conhost.exe virus

[wimvlas]

beste(n),

mag ik me aansluiten in het lijstje van geinfecteerden door het conhost.exe virus. Ik heb begrepen dat de oplossing voor iedereen anders is, dus hoop ik dat jullie mij kunnen helpen.

Vast bedankt.

Ik heb hijackthis als admin uitgevoerd, en kreeg onderstaande log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:13:06, on 1/09/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.17037)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\HP\HP UT\bin\hppusg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office\EXCEL.EXE

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Users\admin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [blegixus] rundll32.exe "C:\Users\admin\AppData\Local\puegrvdi.dll",Startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: tigioko - C:\Windows\system32\config\systemprofile\AppData\Local\tigioko.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11004 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKCU\..\Run: [blegixus] rundll32.exe "C:\Users\admin\AppData\Local\puegrvdi.dll",Startup

O20 - Winlogon Notify: tigioko - C:\Windows\system32\config\systemprofile\AppData\Local\tigioko.dll

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF

IF EXIST log.txt DEL log.txt

ECHO Deleting files>>log.txt

FOR %%g in (

C:\WINDOWS\TEMP\conhost.exe) DO (

DEL /Q %%gHJTNL

IF EXIST %%g (

ATTRIB -r -s -h %%g

DEL %%g

REN %%g *HJTNL

IF EXIST %%gHJTNL (

ECHO renamed to %%gHJTNL>>log.txt)

IF EXIST %%g (

ECHO %%g not deleted>>log.txt

) ELSE (

ECHO %%g deleted>>log.txt)

) ELSE (

ECHO %%g not found>>log.txt))

START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: Bureaublad

Bij "Bestandsnaam" zet je: del.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Download http://support.kaspersky.com/downloads/utils/tdsskiller.zip'>TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Hang naast het log van del.bat en TDSS-killer ook een nieuw log van HijackThis in je volgende bericht.

[wimvlas]

eerst even melden, dat ik na vorig bericht van: kape, systeemherstel heb uitgevoerd naar datum voordat ik besmetting merkte. Dit in een poging om van de besmetting af te geraken. Wat echter niet lukte.

Na opstarten van HJT, om stappen aangereikt door: kape, uit te voeren, ontbraken in de nieuwe scan:

O4 - HKCU\..\Run: [blegixus] rundll32.exe "C:\Users\admin\AppData\Local\puegrvdi.dll",Startup

O20 - Winlogon Notify: tigioko - C:\Windows\system32\config\systemprofile\AppData\Local\tigioko.dll

Deze zijn dus ook niet 'gefixt'

tdsskiller log:

2011/09/01 21:37:16.0885 0612 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/09/01 21:37:17.0116 0612 ================================================================================

2011/09/01 21:37:17.0116 0612 SystemInfo:

2011/09/01 21:37:17.0116 0612

2011/09/01 21:37:17.0116 0612 OS Version: 6.0.6000 ServicePack: 0.0

2011/09/01 21:37:17.0116 0612 Product type: Workstation

2011/09/01 21:37:17.0116 0612 ComputerName: BBK

2011/09/01 21:37:17.0117 0612 UserName: admin

2011/09/01 21:37:17.0117 0612 Windows directory: C:\Windows

2011/09/01 21:37:17.0117 0612 System windows directory: C:\Windows

2011/09/01 21:37:17.0117 0612 Processor architecture: Intel x86

2011/09/01 21:37:17.0117 0612 Number of processors: 2

2011/09/01 21:37:17.0117 0612 Page size: 0x1000

2011/09/01 21:37:17.0117 0612 Boot type: Normal boot

2011/09/01 21:37:17.0117 0612 ================================================================================

2011/09/01 21:37:18.0082 0612 Initialize success

2011/09/01 21:37:39.0230 3944 ================================================================================

2011/09/01 21:37:39.0230 3944 Scan started

2011/09/01 21:37:39.0230 3944 Mode: Manual;

2011/09/01 21:37:39.0230 3944 ================================================================================

2011/09/01 21:37:39.0729 3944 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/09/01 21:37:39.0793 3944 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/09/01 21:37:39.0862 3944 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/09/01 21:37:39.0944 3944 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/09/01 21:37:40.0002 3944 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/09/01 21:37:40.0073 3944 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/09/01 21:37:40.0166 3944 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/09/01 21:37:40.0237 3944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/09/01 21:37:40.0284 3944 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/09/01 21:37:40.0332 3944 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/09/01 21:37:40.0371 3944 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/09/01 21:37:40.0458 3944 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/09/01 21:37:40.0523 3944 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/01 21:37:40.0573 3944 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/09/01 21:37:40.0646 3944 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/09/01 21:37:40.0774 3944 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/01 21:37:40.0840 3944 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

2011/09/01 21:37:40.0930 3944 athr (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys

2011/09/01 21:37:41.0052 3944 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys

2011/09/01 21:37:41.0233 3944 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys

2011/09/01 21:37:41.0340 3944 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys

2011/09/01 21:37:41.0371 3944 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys

2011/09/01 21:37:41.0414 3944 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys

2011/09/01 21:37:41.0511 3944 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/09/01 21:37:41.0599 3944 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/09/01 21:37:41.0735 3944 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/01 21:37:41.0781 3944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/09/01 21:37:41.0847 3944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/09/01 21:37:41.0923 3944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/09/01 21:37:41.0982 3944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/09/01 21:37:42.0016 3944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/09/01 21:37:42.0092 3944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/09/01 21:37:42.0152 3944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/09/01 21:37:42.0216 3944 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/01 21:37:42.0273 3944 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/01 21:37:42.0364 3944 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/09/01 21:37:42.0454 3944 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/09/01 21:37:42.0518 3944 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/01 21:37:42.0575 3944 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/09/01 21:37:42.0660 3944 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/01 21:37:42.0725 3944 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/09/01 21:37:42.0780 3944 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/09/01 21:37:42.0859 3944 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/09/01 21:37:42.0986 3944 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/09/01 21:37:43.0090 3944 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/09/01 21:37:43.0154 3944 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/01 21:37:43.0274 3944 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys

2011/09/01 21:37:43.0368 3944 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/09/01 21:37:43.0514 3944 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/09/01 21:37:43.0581 3944 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/09/01 21:37:43.0694 3944 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/09/01 21:37:43.0750 3944 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/01 21:37:43.0847 3944 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/09/01 21:37:43.0899 3944 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/09/01 21:37:43.0982 3944 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/01 21:37:44.0023 3944 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/09/01 21:37:44.0102 3944 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/01 21:37:44.0156 3944 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/01 21:37:44.0264 3944 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys

2011/09/01 21:37:44.0347 3944 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/01 21:37:44.0381 3944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/09/01 21:37:44.0434 3944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/09/01 21:37:44.0503 3944 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/01 21:37:44.0614 3944 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/09/01 21:37:44.0684 3944 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

2011/09/01 21:37:44.0741 3944 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/09/01 21:37:44.0820 3944 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys

2011/09/01 21:37:44.0929 3944 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/09/01 21:37:44.0993 3944 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/09/01 21:37:45.0114 3944 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/09/01 21:37:45.0197 3944 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/09/01 21:37:45.0296 3944 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/09/01 21:37:45.0409 3944 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/01 21:37:45.0567 3944 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/01 21:37:45.0690 3944 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/09/01 21:37:45.0802 3944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/09/01 21:37:45.0927 3944 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/09/01 21:37:45.0994 3944 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/01 21:37:46.0053 3944 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/01 21:37:46.0161 3944 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/09/01 21:37:46.0202 3944 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/09/01 21:37:46.0265 3944 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/09/01 21:37:46.0310 3944 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/09/01 21:37:46.0383 3944 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/01 21:37:46.0444 3944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/09/01 21:37:46.0512 3944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/09/01 21:37:46.0573 3944 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/01 21:37:46.0636 3944 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/01 21:37:46.0724 3944 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/01 21:37:46.0844 3944 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/01 21:37:46.0925 3944 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/01 21:37:47.0007 3944 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/01 21:37:47.0049 3944 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/01 21:37:47.0108 3944 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/09/01 21:37:47.0175 3944 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/09/01 21:37:47.0249 3944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/09/01 21:37:47.0315 3944 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/09/01 21:37:47.0401 3944 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/01 21:37:47.0472 3944 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/01 21:37:47.0517 3944 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/01 21:37:47.0576 3944 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/09/01 21:37:47.0631 3944 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/09/01 21:37:47.0718 3944 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/01 21:37:47.0788 3944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/09/01 21:37:47.0850 3944 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/09/01 21:37:47.0924 3944 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/01 21:37:47.0996 3944 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/01 21:37:48.0049 3944 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/01 21:37:48.0123 3944 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/09/01 21:37:48.0168 3944 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/09/01 21:37:48.0259 3944 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/09/01 21:37:48.0322 3944 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys

2011/09/01 21:37:48.0411 3944 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/01 21:37:48.0474 3944 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/01 21:37:48.0515 3944 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/09/01 21:37:48.0573 3944 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/09/01 21:37:48.0642 3944 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/01 21:37:48.0717 3944 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/09/01 21:37:48.0775 3944 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/09/01 21:37:48.0864 3944 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/01 21:37:48.0944 3944 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/09/01 21:37:49.0019 3944 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/01 21:37:49.0071 3944 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/01 21:37:49.0121 3944 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/01 21:37:49.0178 3944 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/09/01 21:37:49.0256 3944 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/01 21:37:49.0313 3944 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/01 21:37:49.0391 3944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/09/01 21:37:49.0452 3944 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/09/01 21:37:49.0508 3944 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/01 21:37:49.0608 3944 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/09/01 21:37:49.0702 3944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/09/01 21:37:49.0764 3944 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/09/01 21:37:49.0855 3944 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/09/01 21:37:50.0170 3944 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/09/01 21:37:50.0420 3944 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/09/01 21:37:50.0491 3944 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys

2011/09/01 21:37:50.0527 3944 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/09/01 21:37:50.0579 3944 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/09/01 21:37:50.0747 3944 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/01 21:37:50.0813 3944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/09/01 21:37:50.0865 3944 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/09/01 21:37:50.0941 3944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/09/01 21:37:51.0036 3944 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys

2011/09/01 21:37:51.0096 3944 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

2011/09/01 21:37:51.0157 3944 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/09/01 21:37:51.0262 3944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/09/01 21:37:51.0415 3944 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/01 21:37:51.0473 3944 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/09/01 21:37:51.0572 3944 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/01 21:37:51.0684 3944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/09/01 21:37:51.0750 3944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/09/01 21:37:51.0818 3944 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/01 21:37:51.0862 3944 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/01 21:37:51.0954 3944 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/01 21:37:52.0023 3944 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/01 21:37:52.0091 3944 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/01 21:37:52.0145 3944 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/01 21:37:52.0229 3944 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/09/01 21:37:52.0278 3944 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/01 21:37:52.0352 3944 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/09/01 21:37:52.0435 3944 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/09/01 21:37:52.0521 3944 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/09/01 21:37:52.0570 3944 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/09/01 21:37:52.0647 3944 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/01 21:37:52.0699 3944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/09/01 21:37:52.0816 3944 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

2011/09/01 21:37:52.0891 3944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/01 21:37:52.0957 3944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/09/01 21:37:53.0004 3944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/09/01 21:37:53.0102 3944 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/09/01 21:37:53.0189 3944 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2011/09/01 21:37:53.0230 3944 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/01 21:37:53.0280 3944 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/01 21:37:53.0359 3944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/01 21:37:53.0437 3944 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/09/01 21:37:53.0473 3944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/09/01 21:37:53.0514 3944 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/09/01 21:37:53.0561 3944 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/09/01 21:37:53.0660 3944 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/09/01 21:37:53.0735 3944 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/09/01 21:37:53.0796 3944 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/01 21:37:53.0845 3944 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/01 21:37:53.0945 3944 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/01 21:37:54.0006 3944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/09/01 21:37:54.0084 3944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/09/01 21:37:54.0130 3944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/09/01 21:37:54.0215 3944 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys

2011/09/01 21:37:54.0336 3944 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/09/01 21:37:54.0426 3944 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/01 21:37:54.0507 3944 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/01 21:37:54.0558 3944 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/09/01 21:37:54.0593 3944 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/09/01 21:37:54.0649 3944 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/01 21:37:54.0701 3944 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/01 21:37:54.0825 3944 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/01 21:37:54.0908 3944 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/09/01 21:37:54.0966 3944 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/01 21:37:55.0080 3944 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/09/01 21:37:55.0147 3944 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/01 21:37:55.0270 3944 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/01 21:37:55.0325 3944 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/09/01 21:37:55.0429 3944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/09/01 21:37:55.0517 3944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/09/01 21:37:55.0564 3944 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/01 21:37:55.0635 3944 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/01 21:37:55.0725 3944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/09/01 21:37:55.0790 3944 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/01 21:37:55.0862 3944 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/01 21:37:55.0947 3944 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys

2011/09/01 21:37:56.0004 3944 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/01 21:37:56.0088 3944 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/01 21:37:56.0170 3944 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/01 21:37:56.0256 3944 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/01 21:37:56.0351 3944 usbvideo (46f3a2912ef88cd8e87d4f9b304cd949) C:\Windows\system32\Drivers\usbvideo.sys

2011/09/01 21:37:56.0459 3944 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/01 21:37:56.0528 3944 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/09/01 21:37:56.0570 3944 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/09/01 21:37:56.0625 3944 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/09/01 21:37:56.0668 3944 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/09/01 21:37:56.0736 3944 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys

2011/09/01 21:37:56.0813 3944 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/09/01 21:37:56.0887 3944 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/09/01 21:37:56.0946 3944 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/09/01 21:37:57.0062 3944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/09/01 21:37:57.0121 3944 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/01 21:37:57.0146 3944 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/01 21:37:57.0215 3944 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/09/01 21:37:57.0329 3944 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/01 21:37:57.0501 3944 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/09/01 21:37:57.0658 3944 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/01 21:37:57.0741 3944 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/01 21:37:57.0813 3944 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/01 21:37:57.0866 3944 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys

2011/09/01 21:37:57.0909 3944 MBR (0x1B8) (0f3b3ca2a559b59f5dab39e15f4346ed) \Device\Harddisk0\DR0

2011/09/01 21:37:57.0921 3944 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/09/01 21:37:57.0933 3944 Boot (0x1200) (14d985bf90341702da47af39cee4f7a5) \Device\Harddisk0\DR0\Partition0

2011/09/01 21:37:57.0980 3944 Boot (0x1200) (ded17937d6c907963e4c916f71c6b3cf) \Device\Harddisk0\DR0\Partition1

2011/09/01 21:37:57.0986 3944 ================================================================================

2011/09/01 21:37:57.0986 3944 Scan finished

2011/09/01 21:37:57.0986 3944 ================================================================================

2011/09/01 21:37:58.0003 3996 Detected object count: 1

2011/09/01 21:37:58.0004 3996 Actual detected object count: 1

2011/09/01 21:38:16.0944 3996 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/09/01 21:38:16.0945 3996 \Device\Harddisk0\DR0 - ok

2011/09/01 21:38:16.0946 3996 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/09/01 21:38:24.0179 2516 Deinitialize success

geen logbestand gekregen na uitvoeren del.bat

hjt log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:40:42, on 1/09/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.17037)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\HP\HP UT\bin\hppusg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11130 bytes

vast bedankt

Wim

1 september 2011 aangepast door wimvlas

[kape]

Logje HijackTHis ziet er prima uit ... en op basis van je log van TDSS-killer zou ook Conhost van de baan moeten zijn. Heeft AVG daar nog iets over te vertellen ?

[wimvlas]

heb alles nog maar paar minuten geleden uitgevoerd, maar heb ondertussen geen AVG waarschuwing meer gekregen. Hopelijk ben ik er dan ook definitief vanaf!

Pluimpje voor de organisatie & voor de kennis van de expert(s). Heb zelden zo'n forum tegengekomen waar je vraag/probleem ook effectief & persoonlijk wordt behandeld. Zeeeeeeeer erg bedankt!!!

Wim

[kape]

Prima zo ... dan gaan we nog even opruimen :

Verwijder del.bat en TDSS-killer.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

Als dit alles probleemloos is verlopen, mag je hieronder op "opgelost" tokkelen !

1 september 2011 aangepast door kape

[wimvlas]

heb alles uitgevoerd. Tijdens het scannen van het register met CCleaner, kreeg ik een AVG melding: trojan horse proxy aqyh.

Moet ik me hier zorgen om maken, of is dat omdat CCleaner bestanden heeft verwijderd/gewijzigd waardoor AVG alleen maar denkt dat er een trojan horse op de pc aanwezig is?

Nadat het CCleaner proces werd uitgevoerd, heb ik nogmaals een AVG scan gedaan (zowel voor volledige PC scan als rootkit scan), en werden geen problemen meer gemeld. AVG heeft de waarschuwing ook niet opnieuw getoond.

Als ik google op: trojan horse proxy aqyh, heb ik ook niks gevonden.

Wim

[kape]

Na de dubbele scan met AVG, lijkt het me weinig waarschijnlijk dat dit een probleemgeval is. Maar - voor alle zekerheid - kan je eens een on-line scan laten runnen.

Ga naar de site van de .

• Klik op de knop ESET Online Scanner
  
• Zet een vinkje bij YES, I accept the Terms of Use
  
• Klik op Start
  
• Sta het ActiveX control toe om te installeren.
  
• Klik op "Advanced settings"
  
• Zet een vinkje bij de volgende opties:
  
  • Remove found threats
    
  • Scan archives
    
  • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
    

  [*]Klik op Start

  [*]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

  [*]Je mag het venster sluiten wanneer de scan klaar is.

  [*]Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt

  [*]Kopieer en plak de inhoud van dit logje in je volgende bericht.

[wimvlas]

esetOnline vond niets verdacht.

De log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Heb ondertussen ook geen meldingen meer gekregen van AVG.

Opgelost?

Wim

[kape]

Heb ondertussen ook geen meldingen meer gekregen van AVG.

Opgelost?

Wat mij betreft wel, ja. Indien het ook voor jou OK is, mag je hieronder op "opgelost" tokkelen !