downloadlokatie[/b:a464cfb825]: Dit programma absoluut naar het bureaublad downloaden! [b:a464cfb825]Download ComboFix via één van deze locaties[/b:a464cfb825]: [list:a464cfb825][*:a464cfb825][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:a464cfb825]Bleepingcomputer[/b:a464cfb825][/url] [*:a464cfb825][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:a464cfb825]ForoSpyware[/b:a464cfb825][/url] [*:a464cfb825][url=http://subs.geekstogo.com/ComboFix.exe][b:a464cfb825]Geekstogo[/b:a464cfb825][/url][/list:u:a464cfb825] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:a464cfb825]Hier[/b:a464cfb825][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:a464cfb825]Hier[/b:a464cfb825][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:a464cfb825]hier[/b:a464cfb825][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:a464cfb825]Voor alle duidelijkheid nogmaals[/b:a464cfb825]: ComboFix dient vanaf het bureaublad gestart te worden. [b:a464cfb825]Opmerkingen[/b:a464cfb825]: [list:a464cfb825][*:a464cfb825] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:a464cfb825]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:a464cfb825]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a464cfb825] [b:a464cfb825]ComboFix is opgestart[/b:a464cfb825]: [list:a464cfb825][*:a464cfb825]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:a464cfb825]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:a464cfb825]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:a464cfb825]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:a464cfb825]Post de inhoud van dit logbestand in je volgende bericht. [*:a464cfb825]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a464cfb825] [b:a464cfb825]Belangrijke opmerking[/b:a464cfb825]: [list:a464cfb825][*:a464cfb825][b:a464cfb825][color=Red:a464cfb825]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a464cfb825][/b:a464cfb825] [*:a464cfb825][b:a464cfb825][color=blue:a464cfb825]Illegal operation attempted on a registery key that has been marked for deletion.[/color:a464cfb825][/b:a464cfb825] [*:a464cfb825][b:a464cfb825][color=Red:a464cfb825]Start dan de computer opnieuw op.[/color:a464cfb825][/b:a464cfb825][/list:u:a464cfb825]
  • Dit gaat allemaal goed, totdat hij opnieuw opstart, naar de normale modus om de log te maken en daar crashed hij. Hoe zorg ik er voor dat hij ook dan in de veilige modus opstart?
  • Je bent nu zelf weer in veilige modus aanwezig, zoek dan naar [b:5d1d9af27e]C:\combofix.txt[/b:5d1d9af27e] en post dan de inhoud van dat log.
  • Ja maar hij was nog niet klaar. Hij was nog bezig toen hij was herstart naar de normale modus, om de log te maken.
  • Om telkens naar Veilige modus op te starten dien je via de Systeemconfiguratie een verandering aan te brengen. Ga naar [b:9056efb4d8]Start[/b:9056efb4d8] en typ [in de zoekregel [b:9056efb4d8]msconfig[/b:9056efb4d8]; bovenaan het startmenu zie je nu de betreffende snelkoppeling. Klik deze snelkoppeling met rechts aan en kies voor [b:9056efb4d8]Als administrator uitvoeren[/b:9056efb4d8]. Klik op de tab "Computer opstarten" en zet vervolgens een vinkje bij "Opstarten in veilige modus". Klik vervolgens op de knoppen Toepassen en OK.
  • ComboFix 11-06-11.01 - chris 13-06-2011 18:16:58.1.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3067.2374 [GMT 2:00] Gestart vanuit: c:\users\chris\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\chris\AppData\Roaming\Autorun.vbs c:\windows\system32\msvfd32.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Adobe Licensing Console . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))) . . 2011-06-13 16:26 . 2011-06-13 16:55 -------- d-----w- c:\users\chris\AppData\Local\temp 2011-06-13 12:22 . 2011-06-13 12:22 -------- d-----w- c:\program files\ESET 2011-06-12 21:34 . 2011-06-14 02:06 -------- d-----w- c:\program files\WhiteSmoke 2011-06-12 19:34 . 2011-06-12 19:34 -------- d-----w- c:\users\chris\AppData\Roaming\Elephant Games 2011-06-12 19:34 . 2011-06-12 19:34 -------- d-----w- c:\programdata\Elephant Games 2011-06-08 13:39 . 2011-06-12 16:53 -------- d-----w- c:\programdata\MumboJumbo 2011-06-08 13:36 . 2011-06-08 13:36 -------- d-----w- c:\program files\Midnight Mysteries 2 - Salem Witch Trials 2011-06-06 14:24 . 2011-06-06 14:24 -------- d-----w- C:\found.000 2011-06-04 22:48 . 2011-06-04 22:48 -------- d-----w- c:\users\chris\AppData\Roaming\MumboJumbo 2011-06-03 14:20 . 2011-06-03 14:20 -------- d-----w- c:\users\chris\AppData\Roaming\ERS G-Studio 2011-05-16 20:49 . 2011-05-16 20:49 -------- d-----w- c:\program files\Toontrack 2011-05-16 14:48 . 2011-05-16 14:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-10 12:10 . 2011-03-15 12:18 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-03-15 12:18 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-03-15 12:19 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-03-15 12:19 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-03-15 12:19 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-03-15 12:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-03-15 12:19 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-03-15 12:19 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-12 11:48 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll 2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll 2011-04-09 06:13 . 2011-05-11 09:51 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 09:51 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-13 13:39 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-03-30 19:25 . 2011-03-30 19:25 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-03-22 23:07 . 2011-03-21 23:41 214592 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-03-22 23:07 . 2011-01-24 14:35 214592 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-03-22 22:45 . 2011-01-24 14:35 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-03-21 23:38 . 2011-01-24 14:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-03-21 22:44 . 2011-01-24 14:35 139152 ----a-w- c:\users\chris\AppData\Roaming\PnkBstrK.sys 2011-03-21 22:44 . 2011-01-24 14:35 794408 ----a-w- c:\windows\system32\pbsvc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-01-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-23 691696] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 MpKsl0b23077e;MpKsl0b23077e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AEF6FF7-23A2-49C3-98BD-7523D6F3FC39}\MpKsl0b23077e.sys [x] R1 MpKsl3da37183;MpKsl3da37183;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B46F1CD-3932-4299-995B-FB457B59B6F6}\MpKsl3da37183.sys [x] R1 MpKsl3ee365fb;MpKsl3ee365fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEE9EE21-12DE-4AB6-BB02-292557A2E9CC}\MpKsl3ee365fb.sys [x] R1 MpKsl40f1ff5e;MpKsl40f1ff5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088FCD57-D462-4E14-B483-A2E8B09BE3CC}\MpKsl40f1ff5e.sys [x] R1 MpKsl5fb80aac;MpKsl5fb80aac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24DFFBFF-DE76-45DB-8B1D-CEC81C1D906F}\MpKsl5fb80aac.sys [x] R1 MpKsl6f79eec8;MpKsl6f79eec8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEE9EE21-12DE-4AB6-BB02-292557A2E9CC}\MpKsl6f79eec8.sys [x] R1 MpKsl74f13669;MpKsl74f13669;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088FCD57-D462-4E14-B483-A2E8B09BE3CC}\MpKsl74f13669.sys [x] R1 MpKsl7e7fa5aa;MpKsl7e7fa5aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E4E3AC2-019C-48CF-BCBC-50E4E3B988E5}\MpKsl7e7fa5aa.sys [x] R1 MpKsl855a6fb4;MpKsl855a6fb4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3E3847D-7AB9-4B75-91E8-067076C6B630}\MpKsl855a6fb4.sys [x] R1 MpKsl8f64b385;MpKsl8f64b385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{623F0ABE-AD31-4B3E-B9FB-CBB4E460B1E0}\MpKsl8f64b385.sys [x] R1 MpKsl90fe6279;MpKsl90fe6279;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71E54884-DF44-432B-A934-BE7A3ECC25A3}\MpKsl90fe6279.sys [x] R1 MpKslbc31b152;MpKslbc31b152;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B46F1CD-3932-4299-995B-FB457B59B6F6}\MpKslbc31b152.sys [x] R1 MpKslc478554e;MpKslc478554e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F369D9A-BCEF-4F53-8BBB-8C66837B7629}\MpKslc478554e.sys [x] R1 MpKslc9214b83;MpKslc9214b83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3E3847D-7AB9-4B75-91E8-067076C6B630}\MpKslc9214b83.sys [x] R1 MpKslca0afb45;MpKslca0afb45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71E54884-DF44-432B-A934-BE7A3ECC25A3}\MpKslca0afb45.sys [x] R1 MpKslcaafffb1;MpKslcaafffb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E4E3AC2-019C-48CF-BCBC-50E4E3B988E5}\MpKslcaafffb1.sys [x] R1 MpKsld2177935;MpKsld2177935;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24DFFBFF-DE76-45DB-8B1D-CEC81C1D906F}\MpKsld2177935.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944] R3 cpuz134;cpuz134;c:\users\chris\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] R3 WatAdminSvc;WatAdminSvc; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-30 218688] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://www.fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\qrcra0jp.default\ FF - prefs.js: browser.startup.homepage - www.google.nl FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes] "ServiceDll"="%SystemRoot%\system32\themeservice.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.Defrag] "ImagePath"="c:\program files\TuneUp Utilities 2010\TuneUpDefragService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUp.UtilitiesSvc] "ImagePath"="\"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TuneUpUtilitiesDrv] "ImagePath"="\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35] "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx] "ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass] "ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmRdpService] "ServiceDll"="%SystemRoot%\System32\umrdp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir] "ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci] "ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint] "ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxTuneUp] "ServiceDll"="%SystemRoot%\System32\uxtuneup.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot] "ImagePath"="system32\DRIVERS\vdrvroot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp] "ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaagp] "ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ViaC7] "ImagePath"="\SystemRoot\system32\DRIVERS\viac7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide] "ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmbus] "ImagePath"="\SystemRoot\system32\DRIVERS\vmbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMBusHID] "ImagePath"="\SystemRoot\system32\DRIVERS\VMBusHID.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr] "ImagePath"="system32\DRIVERS\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap] "ImagePath"="system32\DRIVERS\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid] "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus] "ImagePath"="system32\DRIVERS\vwifibus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt] "ImagePath"="system32\DRIVERS\vwififlt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen] "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc] "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc] "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd] "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf] "ImagePath"="system32\DRIVERS\wfplwf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount] "ImagePath"="system32\drivers\wimmount.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi] "ImagePath"="system32\DRIVERS\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc] "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc] "ServiceDll"="%SystemRoot%\System32\wwansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xusb21] "ImagePath"="system32\DRIVERS\xusb21.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{31CDAAC5-4CAC-4274-AFB9-ECA143C7B453}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{9ED94C3B-8D0E-4B13-ABB4-FC5B79F1D1BF}] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1771469208-3845433601-1095379348-1001\Software\SecuROM\License information*] "datasecu"=hex:3d,b8,e9,d4,5d,43,6e,85,17,0c,b7,0f,bc,0c,a6,ce,10,ff,3f,b8,55, 9c,ee,7b,cb,25,ef,df,7e,7e,66,6c,b6,b7,d5,6c,8e,49,6b,f6,ff,6f,b4,66,40,76,\ "rkeysecu"=hex:57,52,52,b0,eb,ea,c9,c7,6c,51,16,9a,04,97,57,df . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\conhost.exe c:\windows\helppane.exe . ************************************************************************** . Voltooingstijd: 2011-06-13 19:10:47 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-13 17:10 ComboFix2.txt 2011-06-13 15:42 . Pre-Run: 85.016.993.792 bytes beschikbaar Post-Run: 84.591.517.696 bytes beschikbaar . - - End Of File - - 8CF5DC7ADDFC53FD081A79DF2ADCCA91
  • Ik zie dat jij TuneUp 2010 gebruikt. Heb je de mogelijkheid alle gemaakte tweaks terug te zetten via dat tool? Zoja - absoluut doen! Kan je al weer opstarten naar je gewonde bureaublad? 2 nieuwe scans te doen: 1) [b:e6f1a1c2eb]Welk programma[/b:e6f1a1c2eb]: MBRCheck.exe [b:e6f1a1c2eb]Waarvoor/waarom[/b:e6f1a1c2eb]: speciale scan op mbr-rootkits [b:e6f1a1c2eb]Moeilijkheidsgraad[/b:e6f1a1c2eb]: geen. [b:e6f1a1c2eb]Download [url=http://ad13.geekstogo.com/MBRCheck.exe]MBRCheck.exe[/url][/b:e6f1a1c2eb] [b:e6f1a1c2eb]MBRCheck.exe opstarten[/b:e6f1a1c2eb]: Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe". Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren". [list:e6f1a1c2eb][*:e6f1a1c2eb]een zwart scherm toont zich met enkele data erin. [*:e6f1a1c2eb]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen. [*:e6f1a1c2eb]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:e6f1a1c2eb] 2) [b:e6f1a1c2eb]Welk programma[/b:e6f1a1c2eb]: Kaspersky [b:e6f1a1c2eb]TDSSKiller[/b:e6f1a1c2eb] [b:e6f1a1c2eb]Waarvoor/waarom[/b:e6f1a1c2eb]: Rootkitscanner [b:e6f1a1c2eb]Moeilijkheidsgraad[/b:e6f1a1c2eb]: geen [b:e6f1a1c2eb]Downloadlokatie[/b:e6f1a1c2eb]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:e6f1a1c2eb]Download[/b:e6f1a1c2eb] [b:e6f1a1c2eb]TDSSKiller[/b:e6f1a1c2eb] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:e6f1a1c2eb]hier[/b:e6f1a1c2eb][/url]. [b:e6f1a1c2eb]Installatie[/b:e6f1a1c2eb]: [list:e6f1a1c2eb][*:e6f1a1c2eb] pak het bestand uit op je bureaublad.[/list:u:e6f1a1c2eb] [b:e6f1a1c2eb]TDSSKiller gebruiken[/b:e6f1a1c2eb]: [list:e6f1a1c2eb][*:e6f1a1c2eb]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:e6f1a1c2eb]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:e6f1a1c2eb]Als Administrator uitvoeren[/b:e6f1a1c2eb]. [*:e6f1a1c2eb] Nadat de scan klaar is, vindt je het log in de C:\ partitie [*:e6f1a1c2eb] Post de inhoud van dat log[/list:u:e6f1a1c2eb] [b:e6f1a1c2eb]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:e6f1a1c2eb] [list:e6f1a1c2eb][*:e6f1a1c2eb] MBRCheck-log [*:e6f1a1c2eb] TDSSKiller-log [*:e6f1a1c2eb] laat ook weten wanneer je ergens een probleem mee hebt[/list:u:e6f1a1c2eb]
  • Ik heb geen idee wat Tuneup is, ik heb deze laptop 2ehands overkocht van de vriend van m'n moeder, die heeft er wat spul opgezet. Ik handel nog steeds vanuit veilige modus omdat normale modus nog steeds crashed. Wat moet ik nu doen? Want ik zie hier boven staan dat ik een aantal dingen moet doen als admin, wat ik vanuit veilige modus geloof ik niet kan doen.
  • Doe nu maar die scans zoals aangegeven. Heb je geen rechtsklik optie, dan kan je beter gaan nadenken over een recovery-installatie! Waarom je dat al niet eerder hebt gedaan, weet ik niet. Maar dan was het helemaal jouw Windows geworden!
  • Het is me gelukt om het als admin uit te voeren, het ging nu gewoon (nogmaals bedankt voor de moeite). Hier onder volgt eerst de log van MDR: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Packard Bell BV BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Packard Bell BV System Product Name: EASYNOTE TN65 Logical Drives Mask: 0x0000001c Kernel Drivers (total 164): 0x8241A000 \SystemRoot\system32\ntkrnlpa.exe 0x8282A000 \SystemRoot\system32\halmacpi.dll 0x85E12000 \SystemRoot\system32\kdcom.dll 0x82A2E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x82AA6000 \SystemRoot\system32\PSHED.dll 0x82AB7000 \SystemRoot\system32\BOOTVID.dll 0x82ABF000 \SystemRoot\system32\CLFS.SYS 0x82B01000 \SystemRoot\system32\CI.dll 0x8A83A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8A8AB000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8A9AC000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8A9B5000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x82BAC000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8A9DB000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8A9E3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8A800000 \SystemRoot\system32\DRIVERS\pci.sys 0x8A9EE000 \SystemRoot\System32\drivers\partmgr.sys 0x8A82A000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x82BF4000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82A00000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8AA12000 \SystemRoot\System32\drivers\volmgrx.sys 0x8AA5D000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AA73000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8AA7C000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8AA9F000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8AAA9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8AAB7000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8AAC0000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AAF4000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AC14000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AD43000 \SystemRoot\System32\Drivers\msrpc.sys 0x8AD6E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AD81000 \SystemRoot\System32\Drivers\cng.sys 0x8ADDE000 \SystemRoot\System32\drivers\pcw.sys 0x8ADEC000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8AB05000 \SystemRoot\system32\drivers\ndis.sys 0x8ABBC000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE1A000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8AE3F000 \SystemRoot\System32\drivers\tcpip.sys 0x8AF88000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AFB9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B037000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B07E000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B0AB000 \SystemRoot\System32\Drivers\mup.sys 0x8B0BB000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B0C3000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B0F5000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B106000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B15E000 \SystemRoot\System32\Drivers\Null.SYS 0x8B165000 \SystemRoot\System32\Drivers\Beep.SYS 0x8B16C000 \SystemRoot\System32\drivers\vga.sys 0x8B178000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B199000 \SystemRoot\System32\drivers\watchdog.sys 0x8B1A6000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B1AE000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B1B9000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B1C7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B1DE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8A8B9000 \SystemRoot\system32\drivers\afd.sys 0x8B1F3000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x8B000000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8B076000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8AFC2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8AFE1000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8AFF2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8A913000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8B1E9000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E212000 \SystemRoot\system32\drivers\csc.sys 0x8E276000 \SystemRoot\System32\Drivers\dfsc.sys 0x8E28E000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8E2AF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E2CE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8E2D9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8E324000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E333000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x8E837000 \SystemRoot\system32\DRIVERS\athr.sys 0x8E9F1000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x8E800000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8E818000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8E825000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E378000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E397000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8E3A0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8E3AE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8E3BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8E3C5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8E3D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8E3EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A954000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8AE00000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8A976000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8A98D000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8E200000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x8AC00000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E832000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8EE28000 \SystemRoot\system32\DRIVERS\ks.sys 0x8EE5C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x8EE97000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8EEA5000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8EEE9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x94260000 \SystemRoot\System32\win32k.sys 0x8EEFA000 \SystemRoot\System32\drivers\Dxapi.sys 0x8EF04000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8EF11000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8EF1C000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x8EF26000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x944B0000 \SystemRoot\System32\drivers\dxg.sys 0x944E0000 \SystemRoot\System32\TSDDD.dll 0x8EF37000 \SystemRoot\System32\Drivers\RtsUStor.sys 0x8EF68000 \SystemRoot\System32\Drivers\USBD.SYS 0x94560000 \SystemRoot\System32\framebuf.dll 0x8EF6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8EF81000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8EF8C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8EF9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8EFA6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8EFB1000 \SystemRoot\system32\drivers\WudfPf.sys 0x95A29000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x95A6F000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x95A7F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x95A98000 \SystemRoot\System32\drivers\mpsdrv.sys 0x95AAA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x95ACD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x95B08000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x779F0000 \Windows\System32\ntdll.dll 0x47FD0000 \Windows\System32\smss.exe 0x77C30000 \Windows\System32\apisetschema.dll 0x00EF0000 \Windows\System32\autochk.exe 0x778E0000 \Windows\System32\urlmon.dll 0x77B40000 \Windows\System32\kernel32.dll 0x77810000 \Windows\System32\user32.dll 0x77B30000 \Windows\System32\psapi.dll 0x77790000 \Windows\System32\comdlg32.dll 0x776E0000 \Windows\System32\rpcrt4.dll 0x77640000 \Windows\System32\usp10.dll 0x775B0000 \Windows\System32\clbcatq.dll 0x77590000 \Windows\System32\sechost.dll 0x773F0000 \Windows\System32\setupapi.dll 0x77390000 \Windows\System32\shlwapi.dll 0x77360000 \Windows\System32\imagehlp.dll 0x77240000 \Windows\System32\wininet.dll 0x77190000 \Windows\System32\msvcrt.dll 0x77150000 \Windows\System32\ws2_32.dll 0x770C0000 \Windows\System32\oleaut32.dll 0x77020000 \Windows\System32\advapi32.dll 0x77010000 \Windows\System32\nsi.dll 0x763C0000 \Windows\System32\shell32.dll 0x76370000 \Windows\System32\gdi32.dll 0x76360000 \Windows\System32\lpk.dll 0x76340000 \Windows\System32\imm32.dll 0x762E0000 \Windows\System32\difxapi.dll 0x76290000 \Windows\System32\Wldap32.dll 0x76130000 \Windows\System32\ole32.dll 0x76120000 \Windows\System32\normaliz.dll 0x75F20000 \Windows\System32\iertutil.dll 0x75E50000 \Windows\System32\msctf.dll 0x75E20000 \Windows\System32\cfgmgr32.dll 0x75DF0000 \Windows\System32\xmllite.dll 0x75DC0000 \Windows\System32\wintrust.dll 0x75D30000 \Windows\System32\comctl32.dll 0x75CE0000 \Windows\System32\KernelBase.dll 0x75BC0000 \Windows\System32\crypt32.dll 0x75BA0000 \Windows\System32\devobj.dll 0x75B90000 \Windows\System32\msasn1.dll Processes (total 26): 0 System Idle Process 4 System 236 C:\Windows\System32\smss.exe 320 csrss.exe 368 csrss.exe 376 C:\Windows\System32\wininit.exe 404 C:\Windows\System32\winlogon.exe 464 C:\Windows\System32\services.exe 472 C:\Windows\System32\lsass.exe 480 C:\Windows\System32\lsm.exe 572 C:\Windows\System32\svchost.exe 652 C:\Windows\System32\svchost.exe 744 C:\Windows\System32\svchost.exe 780 C:\Windows\System32\svchost.exe 868 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\svchost.exe 968 C:\Windows\System32\svchost.exe 1116 C:\Windows\System32\svchost.exe 1140 C:\Windows\explorer.exe 1304 C:\Windows\System32\ctfmon.exe 1752 C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe 1984 C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe 1168 C:\Windows\System32\svchost.exe 1472 C:\Windows\explorer.exe 672 C:\Users\chris\Desktop\MBRCheck.exe 1620 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`00100000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! Nu de log van TDS: 2011/06/13 21:16:26.0885 1520 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/13 21:16:26.0940 1520 ================================================================================ 2011/06/13 21:16:26.0940 1520 SystemInfo: 2011/06/13 21:16:26.0940 1520 2011/06/13 21:16:26.0940 1520 OS Version: 6.1.7600 ServicePack: 0.0 2011/06/13 21:16:26.0940 1520 Product type: Workstation 2011/06/13 21:16:26.0940 1520 ComputerName: CHRIS-PC 2011/06/13 21:16:26.0940 1520 UserName: chris 2011/06/13 21:16:26.0940 1520 Windows directory: C:\Windows 2011/06/13 21:16:26.0940 1520 System windows directory: C:\Windows 2011/06/13 21:16:26.0940 1520 Processor architecture: Intel x86 2011/06/13 21:16:26.0940 1520 Number of processors: 2 2011/06/13 21:16:26.0940 1520 Page size: 0x1000 2011/06/13 21:16:26.0940 1520 Boot type: Safe boot with network 2011/06/13 21:16:26.0940 1520 ================================================================================ 2011/06/13 21:16:28.0088 1520 Initialize success 2011/06/13 21:16:38.0067 1680 ================================================================================ 2011/06/13 21:16:38.0067 1680 Scan started 2011/06/13 21:16:38.0067 1680 Mode: Manual; 2011/06/13 21:16:38.0067 1680 ================================================================================ 2011/06/13 21:16:38.0598 1680 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/06/13 21:16:38.0680 1680 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/06/13 21:16:38.0749 1680 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/06/13 21:16:38.0842 1680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/06/13 21:16:38.0918 1680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/06/13 21:16:38.0976 1680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/06/13 21:16:39.0084 1680 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/06/13 21:16:39.0131 1680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/06/13 21:16:39.0203 1680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/06/13 21:16:39.0282 1680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/06/13 21:16:39.0395 1680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/06/13 21:16:39.0441 1680 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/06/13 21:16:39.0515 1680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/13 21:16:39.0723 1680 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/06/13 21:16:39.0863 1680 Scan interrupted by user! 2011/06/13 21:16:39.0863 1680 Scan interrupted by user! 2011/06/13 21:16:39.0863 1680 ================================================================================ 2011/06/13 21:16:39.0863 1680 Scan finished 2011/06/13 21:16:39.0863 1680 ================================================================================ 2011/06/13 21:16:39.0915 0260 Detected object count: 0 2011/06/13 21:16:39.0915 0260 Actual detected object count: 0 2011/06/13 21:16:42.0460 0552 ================================================================================ 2011/06/13 21:16:42.0460 0552 Scan started 2011/06/13 21:16:42.0460 0552 Mode: Manual; 2011/06/13 21:16:42.0460 0552 ================================================================================ 2011/06/13 21:16:42.0656 0552 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/06/13 21:16:42.0694 0552 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/06/13 21:16:42.0741 0552 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/06/13 21:16:42.0771 0552 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/06/13 21:16:42.0843 0552 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/06/13 21:16:42.0878 0552 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/06/13 21:16:42.0961 0552 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/06/13 21:16:43.0034 0552 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/06/13 21:16:43.0072 0552 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/06/13 21:16:43.0117 0552 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/06/13 21:16:43.0142 0552 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/06/13 21:16:43.0188 0552 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/06/13 21:16:43.0217 0552 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/13 21:16:43.0414 0552 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/06/13 21:16:43.0521 0552 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/06/13 21:16:43.0595 0552 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/06/13 21:16:43.0660 0552 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/06/13 21:16:43.0736 0552 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/06/13 21:16:43.0784 0552 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/06/13 21:16:43.0838 0552 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/06/13 21:16:43.0961 0552 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/06/13 21:16:43.0998 0552 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/06/13 21:16:44.0105 0552 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys 2011/06/13 21:16:44.0194 0552 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys 2011/06/13 21:16:44.0273 0552 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys 2011/06/13 21:16:44.0368 0552 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys 2011/06/13 21:16:44.0407 0552 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys 2011/06/13 21:16:44.0485 0552 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys 2011/06/13 21:16:44.0539 0552 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/13 21:16:44.0577 0552 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/06/13 21:16:44.0664 0552 athr (8d6e8178ab4379c932c34a109d27c5a9) C:\Windows\system32\DRIVERS\athr.sys 2011/06/13 21:16:44.0904 0552 atikmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/06/13 21:16:45.0388 0552 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/06/13 21:16:45.0475 0552 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/06/13 21:16:45.0517 0552 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/06/13 21:16:45.0592 0552 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/06/13 21:16:45.0701 0552 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/13 21:16:45.0734 0552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/06/13 21:16:45.0760 0552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/06/13 21:16:45.0813 0552 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/06/13 21:16:45.0844 0552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/06/13 21:16:45.0875 0552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/06/13 21:16:45.0908 0552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/06/13 21:16:45.0930 0552 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/06/13 21:16:46.0150 0552 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/13 21:16:46.0241 0552 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/13 21:16:46.0306 0552 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/06/13 21:16:46.0350 0552 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/06/13 21:16:46.0465 0552 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/13 21:16:46.0487 0552 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/06/13 21:16:46.0521 0552 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/06/13 21:16:46.0611 0552 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/13 21:16:46.0699 0552 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/06/13 21:16:46.0866 0552 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/06/13 21:16:47.0099 0552 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/06/13 21:16:47.0177 0552 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/06/13 21:16:47.0222 0552 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/06/13 21:16:47.0296 0552 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/06/13 21:16:47.0433 0552 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/06/13 21:16:47.0527 0552 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 2011/06/13 21:16:47.0577 0552 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/13 21:16:47.0761 0552 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/06/13 21:16:47.0938 0552 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/06/13 21:16:47.0981 0552 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/06/13 21:16:48.0031 0552 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/06/13 21:16:48.0064 0552 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/06/13 21:16:48.0147 0552 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/13 21:16:48.0187 0552 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/06/13 21:16:48.0221 0552 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/06/13 21:16:48.0247 0552 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/13 21:16:48.0298 0552 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/06/13 21:16:48.0343 0552 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/06/13 21:16:48.0378 0552 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/13 21:16:48.0464 0552 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/06/13 21:16:48.0486 0552 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/06/13 21:16:48.0538 0552 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/06/13 21:16:48.0621 0552 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/06/13 21:16:48.0704 0552 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/13 21:16:48.0730 0552 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/06/13 21:16:48.0770 0552 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/06/13 21:16:48.0838 0552 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/06/13 21:16:48.0933 0552 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/13 21:16:48.0988 0552 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/06/13 21:16:49.0059 0552 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/06/13 21:16:49.0099 0552 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/06/13 21:16:49.0121 0552 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/13 21:16:49.0168 0552 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/06/13 21:16:49.0213 0552 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/06/13 21:16:49.0389 0552 IntcAzAudAddService (441a9adce9394e18ff6c23f77c983c04) C:\Windows\system32\drivers\RTKVHDA.sys 2011/06/13 21:16:49.0490 0552 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/06/13 21:16:49.0549 0552 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/13 21:16:49.0586 0552 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/13 21:16:49.0620 0552 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/06/13 21:16:49.0650 0552 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/06/13 21:16:49.0720 0552 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/06/13 21:16:49.0736 0552 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/06/13 21:16:49.0775 0552 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/13 21:16:49.0832 0552 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/13 21:16:49.0879 0552 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/06/13 21:16:49.0913 0552 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/13 21:16:49.0962 0552 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/06/13 21:16:50.0032 0552 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/13 21:16:50.0110 0552 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/06/13 21:16:50.0135 0552 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/06/13 21:16:50.0162 0552 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/06/13 21:16:50.0183 0552 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/06/13 21:16:50.0232 0552 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/06/13 21:16:50.0346 0552 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/06/13 21:16:50.0393 0552 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/06/13 21:16:50.0473 0552 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/06/13 21:16:50.0498 0552 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/06/13 21:16:50.0579 0552 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/13 21:16:50.0648 0552 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/13 21:16:50.0665 0552 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/13 21:16:50.0716 0552 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/06/13 21:16:50.0734 0552 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/06/13 21:16:51.0380 0552 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/13 21:16:51.0427 0552 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/06/13 21:16:51.0514 0552 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/13 21:16:51.0567 0552 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/13 21:16:51.0603 0552 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/13 21:16:51.0626 0552 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/06/13 21:16:51.0656 0552 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/06/13 21:16:51.0704 0552 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/06/13 21:16:51.0732 0552 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/06/13 21:16:51.0757 0552 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/06/13 21:16:51.0836 0552 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/13 21:16:51.0858 0552 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/13 21:16:51.0874 0552 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/06/13 21:16:51.0925 0552 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/06/13 21:16:51.0962 0552 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/13 21:16:51.0996 0552 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/06/13 21:16:52.0026 0552 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/06/13 21:16:52.0065 0552 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/06/13 21:16:52.0295 0552 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/13 21:16:52.0346 0552 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/06/13 21:16:52.0427 0552 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/06/13 21:16:52.0462 0552 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/13 21:16:52.0479 0552 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/13 21:16:52.0518 0552 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/13 21:16:52.0547 0552 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/06/13 21:16:52.0592 0552 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/13 21:16:52.0615 0552 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/13 21:16:52.0700 0552 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/06/13 21:16:52.0722 0552 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/06/13 21:16:52.0749 0552 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/13 21:16:52.0823 0552 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/06/13 21:16:52.0881 0552 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/06/13 21:16:52.0930 0552 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/06/13 21:16:52.0981 0552 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/06/13 21:16:53.0012 0552 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/06/13 21:16:53.0041 0552 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/06/13 21:16:53.0095 0552 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/06/13 21:16:53.0160 0552 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/06/13 21:16:53.0198 0552 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/06/13 21:16:53.0233 0552 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/06/13 21:16:53.0269 0552 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/06/13 21:16:53.0288 0552 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/06/13 21:16:53.0341 0552 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/06/13 21:16:53.0388 0552 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/06/13 21:16:53.0603 0552 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/13 21:16:53.0626 0552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/06/13 21:16:53.0710 0552 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/13 21:16:53.0766 0552 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/06/13 21:16:53.0868 0552 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/06/13 21:16:53.0909 0552 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/13 21:16:53.0931 0552 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/13 21:16:53.0987 0552 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/06/13 21:16:54.0037 0552 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/13 21:16:54.0087 0552 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/13 21:16:54.0163 0552 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/13 21:16:54.0197 0552 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/13 21:16:54.0243 0552 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/06/13 21:16:54.0280 0552 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/13 21:16:54.0320 0552 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/06/13 21:16:54.0398 0552 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/13 21:16:54.0438 0552 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/06/13 21:16:54.0471 0552 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/06/13 21:16:54.0544 0552 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/06/13 21:16:54.0661 0552 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/13 21:16:54.0754 0552 RSUSBSTOR (f1ed9ffa59c369e72bc53a7631346f61) C:\Windows\system32\Drivers\RtsUStor.sys 2011/06/13 21:16:54.0835 0552 RTHDMIAzAudService (2fdc33b63f80fbfe95203c2186af0ce8) C:\Windows\system32\drivers\RtHDMIV.sys 2011/06/13 21:16:54.0876 0552 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/06/13 21:16:54.0917 0552 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/06/13 21:16:54.0966 0552 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/06/13 21:16:55.0059 0552 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys 2011/06/13 21:16:55.0097 0552 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/06/13 21:16:55.0200 0552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/13 21:16:55.0289 0552 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/06/13 21:16:55.0313 0552 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/06/13 21:16:55.0346 0552 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/06/13 21:16:55.0423 0552 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/06/13 21:16:55.0460 0552 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/06/13 21:16:55.0489 0552 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/06/13 21:16:55.0522 0552 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/06/13 21:16:55.0606 0552 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/06/13 21:16:55.0648 0552 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/06/13 21:16:55.0671 0552 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/06/13 21:16:55.0731 0552 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/06/13 21:16:55.0810 0552 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/06/13 21:16:55.0953 0552 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/06/13 21:16:56.0026 0552 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys 2011/06/13 21:16:56.0102 0552 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/13 21:16:56.0169 0552 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/13 21:16:56.0279 0552 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/06/13 21:16:56.0364 0552 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/06/13 21:16:56.0405 0552 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/06/13 21:16:56.0431 0552 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/13 21:16:56.0556 0552 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/06/13 21:16:56.0679 0552 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/13 21:16:56.0720 0552 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/13 21:16:56.0760 0552 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/06/13 21:16:56.0784 0552 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/06/13 21:16:56.0808 0552 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/13 21:16:56.0846 0552 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/13 21:16:56.0922 0552 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/13 21:16:57.0088 0552 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 2011/06/13 21:16:57.0160 0552 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/13 21:16:57.0187 0552 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/06/13 21:16:57.0229 0552 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/13 21:16:57.0331 0552 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/06/13 21:16:57.0418 0552 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/13 21:16:57.0470 0552 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/06/13 21:16:57.0587 0552 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/06/13 21:16:57.0619 0552 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/13 21:16:57.0723 0552 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/06/13 21:16:57.0772 0552 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/13 21:16:57.0850 0552 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/13 21:16:57.0894 0552 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/13 21:16:57.0911 0552 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/13 21:16:57.0944 0552 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/13 21:16:57.0971 0552 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/13 21:16:58.0058 0552 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys 2011/06/13 21:16:58.0162 0552 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/06/13 21:16:58.0196 0552 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/13 21:16:58.0230 0552 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/06/13 21:16:58.0260 0552 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/06/13 21:16:58.0303 0552 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/06/13 21:16:58.0336 0552 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/06/13 21:16:58.0357 0552 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/06/13 21:16:58.0411 0552 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/06/13 21:16:58.0447 0552 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/06/13 21:16:58.0479 0552 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/06/13 21:16:58.0521 0552 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/06/13 21:16:58.0549 0552 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/06/13 21:16:58.0598 0552 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/06/13 21:16:58.0639 0552 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/06/13 21:16:58.0720 0552 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/06/13 21:16:58.0761 0552 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/06/13 21:16:58.0782 0552 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/13 21:16:58.0800 0552 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/13 21:16:58.0899 0552 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/06/13 21:16:58.0948 0552 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/13 21:16:59.0057 0552 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/06/13 21:16:59.0080 0552 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/06/13 21:16:59.0200 0552 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/13 21:16:59.0303 0552 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/13 21:16:59.0372 0552 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/06/13 21:16:59.0448 0552 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/13 21:16:59.0608 0552 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys 2011/06/13 21:16:59.0648 0552 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0 2011/06/13 21:16:59.0659 0552 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/13 21:16:59.0670 0552 ================================================================================ 2011/06/13 21:16:59.0670 0552 Scan finished 2011/06/13 21:16:59.0670 0552 ================================================================================ 2011/06/13 21:16:59.0708 1976 Detected object count: 1 2011/06/13 21:16:59.0708 1976 Actual detected object count: 1 2011/06/13 21:17:09.0046 1976 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/13 21:17:09.0046 1976 \Device\Harddisk0\DR0 - ok 2011/06/13 21:17:09.0047 1976 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/13 21:17:28.0931 1724 Deinitialize success Bij deze! Nu ga ik de computer rebooten ivm de rootkit die is gevonden en gecured wordt na herstart.
  • Prima, probeer dan of het mogelijk is weer gewoon op te starten.
  • Ehm, ik wil niet te vroeg juichen maar ik ben nu in normale modus en hij doet het nu al een tijdje zonder enige probleem! Kan het de rootkit zijn geweest? Is dit een herkenbaar iets van een rootkit? Mocht het nu gefixed zijn, wil ik je echt hartelijk bedanken voor de moeite die je er in hebt gestoken!!!!
  • Die rootkit kan in combinatie met .......... voor een hoop narigheid zorgen inderdaad! Bovenal zijn rootkits ook in staat andere malware voor antivirus en normale scans onzichtbaar te maken! Start MBAM middels rechtsklik met adminrechten weer op, eerst de tab update aandoen om te controleren op nieuwe database. Dan een snelle scan doen en de inhoud van het log in je volgende bericht posten. Heb je via msconfig het vinkje voor veilige modus al weer weggehaald?
  • Hallo Abraham, Nu werkte alles een tijdje prima, totdat AVAST weer aangaf een rootkit en malware te hebben ontdekt. In dos heeft ie langer dan een uur gescanned en rootkits en trojans verwijderd. Na dit gedaan te hebben wilde ik de scan met MalwareBytes nogmaals doen zoals je zei..Toen gaf ie weer, zowel Avast als MalwareBytes een rootkit, malware en spyware aan, net alsof het steeds terugkomt. We zijn wel een stuk verder dan eerst, ik kan weer in normale modus (al doe ik dat nu niet) maar nu zit ik met die dingen te kijken..Wat nu? Zoals je vroeg, nog een log van MalwareBytes: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6854 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 14-6-2011 18:34:55 mbam-log-2011-06-14 (18-34-55).txt Scantype: Snelle scan Objecten gescand: 158187 Verstreken tijd: 5 minuut/minuten, 43 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KB984437.exe (Spyware.Passwords.XGen) -> Value: KB984437.exe -> Delete on reboot. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\System32\config\systemprofile\AppData\Roaming\KB984437.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\temp\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\temp\uswc\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
  • Hallo, Ik ben een beetje ten einde raad! Sinds gisteren, krijg ik op het moment dat ik de computer opstart en Windows binnen kom, een blauw scherm met de code: 0x000000e4. Nu heb ik Avast, zowel als Malwarebytes laten lopen en die had het een en ander opgepikt maar het heeft niets geholpen. Net voordat mijn laptop crashte, vroeg m'n computer om toestemming om bepaalde bestanden op te starten. Exe bestanden met wat letters door elkaar. zdvlkndvl.exe bijvoorbeeld. Ik weet niet meer wat voor iets er stond, het waren er een paar en ik kon ze niet, dus drukte op nee. Dit gebeurde vlak nadat ik naar een (schijnbaar geïnfecteerde webpagina ging vanuit een plaatje van Google. Vanaf toen gebeurt dit. Help aub! Ik ben ten einde raad! Ik heb gelezen dat dit niet persé een virus hoeft te zijn, dus ik hoop van niet!! Mvg, William

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.