Archief - vista internet security 2011

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
v

vorrak

Legacy Member
hallo,
zou u zo vriendelijk willen zijn om mij te helpen.mijn andere pc bevat het virus "vista internet security 2011". hij blokeert mijn internet het enige wat ik nog kan doen is mailen.ik heb logfile bij gestoken.
ik denk dat er nog wel een paar dingen zijn die niet helemaal in orde zijn want pc werkte al een tijdje traag.
vriendelijke groeten
steven



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:29, on 11/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Registration .LNK = D:\Disk1\support\Register\RegistrationReminder.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 4431 bytes
J

Juisterr

Legacy Member
Voer de volgende acties eerst uit:
Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik Tools
* Klik "General Settings" of Options
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)
J

Juisterr

Legacy Member
Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
4de6eab6867f3-Combofix.JPG


1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
v

vorrak

Legacy Member
ComboFix 11-06-03.02 - xpx 03/06/2011 12:46:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1215 [GMT 2:00]
Gestart vanuit: c:\users\xpx\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xpx\AppData\Local\kkp.exe
c:\users\xpx\AppData\Roaming\PnkBstrB.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))
.
.
2011-06-03 11:00 . 2011-06-03 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-03 10:42 . 2011-06-03 10:42 -------- d-----w- C:\32788R22FWJFW
2011-05-31 22:07 . 2011-06-03 10:41 -------- d-----w- c:\program files\PC Tools Security
2011-05-31 22:07 . 2011-06-03 10:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-31 22:05 . 2011-06-03 10:41 -------- d-----w- c:\programdata\PC Tools
2011-05-22 21:09 . 2011-05-22 21:15 -------- d-----w- c:\program files\Mole Control
2011-05-11 15:58 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-06 11:48 . 2011-05-06 11:48 -------- d-----w- c:\programdata\Arkadium
2011-05-04 23:19 . 2011-05-04 23:20 -------- d-----w- c:\program files\Cradle of Rome
2011-05-04 22:54 . 2011-05-04 22:54 -------- d-----w- c:\program files\Diego`s Dinosaur Adventure
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 08:17 . 2011-04-15 08:17 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-15 08:17 . 2011-04-15 08:17 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 08:17 . 2011-04-15 08:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-15 08:17 . 2011-04-15 08:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-15 08:17 . 2011-04-15 08:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-15 08:17 . 2011-04-15 08:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-15 08:17 . 2011-04-15 08:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-15 08:17 . 2011-04-15 08:17 367104 ----a-w- c:\windows\system32\html.iec
2011-04-15 08:17 . 2011-04-15 08:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-15 08:17 . 2011-04-15 08:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 08:17 . 2011-04-15 08:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-15 08:17 . 2011-04-15 08:17 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-15 08:17 . 2011-04-15 08:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-15 08:17 . 2011-04-15 08:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-15 08:17 . 2011-04-15 08:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-15 08:17 . 2011-04-15 08:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-15 08:17 . 2011-04-15 08:17 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-15 08:17 . 2011-04-15 08:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-15 08:17 . 2011-04-15 08:17 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-15 08:17 . 2011-04-15 08:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 08:17 . 2011-04-15 08:17 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-20 19:34 . 2008-03-16 00:42 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-20 19:34 . 2008-03-16 00:42 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-16 16:54 . 2010-12-23 12:49 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 13:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 10:08 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 10:08 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 01:18 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"BitTorrent DNA"="c:\users\xpx\Program Files\DNA\btdna.exe" [2010-07-03 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 253952]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-11-08 238432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2007-10-25 43520]
.
c:\users\xpx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-3-3 546816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2002-06-06 15740]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122.sys [2007-08-29 131968]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DL.sys [2007-08-29 18304]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2002-06-06 32476]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-16 717296]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S2 olMntrService;Olivetti Monitor Service;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2007-06-08 126976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
S4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 17:36]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 17:36]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-03 13:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2307037598-3225379233-1213041179-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0d,bd,b3,d8,98,29,c9,63,9c,bc,af,a2,72,1f,66,51,23,c0,39,ef,ac,46,d2,
6c,4d,d6,cd,50,42,31,ac,e9,53,87,44,d1,ce,e8,99,e8,9c,d1,d8,f1,e9,89,43,b6,\
"??"=hex:13,2a,11,46,9c,a9,88,49,9a,d9,b7,be,76,d0,6e,01
.
[HKEY_USERS\S-1-5-21-2307037598-3225379233-1213041179-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,cb,92,1a,fe,26,49,7f,53,0c,19,2e,ed,ef,15,0f,27,fe,3b,d0,6b,
fa,e3,fb,77,7b,9d,c6,85,58,92,7f,66,e6,b7,b1,dd,a1,cc,d7,dd,58,d3,73,9e,97,\
"rkeysecu"=hex:53,43,79,37,8a,dc,31,c6,fc,66,32,20,15,ed,6d,46
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{399809ce-ed1e-42cc-b8b4-ac3eb62fd7c6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9e448a19-5943-4234-8086-5c25b53df8ef}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001d60
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Voltooingstijd: 2011-06-03 13:05:55
ComboFix-quarantined-files.txt 2011-06-03 11:05
.
Pre-Run: 99.329.748.992 bytes beschikbaar
Post-Run: 113.328.836.608 bytes beschikbaar
.
- - End Of File - - 2115BC5BF83B51DADA065330C6C3BFB5
J

Juisterr

Legacy Member
Download TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg



Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
v

vorrak

Legacy Member
hallo
ik heb dit in 2 moeten delen want ik mag maar max 30000 tekens per keer doorsturen.
vriendelijke groeten

2011/06/05 10:13:23.0259 5888 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:23.0680 5888 SystemInfo:
2011/06/05 10:13:23.0680 5888
2011/06/05 10:13:23.0680 5888 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 10:13:23.0680 5888 Product type: Workstation
2011/06/05 10:13:23.0680 5888 ComputerName: PC_VAN_XPX
2011/06/05 10:13:23.0680 5888 UserName: xpx
2011/06/05 10:13:23.0680 5888 Windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 System windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 Processor architecture: Intel x86
2011/06/05 10:13:23.0680 5888 Number of processors: 2
2011/06/05 10:13:23.0680 5888 Page size: 0x1000
2011/06/05 10:13:23.0680 5888 Boot type: Normal boot
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:24.0897 5888 Initialize success
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:28.0688 4284 Scan started
2011/06/05 10:13:28.0688 4284 Mode: Manual;
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:30.0326 4284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 10:13:30.0404 4284 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 10:13:30.0451 4284 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 10:13:30.0482 4284 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 10:13:30.0513 4284 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 10:13:30.0560 4284 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 10:13:30.0591 4284 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/05 10:13:30.0622 4284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 10:13:30.0654 4284 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/05 10:13:30.0685 4284 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 10:13:30.0716 4284 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/05 10:13:30.0747 4284 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 10:13:30.0778 4284 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 10:13:30.0825 4284 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 10:13:30.0841 4284 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 10:13:30.0934 4284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 10:13:30.0966 4284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/05 10:13:30.0997 4284 AtcL001 (b4c0d962a251555f3daf42738ce6680d) C:\Windows\system32\DRIVERS\atl01v32.sys
2011/06/05 10:13:31.0090 4284 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/05 10:13:31.0153 4284 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 10:13:31.0215 4284 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 10:13:31.0231 4284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 10:13:31.0324 4284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 10:13:31.0371 4284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 10:13:31.0402 4284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 10:13:31.0434 4284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 10:13:31.0465 4284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 10:13:31.0512 4284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 10:13:31.0527 4284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 10:13:31.0558 4284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/05 10:13:31.0652 4284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 10:13:31.0683 4284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 10:13:31.0714 4284 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 10:13:31.0761 4284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 10:13:31.0824 4284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 10:13:31.0886 4284 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2011/06/05 10:13:31.0917 4284 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/05 10:13:31.0948 4284 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 10:13:31.0980 4284 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 10:13:32.0011 4284 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2011/06/05 10:13:32.0104 4284 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2011/06/05 10:13:32.0167 4284 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/05 10:13:32.0214 4284 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2011/06/05 10:13:32.0276 4284 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2011/06/05 10:13:32.0323 4284 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2011/06/05 10:13:32.0385 4284 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2011/06/05 10:13:32.0432 4284 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2011/06/05 10:13:32.0479 4284 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2011/06/05 10:13:32.0510 4284 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2011/06/05 10:13:32.0572 4284 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2011/06/05 10:13:32.0635 4284 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2011/06/05 10:13:32.0666 4284 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/05 10:13:32.0697 4284 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2011/06/05 10:13:32.0744 4284 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/05 10:13:32.0791 4284 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 10:13:32.0822 4284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 10:13:32.0869 4284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 10:13:32.0900 4284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 10:13:32.0947 4284 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 10:13:32.0994 4284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 10:13:33.0056 4284 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 10:13:33.0118 4284 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2011/06/05 10:13:33.0196 4284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 10:13:33.0259 4284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 10:13:33.0290 4284 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 10:13:33.0337 4284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 10:13:33.0384 4284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 10:13:33.0399 4284 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 10:13:33.0446 4284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 10:13:33.0524 4284 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/05 10:13:33.0555 4284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 10:13:33.0586 4284 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 10:13:33.0664 4284 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/05 10:13:33.0727 4284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 10:13:33.0789 4284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 10:13:33.0820 4284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 10:13:33.0852 4284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 10:13:33.0914 4284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 10:13:33.0945 4284 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 10:13:33.0992 4284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 10:13:34.0054 4284 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 10:13:34.0086 4284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 10:13:34.0117 4284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 10:13:34.0179 4284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 10:13:34.0257 4284 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 10:13:34.0335 4284 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/05 10:13:34.0382 4284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 10:13:34.0429 4284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 10:13:34.0476 4284 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 10:13:34.0522 4284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 10:13:34.0569 4284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 10:13:34.0616 4284 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 10:13:34.0663 4284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 10:13:34.0725 4284 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/06/05 10:13:34.0756 4284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 10:13:34.0803 4284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
v

vorrak

Legacy Member
2011/06/05 10:13:34.0850 4284 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
2011/06/05 10:13:34.0866 4284 JRAID (8f55efd8b7d99465c16d06b345d50ca9) C:\Windows\system32\DRIVERS\jraid.sys
2011/06/05 10:13:34.0912 4284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 10:13:34.0944 4284 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 10:13:35.0006 4284 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 10:13:35.0068 4284 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/05 10:13:35.0115 4284 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 10:13:35.0162 4284 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/05 10:13:35.0193 4284 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/05 10:13:35.0209 4284 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/05 10:13:35.0271 4284 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/05 10:13:35.0349 4284 mcdbus (5fb43fe50aee92b2b7b34cf2563db2ac) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/06/05 10:13:35.0443 4284 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/05 10:13:35.0552 4284 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/05 10:13:35.0583 4284 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 10:13:35.0614 4284 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 10:13:35.0661 4284 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 10:13:35.0692 4284 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 10:13:35.0739 4284 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/05 10:13:35.0770 4284 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 10:13:35.0833 4284 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/05 10:13:35.0864 4284 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 10:13:35.0895 4284 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 10:13:35.0942 4284 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 10:13:35.0958 4284 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 10:13:35.0989 4284 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/05 10:13:36.0020 4284 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/05 10:13:36.0098 4284 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 10:13:36.0129 4284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/05 10:13:36.0192 4284 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 10:13:36.0254 4284 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 10:13:36.0301 4284 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 10:13:36.0332 4284 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 10:13:36.0363 4284 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 10:13:36.0394 4284 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 10:13:36.0457 4284 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/05 10:13:36.0472 4284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/05 10:13:36.0535 4284 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 10:13:36.0582 4284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/05 10:13:36.0613 4284 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 10:13:36.0644 4284 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 10:13:36.0706 4284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 10:13:36.0753 4284 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 10:13:36.0800 4284 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 10:13:36.0831 4284 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 10:13:36.0925 4284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/05 10:13:36.0987 4284 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/06/05 10:13:37.0050 4284 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/06/05 10:13:37.0112 4284 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 10:13:37.0159 4284 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 10:13:37.0237 4284 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 10:13:37.0315 4284 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/05 10:13:37.0362 4284 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/05 10:13:37.0611 4284 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 10:13:37.0814 4284 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 10:13:37.0861 4284 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 10:13:37.0923 4284 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/05 10:13:38.0017 4284 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 10:13:38.0095 4284 ossrv (1018385d44f084509027494f763630bd) C:\Windows\system32\drivers\ctoss2k.sys
2011/06/05 10:13:38.0157 4284 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/05 10:13:38.0204 4284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 10:13:38.0251 4284 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/05 10:13:38.0313 4284 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/05 10:13:38.0360 4284 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/05 10:13:38.0407 4284 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/05 10:13:38.0469 4284 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/05 10:13:38.0625 4284 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 10:13:38.0672 4284 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/05 10:13:38.0719 4284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 10:13:38.0766 4284 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/05 10:13:38.0844 4284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/05 10:13:38.0906 4284 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 10:13:38.0968 4284 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 10:13:39.0015 4284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 10:13:39.0062 4284 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 10:13:39.0124 4284 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 10:13:39.0187 4284 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 10:13:39.0249 4284 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 10:13:39.0280 4284 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 10:13:39.0343 4284 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 10:13:39.0374 4284 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 10:13:39.0452 4284 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 10:13:39.0483 4284 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/05 10:13:39.0561 4284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 10:13:39.0608 4284 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 10:13:39.0655 4284 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 10:13:39.0702 4284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/05 10:13:39.0764 4284 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/05 10:13:39.0795 4284 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/05 10:13:39.0842 4284 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/05 10:13:39.0889 4284 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/05 10:13:39.0951 4284 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/05 10:13:39.0998 4284 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/05 10:13:40.0060 4284 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/05 10:13:40.0138 4284 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 10:13:40.0185 4284 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/05 10:13:40.0279 4284 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/06/05 10:13:40.0279 4284 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/05 10:13:40.0279 4284 sptd - detected LockedFile.Multi.Generic (1)
2011/06/05 10:13:40.0326 4284 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 10:13:40.0357 4284 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 10:13:40.0435 4284 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 10:13:40.0513 4284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/05 10:13:40.0716 4284 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 10:13:40.0778 4284 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/05 10:13:40.0809 4284 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/05 10:13:40.0825 4284 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/05 10:13:40.0950 4284 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 10:13:41.0028 4284 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 10:13:41.0074 4284 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 10:13:41.0121 4284 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 10:13:41.0152 4284 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 10:13:41.0215 4284 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 10:13:41.0277 4284 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 10:13:41.0355 4284 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 10:13:41.0402 4284 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/05 10:13:41.0464 4284 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 10:13:41.0511 4284 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/05 10:13:41.0558 4284 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 10:13:41.0652 4284 UKS11LDR (c4b89bdc1faf0d889248fc01c4bf8610) C:\Windows\system32\drivers\uks11ldr.sys
2011/06/05 10:13:41.0698 4284 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/05 10:13:41.0714 4284 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/05 10:13:41.0776 4284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/05 10:13:41.0823 4284 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/05 10:13:41.0886 4284 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 10:13:41.0948 4284 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/06/05 10:13:42.0010 4284 US122 (f0022b4a8c803d668dc80251214513af) C:\Windows\system32\Drivers\US122.sys
2011/06/05 10:13:42.0088 4284 US122DL (1d56be893dea1ff488de1495a59f71d5) C:\Windows\system32\Drivers\US122DL.sys
2011/06/05 10:13:42.0135 4284 Us122WdmService (560763d08a54a981a63f7bb6a27ab7b4) C:\Windows\system32\Drivers\US122Wdm.sys
2011/06/05 10:13:42.0198 4284 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/05 10:13:42.0260 4284 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 10:13:42.0307 4284 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/05 10:13:42.0369 4284 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 10:13:42.0447 4284 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 10:13:42.0494 4284 USBKS1X1 (77cd3e7fe622aa9f00d48d271c029491) C:\Windows\system32\drivers\usbks1x1.sys
2011/06/05 10:13:42.0541 4284 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 10:13:42.0603 4284 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 10:13:42.0650 4284 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/05 10:13:42.0712 4284 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/06/05 10:13:42.0775 4284 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/06/05 10:13:42.0822 4284 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 10:13:42.0868 4284 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 10:13:42.0931 4284 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 10:13:42.0978 4284 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/05 10:13:43.0024 4284 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/05 10:13:43.0056 4284 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/05 10:13:43.0087 4284 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/05 10:13:43.0118 4284 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/05 10:13:43.0180 4284 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 10:13:43.0243 4284 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/05 10:13:43.0305 4284 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/06/05 10:13:43.0383 4284 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/05 10:13:43.0446 4284 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/05 10:13:43.0508 4284 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 10:13:43.0539 4284 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 10:13:43.0586 4284 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/05 10:13:43.0648 4284 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 10:13:43.0773 4284 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/05 10:13:43.0882 4284 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/05 10:13:43.0960 4284 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 10:13:44.0038 4284 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 10:13:44.0101 4284 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/05 10:13:44.0116 4284 ================================================================================
2011/06/05 10:13:44.0116 4284 Scan finished
2011/06/05 10:13:44.0116 4284 ================================================================================
2011/06/05 10:13:44.0132 4080 Detected object count: 1
2011/06/05 10:13:44.0132 4080 Actual detected object count: 1
2011/06/05 10:14:15.0504 4080 LockedFile.Multi.Generic(sptd) - User select action: Skip
v

vorrak

Legacy Member
hallo,
ik moest deze log in 2 delen.
maar heb blijkbaar eerst 2e deel gepost, hier volgt eerste deel vean log.
mijn excuses hier voor.
vriendelijke groeten

2011/06/05 10:13:23.0259 5888 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:23.0680 5888 SystemInfo:
2011/06/05 10:13:23.0680 5888
2011/06/05 10:13:23.0680 5888 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 10:13:23.0680 5888 Product type: Workstation
2011/06/05 10:13:23.0680 5888 ComputerName: PC_VAN_XPX
2011/06/05 10:13:23.0680 5888 UserName: xpx
2011/06/05 10:13:23.0680 5888 Windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 System windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 Processor architecture: Intel x86
2011/06/05 10:13:23.0680 5888 Number of processors: 2
2011/06/05 10:13:23.0680 5888 Page size: 0x1000
2011/06/05 10:13:23.0680 5888 Boot type: Normal boot
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:24.0897 5888 Initialize success
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:28.0688 4284 Scan started
2011/06/05 10:13:28.0688 4284 Mode: Manual;
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:30.0326 4284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 10:13:30.0404 4284 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 10:13:30.0451 4284 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 10:13:30.0482 4284 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 10:13:30.0513 4284 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 10:13:30.0560 4284 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 10:13:30.0591 4284 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/05 10:13:30.0622 4284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 10:13:30.0654 4284 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/05 10:13:30.0685 4284 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 10:13:30.0716 4284 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/05 10:13:30.0747 4284 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 10:13:30.0778 4284 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 10:13:30.0825 4284 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 10:13:30.0841 4284 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 10:13:30.0934 4284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 10:13:30.0966 4284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/05 10:13:30.0997 4284 AtcL001 (b4c0d962a251555f3daf42738ce6680d) C:\Windows\system32\DRIVERS\atl01v32.sys
2011/06/05 10:13:31.0090 4284 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/05 10:13:31.0153 4284 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 10:13:31.0215 4284 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 10:13:31.0231 4284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 10:13:31.0324 4284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 10:13:31.0371 4284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 10:13:31.0402 4284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 10:13:31.0434 4284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 10:13:31.0465 4284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 10:13:31.0512 4284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 10:13:31.0527 4284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 10:13:31.0558 4284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/05 10:13:31.0652 4284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 10:13:31.0683 4284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 10:13:31.0714 4284 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 10:13:31.0761 4284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 10:13:31.0824 4284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 10:13:31.0886 4284 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2011/06/05 10:13:31.0917 4284 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/05 10:13:31.0948 4284 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 10:13:31.0980 4284 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 10:13:32.0011 4284 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2011/06/05 10:13:32.0104 4284 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2011/06/05 10:13:32.0167 4284 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/05 10:13:32.0214 4284 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2011/06/05 10:13:32.0276 4284 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2011/06/05 10:13:32.0323 4284 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2011/06/05 10:13:32.0385 4284 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2011/06/05 10:13:32.0432 4284 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2011/06/05 10:13:32.0479 4284 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2011/06/05 10:13:32.0510 4284 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2011/06/05 10:13:32.0572 4284 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2011/06/05 10:13:32.0635 4284 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2011/06/05 10:13:32.0666 4284 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/05 10:13:32.0697 4284 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2011/06/05 10:13:32.0744 4284 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/05 10:13:32.0791 4284 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 10:13:32.0822 4284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 10:13:32.0869 4284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 10:13:32.0900 4284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 10:13:32.0947 4284 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 10:13:32.0994 4284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 10:13:33.0056 4284 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 10:13:33.0118 4284 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2011/06/05 10:13:33.0196 4284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 10:13:33.0259 4284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 10:13:33.0290 4284 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 10:13:33.0337 4284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 10:13:33.0384 4284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 10:13:33.0399 4284 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 10:13:33.0446 4284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 10:13:33.0524 4284 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/05 10:13:33.0555 4284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 10:13:33.0586 4284 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 10:13:33.0664 4284 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/05 10:13:33.0727 4284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 10:13:33.0789 4284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 10:13:33.0820 4284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 10:13:33.0852 4284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 10:13:33.0914 4284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 10:13:33.0945 4284 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 10:13:33.0992 4284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 10:13:34.0054 4284 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 10:13:34.0086 4284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 10:13:34.0117 4284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 10:13:34.0179 4284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 10:13:34.0257 4284 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 10:13:34.0335 4284 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/05 10:13:34.0382 4284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 10:13:34.0429 4284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 10:13:34.0476 4284 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 10:13:34.0522 4284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 10:13:34.0569 4284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 10:13:34.0616 4284 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 10:13:34.0663 4284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 10:13:34.0725 4284 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/06/05 10:13:34.0756 4284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 10:13:34.0803 4284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
v

vorrak

Legacy Member
hallo,
ik heb deze log in 2 moeten delen maar mocht maar max 30000 tekens in.
eigenlijk moest eerst dit deel komen, daarna het andere.
sorry hiervoor.
vriendelijke groeten
2011/06/05 10:13:23.0259 5888 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:23.0680 5888 SystemInfo:
2011/06/05 10:13:23.0680 5888
2011/06/05 10:13:23.0680 5888 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 10:13:23.0680 5888 Product type: Workstation
2011/06/05 10:13:23.0680 5888 ComputerName: PC_VAN_XPX
2011/06/05 10:13:23.0680 5888 UserName: xpx
2011/06/05 10:13:23.0680 5888 Windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 System windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 Processor architecture: Intel x86
2011/06/05 10:13:23.0680 5888 Number of processors: 2
2011/06/05 10:13:23.0680 5888 Page size: 0x1000
2011/06/05 10:13:23.0680 5888 Boot type: Normal boot
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:24.0897 5888 Initialize success
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:28.0688 4284 Scan started
2011/06/05 10:13:28.0688 4284 Mode: Manual;
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:30.0326 4284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 10:13:30.0404 4284 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 10:13:30.0451 4284 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 10:13:30.0482 4284 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 10:13:30.0513 4284 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 10:13:30.0560 4284 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 10:13:30.0591 4284 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/05 10:13:30.0622 4284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 10:13:30.0654 4284 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/05 10:13:30.0685 4284 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 10:13:30.0716 4284 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/05 10:13:30.0747 4284 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 10:13:30.0778 4284 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 10:13:30.0825 4284 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 10:13:30.0841 4284 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 10:13:30.0934 4284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 10:13:30.0966 4284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/05 10:13:30.0997 4284 AtcL001 (b4c0d962a251555f3daf42738ce6680d) C:\Windows\system32\DRIVERS\atl01v32.sys
2011/06/05 10:13:31.0090 4284 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/05 10:13:31.0153 4284 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 10:13:31.0215 4284 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 10:13:31.0231 4284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 10:13:31.0324 4284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 10:13:31.0371 4284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 10:13:31.0402 4284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 10:13:31.0434 4284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 10:13:31.0465 4284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 10:13:31.0512 4284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 10:13:31.0527 4284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 10:13:31.0558 4284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/05 10:13:31.0652 4284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 10:13:31.0683 4284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 10:13:31.0714 4284 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 10:13:31.0761 4284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 10:13:31.0824 4284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 10:13:31.0886 4284 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2011/06/05 10:13:31.0917 4284 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/05 10:13:31.0948 4284 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 10:13:31.0980 4284 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 10:13:32.0011 4284 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2011/06/05 10:13:32.0104 4284 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2011/06/05 10:13:32.0167 4284 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/05 10:13:32.0214 4284 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2011/06/05 10:13:32.0276 4284 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2011/06/05 10:13:32.0323 4284 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2011/06/05 10:13:32.0385 4284 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2011/06/05 10:13:32.0432 4284 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2011/06/05 10:13:32.0479 4284 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2011/06/05 10:13:32.0510 4284 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2011/06/05 10:13:32.0572 4284 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2011/06/05 10:13:32.0635 4284 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2011/06/05 10:13:32.0666 4284 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/05 10:13:32.0697 4284 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2011/06/05 10:13:32.0744 4284 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/05 10:13:32.0791 4284 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 10:13:32.0822 4284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 10:13:32.0869 4284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 10:13:32.0900 4284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 10:13:32.0947 4284 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 10:13:32.0994 4284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 10:13:33.0056 4284 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 10:13:33.0118 4284 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2011/06/05 10:13:33.0196 4284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 10:13:33.0259 4284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 10:13:33.0290 4284 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 10:13:33.0337 4284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 10:13:33.0384 4284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 10:13:33.0399 4284 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 10:13:33.0446 4284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 10:13:33.0524 4284 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/05 10:13:33.0555 4284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 10:13:33.0586 4284 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 10:13:33.0664 4284 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/05 10:13:33.0727 4284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 10:13:33.0789 4284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 10:13:33.0820 4284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 10:13:33.0852 4284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 10:13:33.0914 4284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 10:13:33.0945 4284 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 10:13:33.0992 4284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 10:13:34.0054 4284 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 10:13:34.0086 4284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 10:13:34.0117 4284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 10:13:34.0179 4284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 10:13:34.0257 4284 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 10:13:34.0335 4284 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/05 10:13:34.0382 4284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 10:13:34.0429 4284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 10:13:34.0476 4284 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 10:13:34.0522 4284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 10:13:34.0569 4284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 10:13:34.0616 4284 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 10:13:34.0663 4284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 10:13:34.0725 4284 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/06/05 10:13:34.0756 4284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 10:13:34.0803 4284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
v

vorrak

Legacy Member
2011/06/05 10:13:23.0259 5888 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:23.0680 5888 SystemInfo:
2011/06/05 10:13:23.0680 5888
2011/06/05 10:13:23.0680 5888 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 10:13:23.0680 5888 Product type: Workstation
2011/06/05 10:13:23.0680 5888 ComputerName: PC_VAN_XPX
2011/06/05 10:13:23.0680 5888 UserName: xpx
2011/06/05 10:13:23.0680 5888 Windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 System windows directory: C:\Windows
2011/06/05 10:13:23.0680 5888 Processor architecture: Intel x86
2011/06/05 10:13:23.0680 5888 Number of processors: 2
2011/06/05 10:13:23.0680 5888 Page size: 0x1000
2011/06/05 10:13:23.0680 5888 Boot type: Normal boot
2011/06/05 10:13:23.0680 5888 ================================================================================
2011/06/05 10:13:24.0897 5888 Initialize success
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:28.0688 4284 Scan started
2011/06/05 10:13:28.0688 4284 Mode: Manual;
2011/06/05 10:13:28.0688 4284 ================================================================================
2011/06/05 10:13:30.0326 4284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 10:13:30.0404 4284 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 10:13:30.0451 4284 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 10:13:30.0482 4284 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 10:13:30.0513 4284 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 10:13:30.0560 4284 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 10:13:30.0591 4284 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/05 10:13:30.0622 4284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 10:13:30.0654 4284 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/05 10:13:30.0685 4284 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 10:13:30.0716 4284 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/05 10:13:30.0747 4284 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 10:13:30.0778 4284 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 10:13:30.0825 4284 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 10:13:30.0841 4284 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 10:13:30.0934 4284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 10:13:30.0966 4284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/05 10:13:30.0997 4284 AtcL001 (b4c0d962a251555f3daf42738ce6680d) C:\Windows\system32\DRIVERS\atl01v32.sys
2011/06/05 10:13:31.0090 4284 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/05 10:13:31.0153 4284 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 10:13:31.0215 4284 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 10:13:31.0231 4284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 10:13:31.0324 4284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 10:13:31.0371 4284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 10:13:31.0402 4284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 10:13:31.0434 4284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 10:13:31.0465 4284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 10:13:31.0512 4284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 10:13:31.0527 4284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 10:13:31.0558 4284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/05 10:13:31.0652 4284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 10:13:31.0683 4284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 10:13:31.0714 4284 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 10:13:31.0761 4284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 10:13:31.0824 4284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 10:13:31.0886 4284 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2011/06/05 10:13:31.0917 4284 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/05 10:13:31.0948 4284 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 10:13:31.0980 4284 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 10:13:32.0011 4284 CT20XUT.DLL (5ecc0de5f90ca891ff2368cb2dbc365c) C:\Windows\system32\CT20XUT.DLL
2011/06/05 10:13:32.0104 4284 ctac32k (f35de8895559d4e2d1a024a3ac05b962) C:\Windows\system32\drivers\ctac32k.sys
2011/06/05 10:13:32.0167 4284 ctaud2k (82ce9b8ccd70040f0b1a91b44e39e865) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/05 10:13:32.0214 4284 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2011/06/05 10:13:32.0276 4284 ctdvda2k (4998163c5efaec75be1946b49b5343f5) C:\Windows\system32\drivers\ctdvda2k.sys
2011/06/05 10:13:32.0323 4284 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2011/06/05 10:13:32.0385 4284 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2011/06/05 10:13:32.0432 4284 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2011/06/05 10:13:32.0479 4284 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2011/06/05 10:13:32.0510 4284 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2011/06/05 10:13:32.0572 4284 CTEXFIFX.DLL (5b8386421ae9aaf4dc94e3fb88b2b998) C:\Windows\system32\CTEXFIFX.DLL
2011/06/05 10:13:32.0635 4284 CTHWIUT.DLL (905c9950d24eb157db7981a3ad7de4dc) C:\Windows\system32\CTHWIUT.DLL
2011/06/05 10:13:32.0666 4284 ctprxy2k (f05cf0e3696621a205f0d5b2cf8e346e) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/05 10:13:32.0697 4284 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2011/06/05 10:13:32.0744 4284 ctsfm2k (3747490f9ae9d28eed18fc35235cee31) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/05 10:13:32.0791 4284 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 10:13:32.0822 4284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 10:13:32.0869 4284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 10:13:32.0900 4284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 10:13:32.0947 4284 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 10:13:32.0994 4284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 10:13:33.0056 4284 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 10:13:33.0118 4284 emupia (b396b42a80f8ac72336fa483f7c26bec) C:\Windows\system32\drivers\emupia2k.sys
2011/06/05 10:13:33.0196 4284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 10:13:33.0259 4284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 10:13:33.0290 4284 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 10:13:33.0337 4284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 10:13:33.0384 4284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 10:13:33.0399 4284 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 10:13:33.0446 4284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 10:13:33.0524 4284 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/05 10:13:33.0555 4284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 10:13:33.0586 4284 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 10:13:33.0664 4284 ha20x2k (c98953793e4d139ff1ac328ef863e4cd) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/05 10:13:33.0727 4284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 10:13:33.0789 4284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 10:13:33.0820 4284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 10:13:33.0852 4284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 10:13:33.0914 4284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 10:13:33.0945 4284 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 10:13:33.0992 4284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 10:13:34.0054 4284 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 10:13:34.0086 4284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 10:13:34.0117 4284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 10:13:34.0179 4284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 10:13:34.0257 4284 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 10:13:34.0335 4284 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/05 10:13:34.0382 4284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 10:13:34.0429 4284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 10:13:34.0476 4284 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 10:13:34.0522 4284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 10:13:34.0569 4284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 10:13:34.0616 4284 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 10:13:34.0663 4284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 10:13:34.0725 4284 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/06/05 10:13:34.0756 4284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 10:13:34.0803 4284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
v

vorrak

Legacy Member
de vista security is blijkbaar verdwenen,wat al heel goed is.
ik kon mijn logje van ttdskiller er wel niet helemaal op krijgen(max 30000tekens) heb het dan in 2 delen doorgestuurd maar blijkbaar is alleen het 2e deel er door gekomen.
Nog een vraagje,ik had vroeger avg als antivirus programma, maar bij het opdaten is het blijkbaar fout gelopen.de avg kan ik niet meer gebruiken,maar ook niet meer verwijderen. Bij het opstarten van pc komt steeds avg maar wil niet verder .
ik gebruik nu avira als antivirusprogramma
groetjes
J

Juisterr

Legacy Member
AVG maar eens goed verwijderen dan.

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript_AVG2011.txt

Code: 
REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys

Start de computer in veilige modus: Spyware

Sleep CFScript_AVG2011.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

cfscript10uc2.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Gebruik [ spoiler ] voor grote uitslagen
v

vorrak

Legacy Member
hallo,
vriendelijk bedankt.alles lijkt weer goed te werken.
groetjes
vorrak
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan