Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

logjes mbam en hijackthis wegens probleempjes

Abraham54
17 antwoorden
  • *Opgelost*
  • Hoi Remco, jij hebt een ernstige besmetting in jouw Windows!

    Maar eerst dien jij je Windows Livemail te voorzien van een nieuw wachtwoord enz.

    Hieronder lees je hoe:

    log in in jouw emailaccount!

    [list:3a73b08d8f][*:3a73b08d8f] Ga naar Opties \ Meer opties (helemaal rechtsboven).
    [*:3a73b08d8f] Vervolgens klik je op Persoonlijke gegevens bekijken en bewerken, onder Account beheren.
    [*:3a73b08d8f] Voer je wachtwoord in.[/list:u:3a73b08d8f]
    [list:3a73b08d8f][*:3a73b08d8f] Nu zie je jouw gegevens staan.
    [*:3a73b08d8f] Klik op Wijzigen naast Wachtwoord, onder Wachtwoordgegevens.
    [*:3a73b08d8f] Geef een nieuw en goed wachtwoord op.
    [*:3a73b08d8f] Klik aansluitend op Bevestigen.[/list:u:3a73b08d8f]
    [list:3a73b08d8f][*:3a73b08d8f] Volg dezelfde instructies voor het wijzigen van je geheime vraag en antwoord.
    [*:3a73b08d8f] Ook hier dien je absoluut de gegevens te wijzigen![/list:u:3a73b08d8f]
    Noot: een goed wachtwoord is minstens twaalf tekens lang en is opgebouwd uit hoofd- en kleineletters, cijfers en tekens!

    Hier kan je jouw wachtwoord testen: https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link


    Daarna ga je ComboFix gebruiken!


    [b:3a73b08d8f]Welk programma[/b:3a73b08d8f]: ComboFix
    [b:3a73b08d8f]Waarvoor/waarom[/b:3a73b08d8f]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen.
    [b:3a73b08d8f]Moeilijkheidsgraad[/b:3a73b08d8f]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:3a73b08d8f]Downloadlokatie[/b:3a73b08d8f]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3a73b08d8f]Download ComboFix via één van deze locaties[/b:3a73b08d8f]:
    [list:3a73b08d8f][*:3a73b08d8f][b:3a73b08d8f]Bleepingcomputer[/b:3a73b08d8f]
    [*:3a73b08d8f][b:3a73b08d8f]ForoSpyware[/b:3a73b08d8f]
    [*:3a73b08d8f][b:3a73b08d8f]Geekstogo[/b:3a73b08d8f][/list:u:3a73b08d8f]
    [b:3a73b08d8f]Hier[/b:3a73b08d8f] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:3a73b08d8f]Hier[/b:3a73b08d8f] en [b:3a73b08d8f]hier[/b:3a73b08d8f] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:3a73b08d8f]Voor alle duidelijkheid nogmaals[/b:3a73b08d8f]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:3a73b08d8f]Opmerkingen[/b:3a73b08d8f]:
    [list:3a73b08d8f][*:3a73b08d8f] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:3a73b08d8f]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:3a73b08d8f]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3a73b08d8f]
    [b:3a73b08d8f]ComboFix is opgestart[/b:3a73b08d8f]:
    [list:3a73b08d8f][*:3a73b08d8f]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:3a73b08d8f]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:3a73b08d8f]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:3a73b08d8f]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:3a73b08d8f]Post de inhoud van dit logbestand in je volgende bericht.
    [*:3a73b08d8f]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3a73b08d8f]
    [b:3a73b08d8f]Belangrijke opmerking[/b:3a73b08d8f]:
    [list:3a73b08d8f][*:3a73b08d8f][b:3a73b08d8f]Indien er een error wordt getoond met de melding: [/color:3a73b08d8f]Illegal operation attempted on a registery key that has been marked for deletion.[/color:3a73b08d8f] - start dan de computer opnieuw op.[/color:3a73b08d8f][/b:3a73b08d8f][/list:u:3a73b08d8f]
  • [b:fa04e6ac78]Mijn combofix logje:[/b:fa04e6ac78]


    ComboFix 11-01-25.03 - Remco Peters 26-01-2011 12:28:30.1.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3198.2683 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Remco Peters\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Remco Peters\Application Data\PriceGong
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data
    .xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Remco Peters\Application Data\PriceGong\Data\z.xml
    c:\windows\system32\ealregsnapshot1.reg
    c:\windows\system32\install\server.exe
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\winnt.exe
    c:\windows\WINDOWS
    c:\windows\WINDOWS\wupdater.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-26 to 2011-01-26 ))))))))))))))))))))))))))))))
    .

    2011-01-25 22:03 . 2011-01-25 22:03 ——– d—–w- c:\program files\MSXML 4.0
    2011-01-25 18:19 . 2011-01-25 18:19 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Malwarebytes
    2011-01-25 18:19 . 2010-12-20 17:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-25 18:19 . 2011-01-25 18:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-25 18:19 . 2010-12-20 17:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-25 18:18 . 2011-01-25 18:18 388096 —-a-r- c:\documents and settings\Remco Peters\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-25 14:44 . 2011-01-25 17:02 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Command and Conquer 4
    2011-01-25 14:44 . 2011-01-25 14:44 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\Electronic_Arts_Inc
    2011-01-25 12:59 . 2011-01-25 13:09 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Red Alert 3
    2011-01-24 17:44 . 2011-01-26 06:48 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\Aspyr
    2011-01-24 16:32 . 2011-01-24 19:05 218688 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-01-24 16:32 . 2011-01-25 09:12 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\DAEMON Tools Lite
    2011-01-24 16:32 . 2011-01-24 16:32 ——– d—–w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2011-01-24 15:19 . 2011-01-24 15:19 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\proDAD
    2011-01-24 15:18 . 2011-01-24 15:18 ——– d—–w- c:\program files\proDAD
    2011-01-24 15:18 . 2004-03-29 15:23 90112 —-a-w- c:\windows\unvise32.exe
    2011-01-24 15:18 . 2011-01-24 15:18 ——– d—–w- c:\program files\LooksBuilderSE
    2011-01-24 15:17 . 2003-07-09 09:43 45056 —-a-w- c:\windows\system32\BFXSrcFilter.ax
    2011-01-24 15:17 . 2003-07-01 15:49 69632 —-a-w- c:\windows\system32\MtxPreview.dll
    2011-01-24 15:17 . 2003-07-01 15:49 49152 —-a-w- c:\windows\system32\MtxParhBFXPreview.dll
    2011-01-24 15:17 . 2003-06-26 09:04 237568 —-a-r- c:\windows\system32\qtmlClient.dll
    2011-01-24 15:17 . 2003-01-20 08:08 49152 —-a-w- c:\windows\system32\CvoAPI.dll
    2011-01-24 15:16 . 2011-01-24 16:05 ——– d—–w- c:\program files\Boris FX, Inc
    2011-01-24 15:16 . 2004-04-18 22:42 733184 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
    2011-01-24 15:16 . 2004-04-18 22:40 69715 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
    2011-01-24 15:16 . 2004-04-18 22:39 266240 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
    2011-01-24 15:16 . 2004-04-18 22:39 172032 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
    2011-01-24 15:16 . 2004-04-18 22:39 5632 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
    2011-01-24 15:16 . 2011-01-24 15:16 303236 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
    2011-01-24 15:16 . 2011-01-24 15:16 180356 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
    2011-01-24 14:28 . 2005-09-23 22:18 171520 —-a-w- c:\windows\system32\drivers\MarvinBus.sys
    2011-01-24 14:28 . 2011-01-24 14:28 ——– d—–w- c:\program files\Common Files\Pinnacle
    2011-01-24 14:27 . 2011-01-24 15:48 ——– d—–w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
    2011-01-24 14:19 . 2011-01-24 14:19 ——– d—–w- c:\program files\Common Files\Yahoo!
    2011-01-24 14:19 . 2011-01-24 15:14 ——– d—–w- c:\program files\Pinnacle
    2011-01-24 14:19 . 2011-01-24 14:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Studio 12
    2011-01-24 14:19 . 2011-01-24 14:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
    2011-01-24 14:14 . 2011-01-24 14:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Pinnacle
    2011-01-20 19:49 . 2005-04-03 21:59 5632 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-01-20 19:42 . 2005-04-03 22:02 753664 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-01-20 19:42 . 2005-04-03 22:02 69714 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-01-20 19:42 . 2005-04-03 22:01 274432 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-01-20 19:42 . 2005-04-03 22:00 184320 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-01-20 19:42 . 2011-01-20 19:42 200836 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-01-20 19:42 . 2011-01-20 19:42 331908 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-01-20 15:04 . 2011-01-20 15:04 ——– d—–w- c:\program files\Microsoft
    2011-01-20 15:04 . 2011-01-20 15:04 ——– d—–w- c:\program files\Windows Live SkyDrive
    2011-01-20 14:56 . 2011-01-20 14:56 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Avira
    2011-01-20 14:55 . 2011-01-20 14:55 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\Mozilla
    2011-01-20 14:23 . 2011-01-26 11:31 ——– d—–w- c:\windows\system32\install
    2011-01-20 08:03 . 2011-01-20 08:03 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\SystemRequirementsLab
    2011-01-19 12:08 . 2011-01-19 12:10 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Ahead
    2011-01-19 12:07 . 2011-01-19 12:08 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\Ahead
    2011-01-19 12:05 . 2011-01-19 12:07 ——– d—–w- c:\program files\Common Files\Ahead
    2011-01-19 11:52 . 2011-01-19 11:52 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\ExtractNow
    2011-01-19 09:37 . 2009-06-07 15:25 77824 —-a-w- c:\windows\system32\xvid.ax
    2011-01-19 09:37 . 2009-06-07 15:16 819200 —-a-w- c:\windows\system32\xvidcore.dll
    2011-01-19 09:37 . 2011-01-19 09:37 ——– d—–w- c:\program files\Xvid
    2011-01-19 09:37 . 2009-06-07 15:24 180224 —-a-w- c:\windows\system32\xvidvfw.dll
    2011-01-19 08:56 . 2011-01-24 13:43 ——– d—–w- c:\documents and settings\Remco Peters\Local Settings\Application Data\QuickPar
    2011-01-18 08:57 . 2011-01-18 08:57 ——– d—–w- c:\windows\Internet Logs
    2011-01-17 18:16 . 2011-01-21 14:57 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\GrabIt
    2011-01-14 15:40 . 2011-01-14 17:46 ——– d—–w- c:\documents and settings\Remco Peters\Application Data\Command & Conquer 3 Tiberium Wars
    2011-01-14 15:40 . 2011-01-14 15:40 98304 —-a-w- c:\windows\system32CmdLineExt.dll
    2011-01-11 15:43 . 2001-09-06 20:27 5632 —-a-w- c:\windows\system32\ptpusb.dll
    2011-01-11 15:43 . 2008-04-14 17:02 159232 —-a-w- c:\windows\system32\ptpusd.dll
    2011-01-08 14:54 . 2011-01-08 14:54 ——– d—–w- c:\documents and settings\All Users\Application Data\THQ

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-25 12:59 . 2010-12-10 16:47 107888 —-a-w- c:\windows\system32\CmdLineExt.dll
    2010-12-22 16:57 . 2010-12-07 19:04 135096 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-14 15:51 . 2010-12-14 15:51 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-12-14 15:51 . 2010-12-14 15:51 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-12-10 17:38 . 2010-12-10 17:38 139152 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-12-10 17:38 . 2010-12-10 17:38 139152 —-a-w- c:\documents and settings\Remco Peters\Application Data\PnkBstrK.sys
    2010-12-10 17:37 . 2010-12-10 17:37 111928 —-a-w- c:\windows\system32\PnkBstrB.exe
    2010-12-10 17:37 . 2010-12-10 17:37 66872 —-a-w- c:\windows\system32\PnkBstrA.exe
    2010-12-10 17:37 . 2010-12-10 17:37 2793768 —-a-w- c:\windows\system32\pbsvc.exe
    2010-12-08 09:14 . 2009-08-18 10:30 564632 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2010-12-08 09:14 . 2009-08-18 10:24 17816 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2010-12-08 06:14 . 2010-12-07 19:04 61960 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-18 18:15 . 2010-12-07 17:47 86016 —-a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2006-03-02 12:00 249856 —-a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:23 . 2006-03-02 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:23 . 2006-03-02 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:23 . 2006-03-02 12:00 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:27 . 2006-03-02 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2006-03-02 12:00 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-28 13:09 . 2006-03-02 12:00 290048 —-a-w- c:\windows\system32\atmfd.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="f:\security\Avira\AntiVir Desktop\avgnt.exe" [2010-12-08 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-06-01 12:32 94208 —-a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
    2010-02-12 10:03 293376 ——w- c:\windows\system32\browserchoice.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 —-a-w- f:\programma's\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
    2007-04-12 06:00 182272 —-a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-12-07 22:45 136176 —-atw- c:\documents and settings\Remco Peters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2010-03-15 06:49 33718272 —-a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
    2011-01-24 11:54 585728 ——w- c:\windows\system32\install\syvhost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
    2011-01-24 11:54 585728 ——w- c:\windows\system32\install\syvhost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-07-25 15:02 563984 —-a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-07-25 15:06 2027792 —-a-w- c:\drivers\Logitec Webcam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 15:40 155648 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
    2010-01-22 11:29 106496 —-a-w- c:\drivers\USB 3.0\Application
    usb3mon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDAOD]
    2009-03-30 06:32 32768 —-a-r- c:\windows\DAODx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2010-09-30 21:28 98304 —-a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Ati HotKey Poller"=2 (0x2)
    "BCUService"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "idsvc"=3 (0x3)
    "wlidsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Games\\GTA 4\\Social Club\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "f:\\Games\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "f:\\Games\\Far Cry 2\\bin\\FarCry2.exe"=
    "f:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "f:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"=
    "f:\\Games\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Programma's\\SPSS\\WinWrapIDE.exe"=
    "f:\\Programma's\\SPSS\\paswstat.com"=
    "f:\\Programma's\\SPSS\\paswstat.exe"=
    "f:\\Games\\Red Faction Guerilla\\rfg.exe"=
    "f:\\Games\\Command & Conquer\\Tiberium Wars\\RetailExe\\1.9\\cnc3game.dat"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Programma's\\Pinnacle studio 12\\Programs\\RM.exe"=
    "f:\\Programma's\\Pinnacle studio 12\\Programs\\Studio.exe"=
    "f:\\Programma's\\Pinnacle studio 12\\Programs\\umi.exe"=
    "f:\\Games\\Guitar Hero 3\\GH3.exe"=
    "f:\\Games\\Command & Conquer\\Command & Conquer Twilight\\Data\\CNC4.game"=

    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [24-1-2011 17:32 218688]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\security\Avira\AntiVir Desktop\sched.exe [7-12-2010 20:04 135336]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9-12-2010 19:53 101904]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers
    usb3hub.sys [22-1-2010 12:21 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers
    usb3xhc.sys [22-1-2010 12:21 139648]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [9-12-2010 19:44 31288]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7-12-2010 19:13 2116480]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2139871995-839522115-1004Core.job
    - c:\documents and settings\Remco Peters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 22:45]

    2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2139871995-839522115-1004UA.job
    - c:\documents and settings\Remco Peters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 22:45]

    2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{AA46F279-88AF-44B3-A9D3-B905A5A91019}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: Performer Optimum - hxxp://img.livejasmin.com/performeroptimum/new/performer_optimum.CAB
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    FF - ProfilePath - c:\documents and settings\Remco Peters\Application Data\Mozilla\Firefox\Profiles\o2sqwvh9.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    HKCU-Run-Nvidia_Chipset - c:\windows\Windows\wupdater.exe
    HKLM-Run-Nvidia_Chipset - c:\windows\Windows\wupdater.exe
    MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
    MSConfigStartUp-Nvidia_Chipset - c:\windows\Windows\wupdater.exe
    MSConfigStartUp-RGSC - f:\games\GTA 4\Rockstar Games Social Club\Rockstar Games Social Club\RGSCLauncher.exe
    MSConfigStartUp-WinNT - c:\windows\system32\WinNT.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-26 12:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-117609710-2139871995-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:dd,9f,fc,4f,16,4b,5a,15,6c,2a,19,76,05,e2,da,7a,29,e5,12,97,cf,1f,18,
    9e,ef,db,72,63,a9,20,2f,fd,f4,f7,e1,db,88,b4,36,9f,3d,3c,84,f4,bd,b5,33,a4,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

    [HKEY_USERS\S-1-5-21-117609710-2139871995-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:e4,47,3a,8e,f2,b5,65,85,33,49,57,a8,e2,4a,3a,a9,2e,0a,26,e6,49,
    76,b6,46,ad,54,b2,0b,92,87,68,20,2d,47,ac,95,aa,c0,71,a9,71,98,46,ec,10,b1,\
    "rkeysecu"=hex:e9,34,c0,82,f9,92,3b,96,74,3c,2a,40,4e,67,c0,7a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(736)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Voltooingstijd: 2011-01-26 12:33:51
    ComboFix-quarantined-files.txt 2011-01-26 11:33

    Pre-Run: 85.471.846.400 bytes beschikbaar
    Post-Run: 87.704.719.360 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - EAB52F730CDFF9C1637FA5398914FC5B
  • Hoi Ben, ComboFix heeft al het nodige verwijderd.

    Nu gaan we controleren of de TDSS-rootkit in jouw Windows aanwezig is!


    [b:567bf37aca]Welk programma[/b:567bf37aca]: Kaspersky [b:567bf37aca]TDSSKiller[/b:567bf37aca]
    [b:567bf37aca]Waarvoor/waarom[/b:567bf37aca]: Rootkitscanner
    [b:567bf37aca]Moeilijkheidsgraad[/b:567bf37aca]: geen
    [b:567bf37aca]Downloadlokatie[/b:567bf37aca]: Dit programma absoluut naar het bureaublad downloaden!
    [b:567bf37aca]Download[/b:567bf37aca] [b:567bf37aca]TDSSKiller[/b:567bf37aca] [b:567bf37aca]hier[/b:567bf37aca].
    [b:567bf37aca]Installatie[/b:567bf37aca]:
    [list:567bf37aca][*:567bf37aca] pak het bestand uit op je bureaublad.[/list:u:567bf37aca]
    [b:567bf37aca]TDSSKiller gebruiken[/b:567bf37aca]:
    [list:567bf37aca][*:567bf37aca]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:567bf37aca]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:567bf37aca]Als Administrator uitvoeren[/b:567bf37aca].
    [*:567bf37aca] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:567bf37aca] Post de inhoud van dat log[/list:u:567bf37aca]
  • [b:5441f4bfcc]Hierbij mijn TDSSKiller log:[/b:5441f4bfcc]


    2011/01/26 13:16:57.0078 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/26 13:16:57.0093 ================================================================================
    2011/01/26 13:16:57.0093 SystemInfo:
    2011/01/26 13:16:57.0093
    2011/01/26 13:16:57.0093 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/26 13:16:57.0093 Product type: Workstation
    2011/01/26 13:16:57.0093 ComputerName: LOGEERKAMER
    2011/01/26 13:16:57.0093 UserName: Remco Peters
    2011/01/26 13:16:57.0093 Windows directory: C:\WINDOWS
    2011/01/26 13:16:57.0093 System windows directory: C:\WINDOWS
    2011/01/26 13:16:57.0093 Processor architecture: Intel x86
    2011/01/26 13:16:57.0093 Number of processors: 4
    2011/01/26 13:16:57.0093 Page size: 0x1000
    2011/01/26 13:16:57.0093 Boot type: Normal boot
    2011/01/26 13:16:57.0093 ================================================================================
    2011/01/26 13:16:57.0484 Initialize success
    2011/01/26 13:17:15.0671 ================================================================================
    2011/01/26 13:17:15.0671 Scan started
    2011/01/26 13:17:15.0671 Mode: Manual;
    2011/01/26 13:17:15.0671 ================================================================================
    2011/01/26 13:17:16.0984 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/26 13:17:17.0015 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/01/26 13:17:17.0062 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/26 13:17:17.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/26 13:17:17.0234 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    2011/01/26 13:17:17.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/26 13:17:17.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/26 13:17:17.0578 ati2mtag (2590a2758afb97d671f96d163b0a98d1) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/01/26 13:17:17.0656 AtiHDAudioService (9f7b431c11bdcb79fc1bbe9de4f43b20) C:\WINDOWS\system32\drivers\AtihdXP3.sys
    2011/01/26 13:17:17.0687 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    2011/01/26 13:17:17.0718 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/26 13:17:17.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/26 13:17:17.0921 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) F:\Security\Avira\AntiVir Desktop\avgio.sys
    2011/01/26 13:17:17.0984 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/01/26 13:17:18.0000 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/01/26 13:17:18.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/26 13:17:18.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/26 13:17:18.0187 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/01/26 13:17:18.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/26 13:17:18.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/26 13:17:18.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/26 13:17:18.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/26 13:17:18.0390 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/26 13:17:18.0421 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/26 13:17:18.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/26 13:17:18.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/26 13:17:18.0562 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/26 13:17:18.0609 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
    2011/01/26 13:17:18.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/26 13:17:18.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/26 13:17:18.0765 FilterService (ed6c44547540e7892a1c34fd4bd35a53) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    2011/01/26 13:17:18.0781 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/26 13:17:18.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/26 13:17:18.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/26 13:17:18.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/26 13:17:18.0875 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/26 13:17:18.0890 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/26 13:17:18.0906 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/26 13:17:19.0000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/26 13:17:19.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/26 13:17:19.0109 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/26 13:17:19.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/26 13:17:19.0171 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/26 13:17:19.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/26 13:17:19.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/26 13:17:19.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/26 13:17:19.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/26 13:17:19.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/26 13:17:19.0421 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/26 13:17:19.0453 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/26 13:17:19.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/26 13:17:19.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/26 13:17:19.0609 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    2011/01/26 13:17:19.0718 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    2011/01/26 13:17:19.0828 lvpopflt (92990b040b68632cc3f80a742d163937) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    2011/01/26 13:17:19.0875 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    2011/01/26 13:17:19.0890 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2011/01/26 13:17:19.0968 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    2011/01/26 13:17:20.0046 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    2011/01/26 13:17:20.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/26 13:17:20.0234 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/26 13:17:20.0250 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/26 13:17:20.0281 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/26 13:17:20.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/26 13:17:20.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/26 13:17:20.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/26 13:17:20.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/26 13:17:20.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/26 13:17:20.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/26 13:17:20.0578 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/26 13:17:20.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/26 13:17:20.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/01/26 13:17:20.0687 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2011/01/26 13:17:20.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/26 13:17:20.0718 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/01/26 13:17:20.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/26 13:17:20.0765 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/01/26 13:17:20.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    2011/01/26 13:17:20.0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    2011/01/26 13:17:20.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    2011/01/26 13:17:20.0843 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/26 13:17:20.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    2011/01/26 13:17:20.0875 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    2011/01/26 13:17:20.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/26 13:17:20.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/26 13:17:20.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/26 13:17:20.0984 nusb3hub (9a3879b890f395ef8007a69543b56e8d) C:\WINDOWS\system32\DRIVERS
    usb3hub.sys
    2011/01/26 13:17:21.0000 nusb3xhc (61c3a3c6b35f596831358d954d20712f) C:\WINDOWS\system32\DRIVERS
    usb3xhc.sys
    2011/01/26 13:17:21.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    2011/01/26 13:17:21.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    2011/01/26 13:17:21.0078 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    2011/01/26 13:17:21.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/26 13:17:21.0156 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/26 13:17:21.0171 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/26 13:17:21.0203 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/26 13:17:21.0234 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/26 13:17:21.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/26 13:17:21.0328 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/26 13:17:21.0359 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/26 13:17:21.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/26 13:17:21.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/26 13:17:21.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/26 13:17:21.0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/26 13:17:21.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/26 13:17:21.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/26 13:17:21.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/26 13:17:21.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/26 13:17:21.0546 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/26 13:17:21.0562 RTLE8023xp (ba7ced0f0799012b1f2bfda06d7506db) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/01/26 13:17:21.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/26 13:17:21.0609 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/26 13:17:21.0625 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/26 13:17:21.0671 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
    2011/01/26 13:17:21.0734 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
    2011/01/26 13:17:21.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/26 13:17:21.0796 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
    2011/01/26 13:17:22.0406 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/01/26 13:17:22.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/26 13:17:22.0796 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/26 13:17:22.0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/26 13:17:22.0859 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/01/26 13:17:22.0921 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/01/26 13:17:22.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/26 13:17:22.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/26 13:17:23.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/26 13:17:23.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/26 13:17:23.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/26 13:17:23.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/26 13:17:23.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/26 13:17:23.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/26 13:17:23.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/26 13:17:23.0281 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/01/26 13:17:23.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/26 13:17:23.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/26 13:17:23.0375 usbfilter (2fed4ba0fde5eb4b624f20b629f8f9e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
    2011/01/26 13:17:23.0406 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/26 13:17:23.0421 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/01/26 13:17:23.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/26 13:17:23.0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/26 13:17:23.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/26 13:17:23.0531 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/01/26 13:17:23.0546 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/26 13:17:23.0609 VIAHdAudAddService (f99a672fd483c62c0d6452e4ba3f4c99) C:\WINDOWS\system32\drivers\viahduaa.sys
    2011/01/26 13:17:23.0640 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/26 13:17:23.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/26 13:17:23.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/26 13:17:23.0875 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/26 13:17:23.0953 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/01/26 13:17:24.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/26 13:17:24.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/26 13:17:24.0281 ================================================================================
    2011/01/26 13:17:24.0281 Scan finished
    2011/01/26 13:17:24.0281 ================================================================================
  • Mooi zo, geen TDSS-rootkit!
    Je mag TDSSKiller naar de prullenbak verwijzen!


    [b:06827485bf]Welk programma[/b:06827485bf]: Malwarebytes MBAM
    [b:06827485bf]Waarvoor/waarom[/b:06827485bf]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:06827485bf]Moeilijkheidsgraad[/b:06827485bf]: geen.

    [b:06827485bf]Malwarebytes MBAM opstarten[/b:06827485bf]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:06827485bf]Belangrijk: MBAM altijd eerst updaten![/b:06827485bf]
    [list:06827485bf][*:06827485bf]Klik in het hoofdmenu van daarvoor op de tab 'Update' en vervolgens op de knop "Controleer op updates".[/list:u:06827485bf]
    [b:06827485bf]Scannen[/b:06827485bf]:
    [list:06827485bf][*:06827485bf] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:06827485bf]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:06827485bf]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:06827485bf]
    [b:06827485bf]Infecties gevonden[/b:06827485bf]:
    [list:06827485bf][*:06827485bf]Klik nu eerst op OK om de melding weg te klikken
    [*:06827485bf]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:06827485bf]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:06827485bf]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:06827485bf]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:06827485bf]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:06827485bf]
    [b:06827485bf]MBAM-Log[/b:06827485bf]:
    [list:06827485bf][*:06827485bf] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:06827485bf]
    [b:06827485bf]Post aansluitend de inhoud van het MBAM-log.[/b:06827485bf]
  • [b:57857d782f]Mijn mbam-logje:[/b:57857d782f]

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 5608

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26-1-2011 13:41:46
    mbam-log-2011-01-26 (13-41-46).txt

    Scantype: Snelle scan
    Objecten gescand: 139807
    Verstreken tijd: 3 minuut/minuten, 20 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)



    Ik kreeg tevens de melding: "geen infecties gevonden".

    Kan ik malwarebytes antimalware en combofix ook zo gebruiken of alleen bij infectie?
  • Hoi Remco - MBAM absoluut in jouw Windows erbij houden, want het tool is een perfecte aanvulling op welk antivirusprogramma dan ook.
    Één maal wekelijks MBAM na updaten een snelle scan laten doen!

    ComboFix daarentegen is een te specialistich tool, omdat zo maar te gaan gebruiken!

    Ondertussen ziet het er goed uit.

    ComboFix mag nu verwijderd worden:
    [list:e8afce11e0][*:e8afce11e0] ga daarvoor naar Start - Uitvoeren
    [*:e8afce11e0] kopieer en plak hierin het volgende: [b:e8afce11e0]Combofix /Uninstall[/b:e8afce11e0]
    [*:e8afce11e0] klik daarna op [b:e8afce11e0]OK[/b:e8afce11e0].
    [*:e8afce11e0] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:e8afce11e0]

    Voorbeeld:

    [img:e8afce11e0]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:e8afce11e0]


    Post aansluitend een aktueel Hijack This-log.
  • [b:84909d6672]en het laatste nieuwe hijackthis log:[/b:84909d6672]


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:55:54, on 26-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    F:\Security\Avira\AntiVir Desktop\sched.exe
    F:\Security\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Security\Avira\AntiVir Desktop\avshadow.exe
    F:\Security\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Remco Peters\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Remco Peters\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Remco Peters\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Remco Peters\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Remco Peters\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Security\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avgnt] "F:\Security\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Games\Pokerstars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Performer Optimum - http://img.livejasmin.com/performeroptimum/new/performer_optimum.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291748457338
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Security\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Security\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


    End of file - 5054 bytes
  • Hoi Remco, dat was weer snel van jou.

    Je log ziet er inmiddels heel mooi uit!


    Doe nog dit: een test om te kijken hoe goed je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:a053b79ffd]Security Check[/b:a053b79ffd].
    [list:a053b79ffd][*:a053b79ffd] Klik/dubbelklik op [b:a053b79ffd]SecurityCheck.exe[/b:a053b79ffd] en let op de instrukties in het zwarte vesnter.
    [*:a053b79ffd] Een Kladblok document genaamd [b:a053b79ffd]checkup.txt[/b:a053b79ffd] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:a053b79ffd] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:a053b79ffd]
    Post de inhoud van [b:a053b79ffd]checkup.txt [/b:a053b79ffd]in je volgende post.Doe nog dit:
  • [b:ee8ce453e9]securitycheck logje:[/b:ee8ce453e9]
    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 8
    [b:ee8ce453e9]``````````````````````````````
    [u:ee8ce453e9]Antivirus/Firewall Check:[/u:ee8ce453e9][/b:ee8ce453e9]
    Avira AntiVir Personal - Free Antivirus
    [b:ee8ce453e9]```````````````````````````````
    [u:ee8ce453e9]Anti-malware/Other Utilities Check:[/u:ee8ce453e9][/b:ee8ce453e9]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    [b:ee8ce453e9]Out of date Java installed![/b:ee8ce453e9][/color:ee8ce453e9]
    Adobe Flash Player
    Adobe Reader 9.4.1
    [b:ee8ce453e9]Out of date Adobe Reader installed![/b:ee8ce453e9][/color:ee8ce453e9]
    Mozilla Firefox (3.6.12) [b:ee8ce453e9]Firefox Out of Date![/b:ee8ce453e9][/color:ee8ce453e9]
    [b:ee8ce453e9]````````````````````````````````
    Process Check:
    [u:ee8ce453e9]objlist.exe by Laurent[/u:ee8ce453e9][/b:ee8ce453e9]
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    [b:ee8ce453e9]``````````End of Log````````````[/b:ee8ce453e9]

    Ik heb geen melding van DIG.EXE gekregen….
  • Hoi Remco,

    a) Java: download naar jouw bureau blad alvast de nieuwste runtime:

    http://javadl.sun.com/webapps/download/AutoDL?BundleId=45824

    Ga daarna eerst naar Start\Configuratiescherm\Software en verwijder daar

    Java(TM) 6 Update 22
    Heb je mogelijk nog meer oudere versies daar staan, verwijder die dan ook!

    Hierna start je jouw PC opnieuw op.

    Aansluitend installeer je de nieuwe versie!


    b) Adobe Reader: de nieuwste versie Adobe Reader X start op in virtuele omgeving - dat verhoogt de veiligheid vooral bij online pdf's!

    De oude versie eerst deïnstalleren, de nieuwste versie vindt je hier:

    http://get.adobe.com/nl
    eader/


    c) Klik in de menubalk van FireFox op Help en vervolgens op Zoeken naar updates!


    Laat je ook nog weten hoe het nu met jouw Windows gaat?
  • oké, dat heb ik allemaal gedaan.
    Alle problemen lijken nu opgelost. De fout- en virusmeldingen krijg ik niet meer. Ook is het probleempje dat ik met mijn toetsenbord had opgelost…. :)

    Hierbij nogmaals een logje van de security check:

    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 8
    [b:c52fa95d25]``````````````````````````````
    [u:c52fa95d25]Antivirus/Firewall Check:[/u:c52fa95d25][/b:c52fa95d25]
    Avira AntiVir Personal - Free Antivirus
    [b:c52fa95d25]```````````````````````````````
    [u:c52fa95d25]Anti-malware/Other Utilities Check:[/u:c52fa95d25][/b:c52fa95d25]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Adobe Flash Player
    Adobe Reader X - Nederlands
    Mozilla Firefox (3.6.13)
    [b:c52fa95d25]````````````````````````````````
    Process Check:
    [u:c52fa95d25]objlist.exe by Laurent[/u:c52fa95d25][/b:c52fa95d25]
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    [b:c52fa95d25]``````````End of Log````````````[/b:c52fa95d25]


    zijn er nog dingen die ik nu moet doen/installeren?
  • Welnu Remco, indien je geen problemen meer ondervindt of nog vragen hebt, dan is bijna alles gedaan.

    Want een ketting is zo sterk als zijn zwakste schakel en dat geldt dus ook voor Windows!

    Kijk een naar de [b:12bd8e2eb1]Secunia Personal Software Inspector (PSI) 2.0[/b:12bd8e2eb1] om alle programma's in WIndows op pijl te brengen!

    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=211381
  • oke, ik zal er thuis naar kijken.

    Wat is aan te bevelen naast avira antivir en mbam om als beveiliging op mijn pc te hebben?
  • Wat ik je als extra kan aanbevelen is een firewall van derden.

    En dan is [b:bf012bd7e8]ZoneAlarm Free[/b:bf012bd7e8] een heel goede!
    Werkt heel goed samen met Avira!

    Wel dien je dan de Windows firewall na installatie van ZoneAlarm uit te schakelen!


    Zone alarm gratis: http://www.zonealarm.com/security/en-us/trialpay-za-signup.htm

    Kies bij installatie voor Custom en vink dan de Security Toolbar uit!
  • zonealarm heb ik succesvol geïnstalleerd en de windows firewall uitgezet.

    Secunia heb ik ook geïnstalleerd, maar als ik hem opstart en op start scan druk doet hij niets. Er staat wel scan progress: step 0 of 8 maar verder verandert er niks….wel een kwartier/10 minuten lang nu al niet!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.