Archief - Mebroot trojan

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
B

Bauhaus

Legacy Member
Mijn PC werkt dus traag en CPU staat na een tijd continu op 100%.

1) Gescant met Superantispyware & Malware bytes antispyware: verschillende trojans aangetroffen en verwijdert, toch probleem was niet over.

2) NOD32 detecteert Mebroot trojan maar kan het echter niet verwijderen.

3) Hijack log, lijkt geen specifieke problemen te tonen:
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskmgr.exe
N:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)
O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo Software - C:\Program Files\Braid Art Labs\GroBoto\bin\wodUpdSv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

4) MBRCheck detecteert problemen:
465 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 610C151EA6600B4828D09565D95688B3829C12B2
38 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 610C151EA6600B4828D09565D95688B3829C12B2
931 GB \\.\PhysicalDrive8 RE: Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive7 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.

Proberen te repareren met MBRCheck, drive 0 & 1 echter nog steeds geinfecteerd na restart PC.

5) Combofix: werkt niet, krijg blauw scherm met boodschap "Dumping physical memory to disk" en PC start herop.
J

Juisterr

Legacy Member
Nee denk van niet, waarom heb je VundoFix Service op je pc ?

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
B

Bauhaus

Legacy Member
Juisterr zei:
ComboFix
Klik om te vergroten...
Combofix: werkt niet, krijg blauw scherm met boodschap "Dumping physical memory to disk" en PC start herop.
(Zowel in normale modus als veilige modus)

'k Heb de infectie nu kunnen verwijderen met bootrec.exe /fixmbr.
Helaas krijg ik nu telkens een blauw scherm wanneer ik windows opstart (niet in veilige modus).
De code: 0x0000008e (0xc0000005, 0x821f5a69, 0xa401991c, 0x000000000)

0x0000008e zou wijzen op slechte ram, maar de windows memory tool vindt niets.
J

Juisterr

Legacy Member
Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit
  • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

    Klik op de knop "Start Scan" en volg de instructies.
  • Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt.
    De bestandsnaam van dat logje begint met TDSSKiller.
  • Post de inhoud van het logje in je volgende bericht.

Herstart handmatig je pc indien TDSSKiller hier niet om vroeg.

Probeer combofix nu nog eens.
B

Bauhaus

Legacy Member
2011/04/30 21:43:27.0723 1208 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/30 21:43:27.0957 1208 ================================================================================
2011/04/30 21:43:27.0957 1208 SystemInfo:
2011/04/30 21:43:27.0957 1208
2011/04/30 21:43:27.0957 1208 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/30 21:43:27.0957 1208 Product type: Workstation
2011/04/30 21:43:27.0957 1208 ComputerName: PC_VAN_USER
2011/04/30 21:43:27.0957 1208 UserName: User
2011/04/30 21:43:27.0957 1208 Windows directory: C:\Windows
2011/04/30 21:43:27.0957 1208 System windows directory: C:\Windows
2011/04/30 21:43:27.0957 1208 Processor architecture: Intel x86
2011/04/30 21:43:27.0957 1208 Number of processors: 2
2011/04/30 21:43:27.0957 1208 Page size: 0x1000
2011/04/30 21:43:27.0957 1208 Boot type: Safe boot with network
2011/04/30 21:43:27.0957 1208 ================================================================================
2011/04/30 21:43:35.0082 1208 Initialize success
2011/04/30 21:43:38.0692 1188 ================================================================================
2011/04/30 21:43:38.0692 1188 Scan started
2011/04/30 21:43:38.0692 1188 Mode: Manual;
2011/04/30 21:43:38.0692 1188 ================================================================================
2011/04/30 21:43:39.0114 1188 3xHybrid (c23d163aba21124f8d519ac18416542e) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/04/30 21:43:39.0239 1188 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/30 21:43:39.0457 1188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/30 21:43:39.0614 1188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/30 21:43:39.0629 1188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/30 21:43:39.0661 1188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/30 21:43:39.0848 1188 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/30 21:43:39.0926 1188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/30 21:43:40.0004 1188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/30 21:43:40.0036 1188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/30 21:43:40.0192 1188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/30 21:43:40.0254 1188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/30 21:43:40.0364 1188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/30 21:43:40.0395 1188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/30 21:43:40.0567 1188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/30 21:43:40.0629 1188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/30 21:43:40.0770 1188 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/30 21:43:40.0832 1188 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/30 21:43:41.0129 1188 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/30 21:43:41.0270 1188 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/30 21:43:41.0332 1188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/30 21:43:41.0395 1188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/30 21:43:41.0457 1188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/30 21:43:41.0504 1188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/30 21:43:41.0567 1188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/30 21:43:41.0598 1188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/30 21:43:41.0661 1188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/30 21:43:42.0020 1188 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/30 21:43:42.0098 1188 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/30 21:43:42.0192 1188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/30 21:43:42.0223 1188 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/30 21:43:42.0379 1188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/30 21:43:42.0442 1188 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/30 21:43:42.0520 1188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/30 21:43:42.0551 1188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/30 21:43:42.0754 1188 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/30 21:43:42.0957 1188 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/30 21:43:43.0129 1188 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/30 21:43:43.0192 1188 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/30 21:43:43.0348 1188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/30 21:43:43.0411 1188 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/30 21:43:43.0567 1188 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/30 21:43:43.0786 1188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/30 21:43:43.0911 1188 EraserUtilRebootDrv (0ead5db7508e126a2495d6ff64626c92) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/30 21:43:44.0082 1188 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/30 21:43:44.0129 1188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/30 21:43:44.0286 1188 FET5X86V (56498e8b2a4208417c6e0a103a3c16bb) C:\Windows\system32\DRIVERS\fetnd5bv.sys
2011/04/30 21:43:44.0411 1188 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/04/30 21:43:44.0473 1188 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/30 21:43:44.0520 1188 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/30 21:43:44.0598 1188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/30 21:43:44.0723 1188 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/30 21:43:44.0864 1188 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
2011/04/30 21:43:45.0020 1188 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/30 21:43:45.0098 1188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/30 21:43:45.0207 1188 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/30 21:43:45.0239 1188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/30 21:43:45.0301 1188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/30 21:43:45.0364 1188 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/30 21:43:45.0426 1188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/30 21:43:45.0489 1188 HTTP (5637078f2ab4e28f0e308a26089d9c92) C:\Windows\system32\drivers\HTTP.sys
2011/04/30 21:43:45.0551 1188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/30 21:43:45.0645 1188 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/30 21:43:45.0707 1188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/30 21:43:45.0848 1188 IDSvix86 (9e453b17d70fc2dd332510033a3c0499) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071011.001\IDSvix86.sys
2011/04/30 21:43:46.0004 1188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/30 21:43:46.0239 1188 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/30 21:43:46.0442 1188 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/30 21:43:46.0473 1188 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/30 21:43:46.0551 1188 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/30 21:43:46.0629 1188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/30 21:43:46.0676 1188 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/30 21:43:46.0723 1188 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/30 21:43:46.0786 1188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/30 21:43:46.0848 1188 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/30 21:43:46.0957 1188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/30 21:43:47.0036 1188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/30 21:43:47.0082 1188 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/30 21:43:47.0145 1188 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/30 21:43:47.0207 1188 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/30 21:43:47.0395 1188 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/30 21:43:47.0551 1188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/30 21:43:47.0614 1188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/30 21:43:47.0676 1188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/30 21:43:47.0770 1188 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/30 21:43:47.0864 1188 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/04/30 21:43:47.0942 1188 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/04/30 21:43:48.0051 1188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/30 21:43:48.0114 1188 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/30 21:43:48.0176 1188 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/30 21:43:48.0270 1188 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/30 21:43:48.0317 1188 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/30 21:43:48.0348 1188 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/30 21:43:48.0395 1188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/30 21:43:48.0426 1188 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/30 21:43:48.0457 1188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/30 21:43:48.0520 1188 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/30 21:43:48.0567 1188 mrxsmb (f6805dc6823b90393d561bdb163468f6) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/30 21:43:48.0614 1188 mrxsmb10 (3b6200fe9deef1f9bbf576a80082a741) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/30 21:43:48.0661 1188 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/30 21:43:48.0754 1188 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/30 21:43:48.0832 1188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/30 21:43:48.0926 1188 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/30 21:43:49.0051 1188 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/30 21:43:49.0207 1188 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/30 21:43:49.0286 1188 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/30 21:43:49.0332 1188 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/30 21:43:49.0364 1188 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/30 21:43:49.0457 1188 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/30 21:43:49.0567 1188 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/30 21:43:49.0739 1188 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/30 21:43:49.0895 1188 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/30 21:43:49.0989 1188 NAVENG (a6f5ab84104412cd9742e7ee942ea08d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071015.009\NAVENG.SYS
2011/04/30 21:43:50.0051 1188 NAVEX15 (c8069bf95363a58441cb33e4b989dd4f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071015.009\NAVEX15.SYS
2011/04/30 21:43:50.0223 1188 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/30 21:43:50.0332 1188 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/30 21:43:50.0395 1188 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/30 21:43:50.0411 1188 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/30 21:43:50.0489 1188 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/30 21:43:50.0551 1188 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/30 21:43:50.0598 1188 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/30 21:43:50.0770 1188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/30 21:43:50.0942 1188 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/30 21:43:50.0989 1188 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/30 21:43:51.0082 1188 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/30 21:43:51.0254 1188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/30 21:43:51.0317 1188 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/30 21:43:51.0582 1188 nvlddmkm (513098dd7a7f4eea43f9b0bbc1948c80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
B

Bauhaus

Legacy Member
2011/04/30 21:43:51.0895 1188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/30 21:43:51.0957 1188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/30 21:43:52.0036 1188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/30 21:43:52.0207 1188 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/30 21:43:52.0395 1188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/30 21:43:52.0473 1188 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/30 21:43:52.0551 1188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/30 21:43:52.0614 1188 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/30 21:43:52.0661 1188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/30 21:43:52.0707 1188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/30 21:43:52.0786 1188 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/30 21:43:52.0864 1188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/30 21:43:53.0067 1188 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/04/30 21:43:53.0207 1188 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/30 21:43:53.0270 1188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/30 21:43:53.0332 1188 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/30 21:43:53.0395 1188 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/30 21:43:53.0489 1188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/30 21:43:53.0567 1188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/30 21:43:53.0661 1188 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/30 21:43:53.0770 1188 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/30 21:43:53.0832 1188 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/30 21:43:53.0973 1188 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/30 21:43:54.0161 1188 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/30 21:43:54.0301 1188 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/30 21:43:54.0411 1188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/30 21:43:54.0426 1188 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/30 21:43:54.0598 1188 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/30 21:43:54.0770 1188 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/30 21:43:54.0864 1188 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/30 21:43:54.0973 1188 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/04/30 21:43:55.0098 1188 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/04/30 21:43:55.0254 1188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/30 21:43:55.0426 1188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/30 21:43:55.0473 1188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/30 21:43:55.0504 1188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/30 21:43:55.0629 1188 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/30 21:43:55.0770 1188 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/30 21:43:55.0817 1188 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/30 21:43:55.0879 1188 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/30 21:43:55.0911 1188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/30 21:43:55.0989 1188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/30 21:43:56.0051 1188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/30 21:43:56.0082 1188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/30 21:43:56.0145 1188 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/30 21:43:56.0207 1188 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/30 21:43:56.0379 1188 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/30 21:43:56.0551 1188 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/30 21:43:56.0661 1188 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/30 21:43:56.0661 1188 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/30 21:43:56.0661 1188 sptd - detected Locked file (1)
2011/04/30 21:43:56.0832 1188 SRTSP (fa31991f172117b16c003f4925346618) C:\Windows\system32\Drivers\SRTSP.SYS
2011/04/30 21:43:56.0973 1188 SRTSPL (3fe51ebd01e5a5b31fbf0560c9915349) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/04/30 21:43:57.0020 1188 SRTSPX (d6c028bb553e7a8dfa082360ca09b4c0) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/04/30 21:43:57.0067 1188 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/30 21:43:57.0145 1188 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/30 21:43:57.0254 1188 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/30 21:43:57.0379 1188 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/30 21:43:57.0567 1188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/30 21:43:57.0614 1188 SYMDNS (55a216212c89de109bde71a5f440593c) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/04/30 21:43:57.0661 1188 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/30 21:43:57.0707 1188 SYMFW (3f72da2a613ae5da86c7002737fe56b3) C:\Windows\System32\Drivers\SYMFW.SYS
2011/04/30 21:43:57.0754 1188 SYMIDS (cf88c0fa1fb45fd49fa1f4adf6251ea6) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/04/30 21:43:57.0817 1188 SYMNDISV (105f0717ab5049a0a40d55c524b4c2e5) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/04/30 21:43:57.0879 1188 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/04/30 21:43:57.0926 1188 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/04/30 21:43:57.0989 1188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/30 21:43:58.0020 1188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/30 21:43:58.0098 1188 Tcpip (8734bd051ffdcbf8425cf222141c3741) C:\Windows\system32\drivers\tcpip.sys
2011/04/30 21:43:58.0207 1188 Tcpip6 (8734bd051ffdcbf8425cf222141c3741) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/30 21:43:58.0254 1188 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/30 21:43:58.0317 1188 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/30 21:43:58.0379 1188 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/30 21:43:58.0411 1188 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/30 21:43:58.0489 1188 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/30 21:43:58.0645 1188 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/30 21:43:58.0707 1188 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/30 21:43:58.0739 1188 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/30 21:43:58.0770 1188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/30 21:43:58.0832 1188 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/30 21:43:59.0004 1188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/30 21:43:59.0036 1188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/30 21:43:59.0114 1188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/30 21:43:59.0176 1188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/30 21:43:59.0223 1188 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/30 21:43:59.0411 1188 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/30 21:43:59.0489 1188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/30 21:43:59.0536 1188 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/30 21:43:59.0567 1188 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/30 21:43:59.0629 1188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/30 21:43:59.0676 1188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/30 21:43:59.0723 1188 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/30 21:43:59.0754 1188 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/30 21:43:59.0957 1188 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/30 21:43:59.0989 1188 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/30 21:44:00.0051 1188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/30 21:44:00.0098 1188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/30 21:44:00.0176 1188 viaide (48c9b50cddd51a205f7aa1639b3d4822) C:\Windows\system32\drivers\viaide.sys
2011/04/30 21:44:00.0270 1188 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/30 21:44:00.0348 1188 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/30 21:44:00.0442 1188 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/30 21:44:00.0504 1188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/30 21:44:00.0567 1188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/30 21:44:00.0614 1188 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/30 21:44:00.0629 1188 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/30 21:44:00.0723 1188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/30 21:44:00.0770 1188 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/30 21:44:00.0879 1188 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/30 21:44:01.0036 1188 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/30 21:44:01.0129 1188 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/30 21:44:01.0192 1188 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/04/30 21:44:01.0286 1188 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/04/30 21:44:01.0411 1188 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/04/30 21:44:02.0082 1188
================================================================================
2011/04/30 21:44:02.0082 1188 Scan finished
2011/04/30 21:44:02.0082 1188 ================================================================================
2011/04/30 21:44:02.0098 2044 Detected object count: 1
2011/04/30 21:44:16.0051 2044 Locked file(sptd) - User select action: Skip
2011/04/30 21:47:03.0676 0488 Deinitialize success


Ik heb Combofix nu meerdere keren uitgevoerd maar ik krijg echter nooit een logbestand te zien (staat ook niet op C: ).

PS: Wanneer Combofix begint te scannen staat er bovenaan:

"Het bericht met berichtnummer 0x8 kan niet gevonden worden in het berichtenbestand van systeem."
J

Juisterr

Legacy Member
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.

dds_scr.gif


DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt

Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan