Vraag & Antwoord

Beveiliging & privacy

virus conshost.exe in windows\temp directory

Anoniem
None
5 antwoorden
  • Hoi Giel - het gebruik van ComboFix op eigen houtje wordt ten strengste afgeraden - daarvoor is het een te krachtig tool.

    [b:62a6262dbd]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:62a6262dbd]
    Anoniem
    Anoniem
  • Wil het lukken?
    Anoniem
    Anoniem
  • Dag Abraham,

    Bedankt voor je zeer snelle response en sorry voor mijn late reactie. Ik had al gelezen dat ComboFix erg krachtig is, maar had even geen keus om het snel te proberen (werk-pc, etc… etc…)

    TDSSKiller wilde niet goed draaien, ik kreeg de hele tijd blue screens. Dus uiteindelijk maar weer geformateerd en direct het virus erop. Gelukkig wel TDSSKiller kunnen draaien en die heeft de Rootkit.Win32.TDSS verwijderd.

    LOG TDSkiller:

    2011/09/05 23:45:24.0365 4016 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
    2011/09/05 23:45:26.0377 4016 ================================================================================
    2011/09/05 23:45:26.0377 4016 SystemInfo:
    2011/09/05 23:45:26.0377 4016
    2011/09/05 23:45:26.0377 4016 OS Version: 6.1.7600 ServicePack: 0.0
    2011/09/05 23:45:26.0377 4016 Product type: Workstation
    2011/09/05 23:45:26.0377 4016 ComputerName: VUREWAR-PC
    2011/09/05 23:45:26.0377 4016 UserName: vurewar
    2011/09/05 23:45:26.0377 4016 Windows directory: C:\Windows
    2011/09/05 23:45:26.0377 4016 System windows directory: C:\Windows
    2011/09/05 23:45:26.0377 4016 Running under WOW64
    2011/09/05 23:45:26.0377 4016 Processor architecture: Intel x64
    2011/09/05 23:45:26.0377 4016 Number of processors: 4
    2011/09/05 23:45:26.0377 4016 Page size: 0x1000
    2011/09/05 23:45:26.0377 4016 Boot type: Normal boot
    2011/09/05 23:45:26.0377 4016 ================================================================================
    2011/09/05 23:45:26.0845 4016 Initialize success
    2011/09/05 23:45:30.0714 7376 ================================================================================
    2011/09/05 23:45:30.0714 7376 Scan started
    2011/09/05 23:45:30.0714 7376 Mode: Manual;
    2011/09/05 23:45:30.0714 7376 ================================================================================
    2011/09/05 23:45:36.0299 7376 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/09/05 23:45:36.0845 7376 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/09/05 23:45:37.0437 7376 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/09/05 23:45:38.0030 7376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/05 23:45:38.0623 7376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/05 23:45:39.0263 7376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/05 23:45:39.0949 7376 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/09/05 23:45:40.0589 7376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/09/05 23:45:41.0337 7376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/09/05 23:45:41.0837 7376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/09/05 23:45:42.0476 7376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/05 23:45:42.0975 7376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/05 23:45:44.0379 7376 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/09/05 23:45:45.0534 7376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/05 23:45:46.0383 7376 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/09/05 23:45:47.0412 7376 ApfiltrService (7380b9072ebc65a54da3074e14bf34b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/09/05 23:45:48.0301 7376 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/09/05 23:45:48.0957 7376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/05 23:45:50.0595 7376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/05 23:45:51.0889 7376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/05 23:45:52.0810 7376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/09/05 23:45:53.0746 7376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/05 23:45:54.0760 7376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/05 23:45:55.0836 7376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/05 23:45:57.0069 7376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/05 23:45:58.0363 7376 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/05 23:45:59.0596 7376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/05 23:46:00.0625 7376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/05 23:46:01.0905 7376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/05 23:46:02.0700 7376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/05 23:46:03.0667 7376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/05 23:46:04.0401 7376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/05 23:46:05.0727 7376 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/09/05 23:46:06.0507 7376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/05 23:46:07.0271 7376 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/05 23:46:08.0332 7376 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
    2011/09/05 23:46:09.0330 7376 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/09/05 23:46:10.0110 7376 btmaux (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys
    2011/09/05 23:46:11.0155 7376 btmhsf (ec1220b647f0d995da5cad4153454779) C:\Windows\system32\DRIVERS\btmhsf.sys
    2011/09/05 23:46:12.0544 7376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/05 23:46:13.0854 7376 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/05 23:46:15.0165 7376 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
    2011/09/05 23:46:16.0537 7376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/05 23:46:18.0316 7376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/05 23:46:19.0501 7376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/05 23:46:20.0609 7376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/09/05 23:46:21.0826 7376 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/09/05 23:46:22.0802 7376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/05 23:46:23.0851 7376 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/09/05 23:46:24.0689 7376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/05 23:46:25.0691 7376 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    2011/09/05 23:46:26.0605 7376 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/05 23:46:27.0587 7376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/05 23:46:28.0570 7376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/05 23:46:29.0756 7376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/05 23:46:30.0832 7376 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/05 23:46:32.0907 7376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/05 23:46:34.0467 7376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/05 23:46:35.0200 7376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/09/05 23:46:36.0121 7376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/05 23:46:36.0947 7376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/05 23:46:37.0883 7376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/05 23:46:39.0537 7376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/05 23:46:40.0411 7376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/05 23:46:42.0298 7376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/05 23:46:43.0328 7376 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/05 23:46:43.0999 7376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/05 23:46:44.0607 7376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/05 23:46:45.0137 7376 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/05 23:46:45.0683 7376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/05 23:46:46.0541 7376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/05 23:46:47.0275 7376 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/05 23:46:47.0821 7376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/05 23:46:48.0491 7376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/05 23:46:49.0318 7376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/05 23:46:49.0942 7376 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/05 23:46:50.0878 7376 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/09/05 23:46:52.0360 7376 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/09/05 23:46:53.0593 7376 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/05 23:46:54.0451 7376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/05 23:46:55.0668 7376 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/05 23:46:56.0853 7376 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/09/05 23:46:57.0742 7376 iBtFltCoex (e44f0b4dc753c14930b8dc48bb7a1644) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
    2011/09/05 23:46:58.0959 7376 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/05 23:47:00.0550 7376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/05 23:47:02.0079 7376 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    2011/09/05 23:47:03.0624 7376 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/05 23:47:04.0170 7376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/09/05 23:47:04.0762 7376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/05 23:47:05.0558 7376 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/05 23:47:06.0229 7376 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/09/05 23:47:07.0227 7376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/05 23:47:07.0773 7376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/05 23:47:08.0335 7376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/09/05 23:47:09.0380 7376 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/09/05 23:47:10.0363 7376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/05 23:47:11.0439 7376 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/05 23:47:12.0297 7376 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/05 23:47:13.0155 7376 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/05 23:47:14.0169 7376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/05 23:47:14.0996 7376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/05 23:47:15.0854 7376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/05 23:47:16.0306 7376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/05 23:47:16.0837 7376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/05 23:47:17.0679 7376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/05 23:47:18.0147 7376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/05 23:47:18.0662 7376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/05 23:47:19.0364 7376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/05 23:47:19.0848 7376 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/09/05 23:47:20.0581 7376 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
    2011/09/05 23:47:21.0423 7376 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
    2011/09/05 23:47:23.0108 7376 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
    2011/09/05 23:47:24.0216 7376 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
    2011/09/05 23:47:26.0312 7376 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/09/05 23:47:27.0607 7376 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
    2011/09/05 23:47:28.0699 7376 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
    2011/09/05 23:47:29.0526 7376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/05 23:47:30.0010 7376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/05 23:47:30.0462 7376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/05 23:47:30.0930 7376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/05 23:47:31.0616 7376 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/05 23:47:32.0412 7376 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/09/05 23:47:32.0911 7376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/05 23:47:33.0629 7376 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/05 23:47:34.0066 7376 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/05 23:47:34.0736 7376 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/05 23:47:35.0423 7376 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/05 23:47:35.0891 7376 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
    2011/09/05 23:47:36.0406 7376 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/09/05 23:47:36.0858 7376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/05 23:47:37.0482 7376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/05 23:47:37.0966 7376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/09/05 23:47:38.0605 7376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/05 23:47:39.0526 7376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/05 23:47:40.0134 7376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/05 23:47:40.0774 7376 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/05 23:47:41.0959 7376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/05 23:47:42.0443 7376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/05 23:47:42.0880 7376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/05 23:47:43.0738 7376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/05 23:47:45.0360 7376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/05 23:47:46.0452 7376 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
    2011/09/05 23:47:48.0293 7376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/05 23:47:49.0416 7376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/05 23:47:50.0477 7376 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/05 23:47:50.0882 7376 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/05 23:47:50.0914 7376 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/05 23:47:51.0553 7376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/05 23:47:52.0162 7376 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/05 23:47:52.0801 7376 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    2011/09/05 23:47:53.0753 7376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/05 23:47:54.0205 7376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/05 23:47:54.0892 7376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/05 23:47:55.0703 7376 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/05 23:47:56.0436 7376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/05 23:47:57.0278 7376 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
    2011/09/05 23:47:58.0043 7376 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    2011/09/05 23:48:00.0523 7376 nvlddmkm (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/09/05 23:48:01.0350 7376 nvpciflt (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
    2011/09/05 23:48:01.0865 7376 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/09/05 23:48:02.0426 7376 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/09/05 23:48:03.0347 7376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/09/05 23:48:03.0784 7376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/09/05 23:48:04.0220 7376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/05 23:48:04.0657 7376 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/09/05 23:48:05.0359 7376 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/09/05 23:48:05.0812 7376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/09/05 23:48:06.0670 7376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/05 23:48:07.0262 7376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/05 23:48:07.0933 7376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/05 23:48:08.0776 7376 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/05 23:48:09.0899 7376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/05 23:48:10.0507 7376 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/05 23:48:11.0443 7376 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/05 23:48:12.0067 7376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/05 23:48:12.0598 7376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/05 23:48:13.0050 7376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/05 23:48:14.0376 7376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/05 23:48:16.0637 7376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/05 23:48:18.0134 7376 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/05 23:48:18.0696 7376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/05 23:48:19.0164 7376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/05 23:48:19.0710 7376 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/05 23:48:20.0147 7376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/05 23:48:20.0584 7376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/05 23:48:21.0457 7376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/05 23:48:21.0878 7376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/05 23:48:22.0393 7376 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/05 23:48:22.0877 7376 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/05 23:48:23.0345 7376 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/05 23:48:23.0828 7376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/05 23:48:24.0624 7376 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/09/05 23:48:25.0966 7376 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/05 23:48:26.0964 7376 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/09/05 23:48:27.0962 7376 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/05 23:48:28.0883 7376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/05 23:48:29.0772 7376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/05 23:48:30.0521 7376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/05 23:48:31.0394 7376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/05 23:48:32.0159 7376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/09/05 23:48:32.0876 7376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/09/05 23:48:33.0890 7376 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/09/05 23:48:34.0546 7376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/05 23:48:36.0340 7376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/05 23:48:36.0839 7376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/05 23:48:38.0508 7376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/05 23:48:39.0288 7376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/05 23:48:39.0834 7376 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/05 23:48:40.0630 7376 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/05 23:48:41.0784 7376 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/05 23:48:42.0814 7376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/05 23:48:43.0765 7376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/05 23:48:44.0530 7376 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/09/05 23:48:45.0544 7376 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/05 23:48:46.0105 7376 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/05 23:48:46.0542 7376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/05 23:48:47.0774 7376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/05 23:48:48.0227 7376 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/05 23:48:48.0882 7376 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/05 23:48:50.0068 7376 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/05 23:48:50.0739 7376 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/05 23:48:51.0425 7376 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    2011/09/05 23:48:52.0189 7376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/05 23:48:53.0859 7376 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/05 23:48:54.0405 7376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/09/05 23:48:54.0826 7376 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/05 23:48:55.0621 7376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/05 23:48:56.0058 7376 usbccgp (945bfba692c0f3cdf5a9d824972188f6) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/05 23:48:56.0542 7376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/09/05 23:48:56.0994 7376 usbehci (b6942800840c9466223aefd4d9a74fbf) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/05 23:48:57.0603 7376 usbhub (85bc7b6ee233b4e979e024a3cd15cd49) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/05 23:48:58.0024 7376 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/09/05 23:48:58.0461 7376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/05 23:48:58.0897 7376 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/05 23:48:59.0865 7376 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/05 23:49:00.0567 7376 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    2011/09/05 23:49:02.0563 7376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/09/05 23:49:03.0921 7376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/05 23:49:05.0091 7376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/05 23:49:05.0559 7376 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/09/05 23:49:05.0980 7376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/09/05 23:49:06.0526 7376 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/09/05 23:49:07.0509 7376 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/05 23:49:07.0945 7376 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/09/05 23:49:08.0538 7376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/05 23:49:09.0505 7376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/05 23:49:10.0083 7376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/05 23:49:11.0611 7376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/05 23:49:12.0282 7376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/05 23:49:12.0735 7376 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/05 23:49:12.0750 7376 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/05 23:49:14.0326 7376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/05 23:49:14.0887 7376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/05 23:49:16.0104 7376 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
    2011/09/05 23:49:16.0635 7376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/05 23:49:17.0961 7376 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/09/05 23:49:18.0819 7376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/05 23:49:19.0489 7376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/09/05 23:49:19.0942 7376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/05 23:49:20.0379 7376 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/05 23:49:20.0488 7376 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
    2011/09/05 23:49:20.0488 7376 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/09/05 23:49:20.0519 7376 Boot (0x1200) (51d3153e11bab844d2c883ee971944f1) \Device\Harddisk0\DR0\Partition0
    2011/09/05 23:49:20.0535 7376 Boot (0x1200) (acfa02ae2567889fe05dbbd93b74e173) \Device\Harddisk0\DR0\Partition1
    2011/09/05 23:49:20.0535 7376 ================================================================================
    2011/09/05 23:49:20.0535 7376 Scan finished
    2011/09/05 23:49:20.0535 7376 ================================================================================
    2011/09/05 23:49:20.0550 5632 Detected object count: 1
    2011/09/05 23:49:20.0550 5632 Actual detected object count: 1
    2011/09/05 23:49:38.0599 5632 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/09/05 23:49:38.0599 5632 \Device\Harddisk0\DR0 - ok
    2011/09/05 23:49:38.0599 5632 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/09/05 23:49:44.0683 5568 Deinitialize success


    Log Del.bat

    Deleting files
    C:\WINDOWS\TEMP\conhost.exe not found


    Dus het ziet er naar uit dat het nu eindelijk is verwijderd! Wat mij betreft het meest hardnekkige virus dat ik ooit ben tegengekomen.

    Ontzettend bedankt voor de hulp!
    Anoniem
    Anoniem
  • Hallo,

    Ik heb sinds een paar dagen last van een erg irritant virus. Dit plaatst conhost.exe in mijn c:\windows\temp directory en ik kan het niet wegkrijgen. Microsoft Essentials, McAffee en MalwareBytes kunnen er niks mee, behalve ervoor zorgen dat het virus niks download.

    Ik heb combofix gedraaid en dat heeft blijkbaar wel iets gedaan. Het bestand was verwijderd, maar kwam direct terug. MalwareBytes blokkeerde deze en ik kon conhost.exe dit keer wel handmatig verwijderen.

    Kan er nog iemand naar mijn combofix log kijken om te kijken of ik nog andere stappen moet ondernemen?

    ComboFix 11-08-31.02 - vurewar 31-08-2011 12:59:49.2.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.6058.5247 [GMT 2:00]
    Gestart vanuit: c:\users\vurewar\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\SysWow64\comct332.ocx
    c:\windows\SysWow64\mfc100deu.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-31 ))))))))))))))))))))))))))))))
    .
    .
    2011-08-31 11:06 . 2011-08-31 11:06 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-08-31 11:06 . 2011-08-31 11:06 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-08-31 10:35 . 2011-08-31 10:35 ——– d—–w- C:\7746c33782c31361492fbefadda4da10
    2011-08-31 10:19 . 2010-11-30 09:43 601424 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-08-31 10:19 . 2010-11-30 09:43 601424 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B824DAE3-C3EC-476A-B4BB-ABDF4236F595}\gapaengine.dll
    2011-08-31 10:18 . 2011-08-16 06:48 8862544 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{665D1ED7-2A57-47CD-A39B-ABE093C5428E}\mpengine.dll
    2011-08-31 10:18 . 2011-08-31 10:18 ——– d—–w- C:\61cea56f92ad91b2c1ae
    2011-08-30 11:29 . 2011-08-31 17:10 ——– d—–w- C:\94400e73f4b118867357cc09e7
    2011-08-30 11:12 . 2011-08-30 11:12 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2011-08-30 10:57 . 2011-08-30 10:57 ——– d—–w- C:\Office 2010 Developer Resources
    2011-08-29 12:55 . 2011-08-29 12:55 ——– d—–r- C:\MSOCache
    2011-08-29 11:12 . 2011-08-29 11:12 ——– d—–w- c:\programdata\VirtualizedApplications
    2011-08-29 11:10 . 2011-08-29 11:10 ——– d—–w- c:\program files (x86)\MSECache
    2011-08-29 11:01 . 2011-08-29 11:01 ——– d—–w- c:\programdata\Virtualized Applications
    2011-08-29 10:09 . 2010-04-03 09:51 47968 —-a-w- c:\windows\SysWow64\perf-ReportServer-rsctr.dll
    2011-08-29 10:09 . 2010-04-03 08:57 77664 —-a-w- c:\windows\system32\perf-ReportServer-rsctr.dll
    2011-08-29 10:09 . 2010-04-03 09:51 47456 —-a-w- c:\windows\SysWow64\perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll
    2011-08-29 10:09 . 2010-04-03 08:57 77152 —-a-w- c:\windows\system32\perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll
    2011-08-29 10:08 . 2010-04-03 09:51 73568 —-a-w- c:\windows\SysWow64\perf-MSSQLSERVER-sqlctr10.50.1600.1.dll
    2011-08-29 10:08 . 2010-04-03 08:57 79200 —-a-w- c:\windows\system32\perf-MSSQLSERVER-sqlctr10.50.1600.1.dll
    2011-08-29 09:58 . 2011-08-31 17:05 ——– d—a-w- C:\projects
    2011-08-29 09:57 . 2011-08-29 09:57 ——– d—–w- c:\program files\Microsoft Analysis Services
    2011-08-29 09:57 . 2011-08-29 09:57 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
    2011-08-29 09:55 . 2011-08-29 09:55 ——– d—–w- c:\program files\Microsoft.NET
    2011-08-29 09:48 . 2011-08-31 17:10 ——– d—–w- c:\programdata\Microsoft Help
    2011-08-29 08:52 . 2011-08-29 09:33 ——– d—–w- C:\SQL2008R2
    2011-08-29 08:26 . 2010-10-19 20:51 270720 —-a-w- c:\windows\system32\MpSigStub.exe
    2011-08-29 08:21 . 2011-08-31 17:10 ——– d—–w- c:\program files (x86)\Microsoft Application Virtualization Client
    2011-08-29 08:16 . 2011-08-29 08:16 ——– d—–w- c:\program files (x86)\Microsoft Security Client
    2011-08-29 08:16 . 2011-08-29 08:16 ——– d—–w- c:\program files\Microsoft Security Client
    2011-08-29 08:16 . 2010-04-09 11:06 374664 —-a-w- c:\windows\system32\drivers\netio.sys
    2011-08-29 08:07 . 2009-07-22 08:17 78872 —-a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2011-08-29 08:07 . 2009-07-22 08:17 50200 —-a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2011-08-29 08:07 . 2009-07-22 08:17 79896 —-a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2011-08-29 08:07 . 2009-07-22 08:17 111640 —-a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2011-08-29 08:06 . 2011-08-29 08:06 ——– d—–w- c:\windows\system32\RsFx
    2011-08-29 08:00 . 2011-08-31 10:41 ——– d—–w- c:\program files\Microsoft SQL Server
    2011-08-29 08:00 . 2011-08-31 10:41 ——– d—–w- c:\program files (x86)\Microsoft SQL Server
    2011-08-29 07:59 . 2011-08-29 07:59 ——– d—–w- c:\program files\Microsoft Sync Framework
    2011-08-29 07:59 . 2011-08-29 07:59 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2011-08-29 07:59 . 2011-08-29 07:59 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2011-08-29 07:59 . 2011-08-29 07:59 ——– d—–w- c:\program files (x86)\Microsoft Synchronization Services
    2011-08-29 07:58 . 2011-08-29 07:58 ——– d—–w- c:\programdata\PreEmptive Solutions
    2011-08-29 07:53 . 2011-08-29 07:53 ——– d—–w- c:\program files (x86)\Microsoft ASP.NET
    2011-08-29 07:53 . 2011-08-29 07:53 ——– d—–w- c:\program files\IIS
    2011-08-29 07:53 . 2011-08-29 07:53 ——– d—–w- c:\program files (x86)\IIS
    2011-08-29 07:52 . 2011-08-29 08:13 2478272 —-a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-08-29 07:45 . 2011-08-29 07:45 ——– d—–w- c:\programdata\Microsoft Visual Studio
    2011-08-29 07:44 . 2011-08-31 17:10 ——– d—–w- c:\windows\SysWow64\1033
    2011-08-29 07:43 . 2011-08-29 07:58 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 10.0
    2011-08-29 07:43 . 2011-08-29 07:48 ——– d—–w- c:\program files (x86)\Microsoft F#
    2011-08-29 07:43 . 2011-08-29 07:48 ——– d—–w- c:\program files (x86)\Common Files\Merge Modules
    2011-08-29 07:43 . 2011-08-29 07:45 ——– d—–w- c:\program files (x86)\HTML Help Workshop
    2011-08-29 07:40 . 2011-08-29 09:51 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 9.0
    2011-08-29 07:40 . 2011-08-29 09:47 ——– d—–w- c:\windows\system32\1033
    2011-08-29 07:40 . 2011-08-29 07:40 ——– d—–w- c:\windows\symbols
    2011-08-29 07:40 . 2011-08-29 08:00 ——– d—–w- c:\program files\Microsoft Visual Studio 10.0
    2011-08-29 07:40 . 2011-08-29 08:00 ——– d—–w- c:\program files (x86)\Microsoft SDKs
    2011-08-29 07:40 . 2011-08-29 07:40 ——– d—–w- c:\program files\Microsoft Help Viewer
    2011-08-29 07:30 . 2011-08-29 09:55 ——– d—–w- c:\program files (x86)\Microsoft.NET
    2011-08-29 07:28 . 2009-11-25 10:47 99176 —-a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2011-08-29 07:28 . 2009-11-25 10:47 49472 —-a-w- c:\windows\SysWow64\netfxperf.dll
    2011-08-29 07:28 . 2009-11-25 10:47 48960 —-a-w- c:\windows\system32\netfxperf.dll
    2011-08-29 07:28 . 2009-11-25 10:47 297808 —-a-w- c:\windows\SysWow64\mscoree.dll
    2011-08-29 07:28 . 2009-11-25 10:47 295264 —-a-w- c:\windows\SysWow64\PresentationHost.exe
    2011-08-29 07:28 . 2009-11-25 10:47 1130824 —-a-w- c:\windows\SysWow64\dfshim.dll
    2011-08-29 07:28 . 2009-11-25 10:47 109912 —-a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-08-29 07:28 . 2009-11-25 10:47 444752 —-a-w- c:\windows\system32\mscoree.dll
    2011-08-29 07:28 . 2009-11-25 10:47 320352 —-a-w- c:\windows\system32\PresentationHost.exe
    2011-08-29 07:28 . 2009-11-25 10:47 1942856 —-a-w- c:\windows\system32\dfshim.dll
    2011-08-29 07:23 . 2011-08-29 07:31 ——– d—–w- c:\program files (x86)\DevExpress 2011.1
    2011-08-29 07:21 . 2011-08-29 07:21 ——– d—–w- c:\program files\TortoiseSVN
    2011-08-29 07:21 . 2011-08-29 07:21 ——– d—–w- c:\program files\Common Files\TortoiseOverlays
    2011-08-29 06:29 . 2011-08-29 06:29 ——– d—–w- c:\programdata\Malwarebytes
    2011-08-29 06:29 . 2011-07-06 17:52 41272 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-29 06:29 . 2011-08-29 06:29 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-29 06:29 . 2011-07-06 17:52 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 03:47 . 2011-08-31 10:13 ——– d—–w- c:\users\vurewar
    2011-08-26 22:39 . 2011-08-26 22:39 ——– d—–w- C:\Emergency
    2011-08-26 22:14 . 2011-08-26 22:39 ——– d—–w- c:\windows\SMINST
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-27 03:48 . 2010-06-24 16:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
    "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
    "DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
    "STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-11 120032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2010-04-03 210784]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-30 1997416]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-04-03 2175328]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    .
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 06:55 99080 —-a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-11-29 312936]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-12-10 4775176]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\vurewar\AppData\Roaming\Mozilla\Firefox\Profiles\14cw4ib4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-08-31 13:10:35
    ComboFix-quarantined-files.txt 2011-08-31 11:10
    .
    Pre-Run: 549.317.632.000 bytes free
    Post-Run: 548.854.558.720 bytes free
    .
    - - End Of File - - DBFB238ED4FCB3202F19A097C41B82D4


    Alvast ontzettend bedankt!
    Anoniem
    Anoniem
  • Hoi Giel, denk nou niet dat jouw Windows inmiddels weer veilig is.
    Want: wat is de oorzaak dat jij die MBR-rootkit kreeg.

    Bovendien dus een werk PC met daarin twee antivirusprogramma's:

    [b:721e5b7fca]McAfee en
    Microsoft sedurity ewssentials[/b:721e5b7fca]

    Dat is er één te veel dus.



    Ik wil dan ook dat jij nu TDSSKiller nogmaals opstart en het log daarvan post.

    Verder ook het volgende doen:

    Download [b:721e5b7fca]zoek.exe[/b:721e5b7fca]
    Plaats hem op je bureaublad en dubbelklik hem om te starten.
    Typ [b:721e5b7fca]A[/b:721e5b7fca] gevolgd door [b:721e5b7fca]Enter[/b:721e5b7fca] om de "Standard search" te starten.
    Wacht geduldig tot het CMD-venster sluit en een kladblokvenster opent.
    Selecteer de volledige inhoud van het log en kopieer dit in je volgende bericht.
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!