ING cleaner: zegt nog steeds besmet

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#1

Hai,
Bij mij is ook getracht 16.000euro af te schrijven, zonder popup of extra x inloggen..alles zag er normaal uit. Ik vermoed zelf, aangezien ik van tevoren geen problemen had, dat het virus door inloggen bij ING zelf wordt verspreid. Laatste betaling gdaan vanaf mijn werk (multinational ing. bureau in belgie- zeer goed beveiligd ivm bv processtekeningen van raffinaderijen en kerncentrales online!) Paar dagen later log ik in om saldo te bekijken en eventueel over te maken, gelukkig stond het er nog niet op en heb ik geen andere betalingen gedaan, wel sms tancode gekregen voor buitenlandse betaling 16k, daarna slaat de computer op hol. In safe modus e.e.a. kunnen verwijderen om hijackthis en malawareb. te kunnen dwnld had zelfs niet genoeg virtueel geheugen om i.e. op te starten.
zelf geprobeerd en niets gevonden : malawarebytes, AVG, Spybot, uiteindelijk via free 30dg trial Kaspersky werd er backdoor.Win32.Sinowal.knf gevonden locatie: \device\harddisk0\DR0 en gedesinfecteerd. Ondanks dat deze heel je computer overneemt (ik laat hem maar even doen !) geeft de ING tool nog steeds aan dat ik geinfecteerd ben, computer heeft zelf nergens meer last van:

[27-08-2011 10:51:30] FCleaner v1.5.0.0 Loading...
[27-08-2011 10:51:34] Mebroot Infection Found!
[27-08-2011 10:51:34] FCleaner has detected malware on your system!
[27-08-2011 10:51:34] Please press the "Clean" button to remove the malware
[27-08-2011 10:51:53] Cleaner finished!

cleanen lukt niet dus.

laatse log hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:35, on 28/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/" onclick="window.open(this.href);return false;
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C" onclick="window.open(this.href);return false;:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab" onclick="window.open(this.href);return false;
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

--
End of file - 7011 bytes

mmm....maar ik zie nu wel weer die svchost.exe er weer in staan...

--------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: 7585

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

28/08/2011 12:40:28
mbam-log-2011-08-28 (12-40-27).txt

Scantype: Snelle scan
Objecten gescand: 196604
Verstreken tijd: 25 minuut/minuten, 18 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
--------------------------------------------------------------
Kaspersky: is te groot om hier neer te zetten, kan ik ook toesturen indien nodig


Hellup !
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#2

Hoi en welkom op het forum,

Svchost.exe is gewoon een legitiem process niets om je verder zorgen over te maken.
Maar laten we eens even verder gaan kijken.

1. Download aswMBR.exe naar het bureaublad.
  • Dubbelklik op "aswMBR.exe" om de tool te starten.
  • Klik bij het volgende venster op "Nee"
    Afbeelding
  • Klik op de knop "scan"
  • Afbeelding
  • Als de scan gereed is klikt u op de knop "save log"
  • Afbeelding
  • Plaats dit log bestand in het volgende bericht.

2. Download TDSSKiller en plaats het op je bureaublad.
  • Pak de bestanden in tdsskiller.zip uit.
  • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
  • Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
  • Klik op de knop "Start Scan" en volg de instructies.
  • Wanneer de scan klaar is klik je op de knop "Report".
  • Er opent een kladblokbestand. Post de inhoud van dit bestand.
Plaats het logje van aswMBR en TDSSkiller in het volgende bericht.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#3

Bedankt voor je snelle actie !!!


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-28 13:23:37
-----------------------------
13:23:37.984 OS Version: Windows 5.1.2600 Service Pack 3
13:23:37.984 Number of processors: 1 586 0x209
13:23:37.984 ComputerName: RIANNE UserName:
13:24:04.406 Initialize success
13:24:30.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:24:30.406 Disk 0 Vendor: WDC_WD1200JB-75FUA0 15.05R15 Size: 114440MB BusType: 3
13:24:32.421 Disk 0 MBR read successfully
13:24:32.421 Disk 0 MBR scan
13:24:32.421 Disk 0 Windows XP default MBR code
13:24:32.421 Disk 0 scanning sectors +234372285
13:24:32.453 Disk 0 malicious Win32:MBRoot code @ sector 234372288 !
13:24:32.468 Disk 0 PE file @ sector 234372310 !
13:24:32.531 Disk 0 scanning C:\WINDOWS\system32\drivers
13:24:46.640 Service scanning
13:24:47.906 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
13:24:47.906 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
13:24:47.953 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
13:24:47.953 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
13:24:49.343 Modules scanning
13:24:56.781 Disk 0 trace - called modules:
13:24:56.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:24:56.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82be0ab8]
13:24:56.812 3 CLASSPNP.SYS[f85b8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82be1d98]
13:24:56.812 Scan finished successfully
13:25:22.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rianne Swinkels\Bureaublad\MBR.dat"
13:25:22.984 The log file has been saved successfully to "C:\Documents and Settings\Rianne Swinkels\Bureaublad\aswMBR-28-8.txt"


2011/08/28 13:28:32.0218 3112 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 13:28:32.0703 3112 ================================================================================
2011/08/28 13:28:32.0703 3112 SystemInfo:
2011/08/28 13:28:32.0703 3112
2011/08/28 13:28:32.0703 3112 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 13:28:32.0703 3112 Product type: Workstation
2011/08/28 13:28:32.0703 3112 ComputerName: RIANNE
2011/08/28 13:28:32.0703 3112 UserName: Rianne Swinkels
2011/08/28 13:28:32.0703 3112 Windows directory: C:\WINDOWS
2011/08/28 13:28:32.0703 3112 System windows directory: C:\WINDOWS
2011/08/28 13:28:32.0703 3112 Processor architecture: Intel x86
2011/08/28 13:28:32.0703 3112 Number of processors: 1
2011/08/28 13:28:32.0703 3112 Page size: 0x1000
2011/08/28 13:28:32.0703 3112 Boot type: Normal boot
2011/08/28 13:28:32.0703 3112 ================================================================================
2011/08/28 13:28:34.0968 3112 Initialize success
2011/08/28 13:29:24.0187 4040 ================================================================================
2011/08/28 13:29:24.0187 4040 Scan started
2011/08/28 13:29:24.0187 4040 Mode: Manual;
2011/08/28 13:29:24.0187 4040 ================================================================================
2011/08/28 13:29:25.0000 4040 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/08/28 13:29:25.0125 4040 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 13:29:25.0234 4040 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/28 13:29:25.0343 4040 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/08/28 13:29:25.0406 4040 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/08/28 13:29:25.0484 4040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 13:29:25.0593 4040 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 13:29:25.0750 4040 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/08/28 13:29:25.0859 4040 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/08/28 13:29:25.0968 4040 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/08/28 13:29:26.0078 4040 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/08/28 13:29:26.0171 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/08/28 13:29:26.0265 4040 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/08/28 13:29:26.0375 4040 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/08/28 13:29:26.0484 4040 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/08/28 13:29:26.0593 4040 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/08/28 13:29:26.0718 4040 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/08/28 13:29:26.0812 4040 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/08/28 13:29:26.0906 4040 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/08/28 13:29:27.0046 4040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 13:29:27.0140 4040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 13:29:27.0312 4040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 13:29:27.0406 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 13:29:27.0500 4040 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/08/28 13:29:27.0859 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 13:29:28.0171 4040 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/08/28 13:29:28.0265 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 13:29:28.0359 4040 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/28 13:29:28.0468 4040 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/08/28 13:29:28.0546 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 13:29:28.0609 4040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 13:29:28.0703 4040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 13:29:28.0890 4040 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/08/28 13:29:29.0015 4040 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/08/28 13:29:29.0140 4040 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/08/28 13:29:29.0250 4040 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/08/28 13:29:29.0343 4040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 13:29:29.0468 4040 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 13:29:29.0609 4040 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 13:29:29.0718 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 13:29:29.0828 4040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 13:29:29.0921 4040 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/08/28 13:29:30.0015 4040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 13:29:30.0109 4040 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/08/28 13:29:30.0203 4040 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/08/28 13:29:30.0312 4040 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/08/28 13:29:30.0406 4040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 13:29:30.0515 4040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/28 13:29:30.0578 4040 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 13:29:30.0703 4040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/28 13:29:30.0812 4040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 13:29:30.0875 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 13:29:30.0953 4040 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 13:29:31.0046 4040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 13:29:31.0171 4040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/28 13:29:31.0265 4040 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/08/28 13:29:31.0375 4040 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/28 13:29:31.0500 4040 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/28 13:29:31.0609 4040 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/28 13:29:31.0781 4040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 13:29:31.0906 4040 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/28 13:29:32.0000 4040 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/08/28 13:29:32.0093 4040 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 13:29:32.0187 4040 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/08/28 13:29:32.0312 4040 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/08/28 13:29:32.0406 4040 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/08/28 13:29:32.0515 4040 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/08/28 13:29:32.0671 4040 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/08/28 13:29:32.0796 4040 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/08/28 13:29:32.0906 4040 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/08/28 13:29:33.0015 4040 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/08/28 13:29:33.0171 4040 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/08/28 13:29:33.0265 4040 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/08/28 13:29:33.0421 4040 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/28 13:29:33.0578 4040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 13:29:33.0703 4040 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/08/28 13:29:33.0859 4040 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/08/28 13:29:33.0968 4040 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/08/28 13:29:34.0078 4040 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/08/28 13:29:34.0156 4040 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/08/28 13:29:34.0250 4040 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/28 13:29:34.0343 4040 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 13:29:34.0421 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 13:29:34.0531 4040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 13:29:34.0640 4040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 13:29:34.0734 4040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 13:29:34.0812 4040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 13:29:34.0906 4040 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 13:29:34.0984 4040 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 13:29:35.0093 4040 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/08/28 13:29:35.0187 4040 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/08/28 13:29:35.0312 4040 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/08/28 13:29:35.0437 4040 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/08/28 13:29:35.0546 4040 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/08/28 13:29:35.0671 4040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 13:29:35.0796 4040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 13:29:36.0000 4040 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/08/28 13:29:36.0078 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 13:29:36.0156 4040 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 13:29:36.0234 4040 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/28 13:29:36.0296 4040 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/08/28 13:29:36.0359 4040 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 13:29:36.0484 4040 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/28 13:29:36.0546 4040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 13:29:36.0781 4040 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/08/28 13:29:36.0875 4040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 13:29:36.0984 4040 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 13:29:37.0093 4040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 13:29:37.0187 4040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 13:29:37.0312 4040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 13:29:37.0406 4040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 13:29:37.0500 4040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 13:29:37.0640 4040 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/28 13:29:37.0765 4040 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 13:29:37.0843 4040 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/28 13:29:37.0937 4040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 13:29:38.0031 4040 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/28 13:29:38.0156 4040 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 13:29:38.0218 4040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 13:29:38.0296 4040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 13:29:38.0390 4040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 13:29:38.0468 4040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 13:29:38.0531 4040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 13:29:38.0718 4040 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/08/28 13:29:38.0843 4040 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/08/28 13:29:38.0953 4040 nmwcdcj (9c9ff3ec04021234d6f440acbd3b70c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/08/28 13:29:39.0046 4040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 13:29:39.0125 4040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 13:29:39.0218 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 13:29:39.0375 4040 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/28 13:29:39.0546 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 13:29:39.0687 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 13:29:39.0859 4040 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/08/28 13:29:40.0031 4040 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/28 13:29:40.0109 4040 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/28 13:29:40.0156 4040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 13:29:40.0234 4040 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 13:29:40.0312 4040 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 13:29:40.0437 4040 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 13:29:40.0531 4040 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/28 13:29:40.0937 4040 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/08/28 13:29:41.0062 4040 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/08/28 13:29:41.0203 4040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 13:29:41.0281 4040 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/28 13:29:41.0359 4040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 13:29:41.0421 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 13:29:41.0531 4040 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/28 13:29:41.0656 4040 QCMerced (e7ac7b1e8ae57c3d55c661187ceebf11) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/08/28 13:29:41.0828 4040 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/08/28 13:29:41.0937 4040 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/08/28 13:29:42.0046 4040 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/08/28 13:29:42.0156 4040 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/08/28 13:29:42.0265 4040 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/08/28 13:29:42.0343 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 13:29:42.0468 4040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 13:29:42.0531 4040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 13:29:42.0656 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 13:29:42.0828 4040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 13:29:42.0890 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 13:29:43.0000 4040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 13:29:43.0125 4040 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 13:29:43.0203 4040 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 13:29:43.0390 4040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 13:29:43.0500 4040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/28 13:29:43.0562 4040 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/28 13:29:43.0750 4040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/28 13:29:43.0937 4040 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/08/28 13:29:44.0046 4040 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/28 13:29:44.0156 4040 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/28 13:29:44.0281 4040 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/28 13:29:44.0375 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/08/28 13:29:44.0468 4040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 13:29:44.0546 4040 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 13:29:44.0625 4040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 13:29:44.0781 4040 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/08/28 13:29:44.0890 4040 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/08/28 13:29:45.0000 4040 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/28 13:29:45.0093 4040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 13:29:45.0171 4040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 13:29:45.0281 4040 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/08/28 13:29:45.0390 4040 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/08/28 13:29:45.0484 4040 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/08/28 13:29:45.0593 4040 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/08/28 13:29:45.0718 4040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 13:29:45.0812 4040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 13:29:45.0937 4040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 13:29:46.0062 4040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 13:29:46.0140 4040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 13:29:46.0281 4040 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/08/28 13:29:46.0343 4040 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/08/28 13:29:46.0406 4040 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/08/28 13:29:46.0500 4040 tfsndres (3d2aebb20f94bb2050264e00d2887ef1) C:\WINDOWS\system32\dla\tfsndres.sys
2011/08/28 13:29:46.0546 4040 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/08/28 13:29:46.0656 4040 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/08/28 13:29:46.0718 4040 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/08/28 13:29:46.0796 4040 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/08/28 13:29:46.0875 4040 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/08/28 13:29:46.0984 4040 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/08/28 13:29:47.0093 4040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 13:29:47.0203 4040 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/08/28 13:29:47.0328 4040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 13:29:47.0468 4040 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/28 13:29:48.0078 4040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 13:29:48.0359 4040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 13:29:48.0421 4040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 13:29:48.0500 4040 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/28 13:29:48.0578 4040 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/28 13:29:48.0703 4040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 13:29:48.0812 4040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 13:29:48.0890 4040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 13:29:48.0984 4040 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/08/28 13:29:49.0109 4040 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/28 13:29:49.0234 4040 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 13:29:49.0328 4040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 13:29:49.0515 4040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 13:29:49.0703 4040 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/28 13:29:49.0796 4040 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/28 13:29:49.0921 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 13:29:50.0031 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 13:29:50.0281 4040 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/28 13:29:50.0390 4040 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/28 13:29:50.0437 4040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/28 13:29:50.0609 4040 Boot (0x1200) (24f1a2cb62da182473a16c7f43a9e6b9) \Device\Harddisk0\DR0\Partition0
2011/08/28 13:29:50.0625 4040 ================================================================================
2011/08/28 13:29:50.0625 4040 Scan finished
2011/08/28 13:29:50.0625 4040 ================================================================================
2011/08/28 13:29:50.0656 2456 Detected object count: 0
2011/08/28 13:29:50.0656 2456 Actual detected object count: 0
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#4

Hoi,

Het logje van aswMBR ziet er nog niet helemaal goed uit, maar laat nu eens de ING cleaner draaien en plaats hiervan het logje.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#5

------------------------------------------------------------------------------------------------------------------------
[28-08-2011 13:37:52] FCleaner v1.5.0.0 Loading...
[28-08-2011 13:37:56] Mebroot Infection Found!
[28-08-2011 13:37:56] FCleaner has detected malware on your system!
[28-08-2011 13:37:56] Please press the "Clean" button to remove the malware
[28-08-2011 13:38:13] Cleaner finished!


irritant dat dat ding je altijd uitlogd ook al is er niets gewijzigd.
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#6

Hoi,

Ga als volgt te werk om de herstelconsole te installeren:
  • Plaats de cd-rom van Windows XP in het cd-station.
  • Klik op Start en klik op Uitvoeren.
  • Typ d:\i386\winnt32.exe /cmdcons in het vak Openen, waarbij d de stationsletter van het cd-station is.
  • Er wordt een Windows Setup-dialoogvenster weergegeven.
  • In het Windows Setup-dialoogvenster wordt de optie Herstelconsole beschreven.
  • Klik op Ja om de installatie te bevestigen.
  • Start de computer opnieuw op.
1. De volgende keer dat u de computer opstart, wordt 'Microsoft Windows Herstelconsole' weergegeven in het opstartmenu.

Afbeelding

2. Log hierna in op de Windows installatie, geef het cijfer op van de Windows installatie gevolgd door enter.
Hierna zal er om het "administrator" password gevraagd worden, heeft u geen password dan drukt u hier op enter.

Afbeelding

3. Geef het commando "fixmbr" op achter de commandprompt, zoals op de onderstaande afbeelding.

Afbeelding

4. Als er gevraagd wordt om de MBR te overschrijven bevestigd u dit met "J" (Ja) of "Y" (Yes).

Afbeelding

5. Type hierna "exit" de computer zal nu opnieuw opstarten.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#7

na een uurtje of 2 zoeken eindelijk gevonden, krijg volgende foutmelding, vermoed dat dat komt doordat ik de compu heb gekocht toen ik nog in belgie woonde (thans NL)
EventType : InPageError P1 : c000009c P2 : 00000005

C:\DOCUME~1\RIANNE~1\LOCALS~1\Temp\WER6e7c.dir00\SETUP.EXE.mdmp
C:\DOCUME~1\RIANNE~1\LOCALS~1\Temp\WER6e7c.dir00\appcompat.txt
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#8

Hoi,

Krijg je deze error na het uitvoeren van FIXMBR in de herstelconsole?
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#9

nee, na het intypen van d:\ etc. in "uitvoeren" hij zegt dat mijn ip adres niet meer hetzelfde is
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#10

Hoi,

Oké dan doen we eerst even een scan met ComboFix die installeert namelijk ook de recovery console.

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)
  • Dubbelklik op "ComboFix.exe en ga "Akkoord" met de 'Disclaimer'
  • Als er een melding komt dat er "Een nieuwere versie van ComboFix" beschikbaar is klik dan op "Ja" om te updaten.
Afbeelding
  • Klik na het update nogmaals op "Akkoord" en ComboFix zal nu starten.
  • Als de "Recovery Console" nog niet aanwezig is zal ComboFix deze installeren indien er een actieve internet verbinding nodig.
Afbeelding
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok"
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bij bijvoorbeeld een aanwezige rootkit, dit is normaal.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
  • Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#11

nu wil hij volgens mij wel beginnen maar dan krijg ik de melding dat er op mijn compu een nieuwere versie staat dan op de cd (door de service packs ?)
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#12

Dan kan inderdaad, maar dan kan je beter eerst ComboFix even uitvoeren die installeert de 'recovery console' immers ook.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#13

dat was een zware bevalling !

ComboFix 11-08-27.01 - Rianne Swinkels 28/08/2011 16:17:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.232 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rianne Swinkels\Bureaublad\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1.tmp
c:\documents and settings\All Users\SPL78.tmp
c:\documents and settings\All Users\SPLA8.tmp
c:\documents and settings\All Users\SPLF4.tmp
c:\program files\messenger\msmsgsin.exe
c:\windows\IsUn0413.exe
c:\windows\system32\drivers\fad.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_usnjsvc
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-28 ))))))))))))))))))))))))))))))
.
.
2011-08-27 15:14 . 2011-08-27 15:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-08-27 15:14 . 2011-08-27 15:14 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-08-27 15:11 . 2011-08-27 15:11 -------- d-----w- c:\program files\Kaspersky Lab
2011-08-27 15:11 . 2011-08-28 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-08-27 12:17 . 2011-08-27 13:41 -------- d-----w- c:\documents and settings\Rianne Swinkels\Local Settings\Application Data\NPE
2011-08-27 12:17 . 2011-08-27 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-08-27 05:13 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-26 18:25 . 2011-08-26 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-08-26 18:01 . 2011-08-26 18:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-08-26 02:55 . 2011-08-26 02:55 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2011-08-25 18:23 . 2011-08-26 21:11 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-25 18:23 . 2011-08-26 21:11 -------- d-----w- c:\program files\PC Tools Security
2011-08-25 18:19 . 2011-08-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-25 17:34 . 2011-08-26 18:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-25 16:45 . 2011-08-25 16:45 -------- d-----w- c:\documents and settings\Rianne Swinkels\Application Data\AVG10
2011-08-25 16:31 . 2011-08-25 16:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-25 16:23 . 2011-08-26 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-25 16:23 . 2011-08-26 16:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-25 16:20 . 2011-08-25 16:20 -------- d-----w- c:\program files\AVG
2011-08-25 16:11 . 2011-08-26 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-24 15:59 . 2011-08-24 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-08-24 15:53 . 2011-08-24 15:53 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-24 15:14 . 2011-08-24 15:14 388096 ----a-r- c:\documents and settings\Rianne Swinkels\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-24 15:14 . 2011-08-24 15:48 -------- d-----w- c:\program files\Trend Micro
2011-08-23 16:21 . 2011-08-27 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-23 16:21 . 2011-08-23 16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-22 19:12 . 2011-08-27 15:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-11 15:07 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 15:07 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2002-09-11 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-11 04:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-01-09 12:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-01-09 12:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2002-09-11 04:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:37 . 2004-02-06 16:09 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:37 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:37 . 2002-09-11 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:37 . 2002-09-11 04:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 07:55 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-09-11 04:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2002-09-11 04:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2005-03-10 20:00 . 2005-03-10 20:00 1163643 ----a-w- c:\program files\wrar342.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Rianne Swinkels\Menu Start\Programma's\Opstarten\
Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-19 51984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winss"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [04/03/2011 13:23 11352]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 04:18 360224]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [02/11/2009 20:27 19472]
S1 MpKsld6e9e3a1;MpKsld6e9e3a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23393A2-8FCA-4EAB-AAF0-22DE80C746EF}\MpKsld6e9e3a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23393A2-8FCA-4EAB-AAF0-22DE80C746EF}\MpKsld6e9e3a1.sys [?]
S2 Ca533av;PocketCam X, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/12/2009 10:16 135664]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [24/08/2011 17:48 439632]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/12/2009 10:16 135664]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5061833fa39c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 08:15]
.
2011-08-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-03-30 19:49]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c" onclick="window.open(this.href);return false;:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
AddRemove-AccessRunner ADSL - c:\program files\USB ADSL\CnxUnist.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0413.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0413.exe
AddRemove-HijackThis - c:\docume~1\RIANNE~1\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-28 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(848)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-28 16:52:30 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-28 14:52
.
Pre-Run: 78,592,651,264 bytes beschikbaar
Post-Run: 80,035,647,488 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B905B4C04FB321C8DF9527D5269839B3
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42140
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Contacteer:

#14

Hoi,

Dat is ieder geval goed gegaan en de recovery console is geïnstalleerd, dus gaan we eerst de MBR (Master Boot Record) even fixen.

1. Als Combofix de "recovery console" heeft geïnstalleerd krijgt u tijdens het opstarten kort een keuzescherm "bootscreen" te zien.

Afbeelding

2. Log hierna in op de Windows installatie, geef het cijfer op van de Windows installatie gevolgd door enter.
Hierna zal er om het "administrator" password gevraagd worden, heeft u geen password dan drukt u hier op enter.

Afbeelding

3. Geef het commando "fixmbr" op achter de commandprompt, zoals op de onderstaande afbeelding.

Afbeelding

4. Als er gevraagd wordt om de MBR te overschrijven bevestigd u dit met "J" (Ja) of "Y" (Yes).

Afbeelding

5. Type hierna "exit" de computer zal nu opnieuw opstarten.
Gebruikersavatar
Rianne
PC Web Plus - Member
PC Web Plus - Member
Berichten: 44
Lid geworden op: 28 aug 2011 11:42
OS: xp
AV: diverse

#15

Setup kan niet worden voortgezet omdat de versie van Windows op de computer nieuwer is dan de versie op de cd.

Waarschuwing: Als u ervoor kiest de geïnstalleerde, nieuwere versie van Windows te verwijderen, kunnen de bestanden en instellingen niet worden hersteld.


ik kan daarbij niet op "doorgaan" klikken !
Gesloten

Terug naar “Opgeloste problemen / logs”