Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Taakbeheer start niet op

None
36 antwoorden
  • Via Ctrl-Alt-Delete kan ik Taakbeheer niet opstarten. Het start wel op als ik gewoon naar het bestande zelf blader.
    Hieronder een Hijackthis logfile. Kan een expert misschien eens een oordeel daarover vellen? Alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:02:02, on 15-4-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110312231806.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 8308 bytes



  • Hallo Rob, begin met het volgende:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:4fe0eb08e0]Fix checked[/b:4fe0eb08e0] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:4fe0eb08e0]Do a Scan only,

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s[/b:4fe0eb08e0]
    • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    • vervolgens klik je daarna op de knop [b:4fe0eb08e0]Fix checked[/b:4fe0eb08e0]
    • Klik hierna HijackThis op uit.


    Daarna begin je met onderstaande:

    [b:4fe0eb08e0]Welk programma[/b:4fe0eb08e0]: Malwarebytes MBAM
    [b:4fe0eb08e0]Waarvoor/waarom[/b:4fe0eb08e0]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:4fe0eb08e0]Moeilijkheidsgraad[/b:4fe0eb08e0]: geen.

    [b:4fe0eb08e0]Download Malwarebytes MBAM via één van deze locaties[/b:4fe0eb08e0]:
    [list:4fe0eb08e0] [*:4fe0eb08e0][b:4fe0eb08e0]Download.com[/b:4fe0eb08e0]
    [*:4fe0eb08e0][b:4fe0eb08e0]Softpedia.com[/b:4fe0eb08e0][*:4fe0eb08e0][b:4fe0eb08e0]Majorgeeks.com[/b:4fe0eb08e0][/list:u:4fe0eb08e0]
    [b:4fe0eb08e0]Allereerst[/b:4fe0eb08e0]:[list:4fe0eb08e0][*:4fe0eb08e0] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:4fe0eb08e0] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:4fe0eb08e0]
    [b:4fe0eb08e0]Malwarebytes MBAM opstarten[/b:4fe0eb08e0]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:4fe0eb08e0]Scannen[/b:4fe0eb08e0]:
    [list:4fe0eb08e0][*:4fe0eb08e0] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:4fe0eb08e0]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:4fe0eb08e0]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:4fe0eb08e0]
    [b:4fe0eb08e0]Infecties gevonden[/b:4fe0eb08e0]:
    [list:4fe0eb08e0][*:4fe0eb08e0]Klik nu eerst op OK om de melding weg te klikken
    [*:4fe0eb08e0]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:4fe0eb08e0]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:4fe0eb08e0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:4fe0eb08e0]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:4fe0eb08e0]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:4fe0eb08e0]
    [b:4fe0eb08e0]MBAM-Log[/b:4fe0eb08e0]:
    [list:4fe0eb08e0][*:4fe0eb08e0] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:4fe0eb08e0]
    [b:4fe0eb08e0]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:4fe0eb08e0]
    [list:4fe0eb08e0][*:4fe0eb08e0] een nieuw Hijackthis-log
    [*:4fe0eb08e0] MBAM scanlog[/list:u:4fe0eb08e0]
  • Hallo Abraham,

    bedankt voor je snelle reactie. Ik heb je suggesties uitgevoerd en hieronder de resultaten (MBAM vond trouwens geen bijzonderheden):


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:24:47, on 15-4-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110312231806.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 8252 bytes


    *************************************************************



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6368

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    15-4-2011 14:31:04
    mbam-log-2011-04-15 (14-31-04).txt

    Scantype: Snelle scan
    Objecten gescand: 161882
    Verstreken tijd: 49 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)



  • Hoi Rob, dan mag je nu het volgende doen:

    [b:12fccd01f0]Welk programma[/b:12fccd01f0]: Kaspersky [b:12fccd01f0]TDSSKiller[/b:12fccd01f0]
    [b:12fccd01f0]Waarvoor/waarom[/b:12fccd01f0]: Rootkitscanner
    [b:12fccd01f0]Moeilijkheidsgraad[/b:12fccd01f0]: geen
    [b:12fccd01f0]Downloadlokatie[/b:12fccd01f0]: Dit programma absoluut naar het bureaublad downloaden!
    [b:12fccd01f0]Download[/b:12fccd01f0] [b:12fccd01f0]TDSSKiller[/b:12fccd01f0] [b:12fccd01f0]hier[/b:12fccd01f0].

    [b:12fccd01f0]Installatie[/b:12fccd01f0]:
    [list:12fccd01f0][*:12fccd01f0] pak het bestand uit op je bureaublad.[/list:u:12fccd01f0]

    [b:12fccd01f0]TDSSKiller gebruiken[/b:12fccd01f0]:
    [list:12fccd01f0][*:12fccd01f0]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:12fccd01f0]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:12fccd01f0]Als Administrator uitvoeren[/b:12fccd01f0].
    [*:12fccd01f0] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:12fccd01f0] Post de inhoud van dat log[/list:u:12fccd01f0]
  • Hallo Abraham,

    hierbij de log:

    2011/04/15 15:52:57.0130 4696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/15 15:52:59.0140 4696 ================================================================================
    2011/04/15 15:52:59.0140 4696 SystemInfo:
    2011/04/15 15:52:59.0140 4696
    2011/04/15 15:52:59.0140 4696 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/15 15:52:59.0140 4696 Product type: Workstation
    2011/04/15 15:52:59.0140 4696 ComputerName: PC_MIJZELF
    2011/04/15 15:52:59.0175 4696 UserName: MIJZELF
    2011/04/15 15:52:59.0175 4696 Windows directory: C:\Windows
    2011/04/15 15:52:59.0175 4696 System windows directory: C:\Windows
    2011/04/15 15:52:59.0175 4696 Running under WOW64
    2011/04/15 15:52:59.0175 4696 Processor architecture: Intel x64
    2011/04/15 15:52:59.0175 4696 Number of processors: 4
    2011/04/15 15:52:59.0175 4696 Page size: 0x1000
    2011/04/15 15:52:59.0175 4696 Boot type: Normal boot
    2011/04/15 15:52:59.0175 4696 ================================================================================
    2011/04/15 15:52:59.0750 4696 Initialize success
    2011/04/15 15:53:01.0500 5156 ================================================================================
    2011/04/15 15:53:01.0500 5156 Scan started
    2011/04/15 15:53:01.0500 5156 Mode: Manual;
    2011/04/15 15:53:01.0500 5156 ================================================================================
    2011/04/15 15:53:02.0405 5156 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    2011/04/15 15:53:02.0455 5156 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/15 15:53:02.0475 5156 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    2011/04/15 15:53:02.0485 5156 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/15 15:53:02.0500 5156 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    2011/04/15 15:53:02.0595 5156 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
    2011/04/15 15:53:02.0660 5156 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    2011/04/15 15:53:02.0695 5156 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    2011/04/15 15:53:02.0710 5156 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    2011/04/15 15:53:02.0725 5156 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    2011/04/15 15:53:02.0740 5156 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    2011/04/15 15:53:02.0755 5156 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    2011/04/15 15:53:02.0770 5156 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    2011/04/15 15:53:02.0800 5156 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/15 15:53:02.0815 5156 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    2011/04/15 15:53:02.0850 5156 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    2011/04/15 15:53:02.0860 5156 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/15 15:53:02.0875 5156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/15 15:53:02.0890 5156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/15 15:53:02.0910 5156 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    2011/04/15 15:53:02.0920 5156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/15 15:53:02.0935 5156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/15 15:53:02.0955 5156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    2011/04/15 15:53:02.0985 5156 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/15 15:53:03.0025 5156 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/15 15:53:03.0080 5156 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/15 15:53:03.0120 5156 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
    2011/04/15 15:53:03.0130 5156 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    2011/04/15 15:53:03.0180 5156 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    2011/04/15 15:53:03.0200 5156 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    2011/04/15 15:53:03.0225 5156 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
    2011/04/15 15:53:03.0240 5156 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/15 15:53:03.0345 5156 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/15 15:53:03.0390 5156 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    2011/04/15 15:53:03.0520 5156 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/15 15:53:03.0575 5156 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/15 15:53:03.0600 5156 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/04/15 15:53:03.0640 5156 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    2011/04/15 15:53:03.0685 5156 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    2011/04/15 15:53:03.0705 5156 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    2011/04/15 15:53:03.0755 5156 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    2011/04/15 15:53:03.0785 5156 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    2011/04/15 15:53:03.0800 5156 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/15 15:53:03.0835 5156 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/15 15:53:03.0845 5156 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    2011/04/15 15:53:03.0865 5156 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/15 15:53:03.0890 5156 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/15 15:53:03.0940 5156 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/15 15:53:03.0975 5156 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/15 15:53:04.0030 5156 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/15 15:53:04.0075 5156 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/15 15:53:04.0110 5156 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    2011/04/15 15:53:04.0125 5156 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    2011/04/15 15:53:04.0165 5156 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/15 15:53:04.0185 5156 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/15 15:53:04.0225 5156 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    2011/04/15 15:53:04.0245 5156 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    2011/04/15 15:53:04.0275 5156 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/15 15:53:04.0290 5156 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    2011/04/15 15:53:04.0305 5156 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    2011/04/15 15:53:04.0330 5156 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    2011/04/15 15:53:04.0340 5156 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/15 15:53:04.0375 5156 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/15 15:53:04.0415 5156 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/15 15:53:04.0425 5156 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/15 15:53:04.0440 5156 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    2011/04/15 15:53:04.0470 5156 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    2011/04/15 15:53:04.0525 5156 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/15 15:53:04.0540 5156 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/15 15:53:04.0565 5156 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    2011/04/15 15:53:04.0580 5156 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/15 15:53:04.0615 5156 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/15 15:53:04.0660 5156 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/15 15:53:04.0690 5156 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    2011/04/15 15:53:04.0730 5156 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
    2011/04/15 15:53:04.0760 5156 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/15 15:53:04.0790 5156 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/15 15:53:04.0800 5156 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/15 15:53:04.0815 5156 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/15 15:53:04.0830 5156 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    2011/04/15 15:53:04.0905 5156 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    2011/04/15 15:53:04.0940 5156 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    2011/04/15 15:53:04.0990 5156 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
    2011/04/15 15:53:05.0020 5156 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
    2011/04/15 15:53:05.0065 5156 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
    2011/04/15 15:53:05.0095 5156 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
    2011/04/15 15:53:05.0120 5156 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/04/15 15:53:05.0145 5156 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
    2011/04/15 15:53:05.0185 5156 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
    2011/04/15 15:53:05.0225 5156 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
    2011/04/15 15:53:05.0240 5156 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    2011/04/15 15:53:05.0260 5156 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/15 15:53:05.0280 5156 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/15 15:53:05.0290 5156 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/15 15:53:05.0410 5156 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/15 15:53:05.0450 5156 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    2011/04/15 15:53:05.0475 5156 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/15 15:53:05.0495 5156 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/15 15:53:05.0530 5156 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/15 15:53:05.0585 5156 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/15 15:53:05.0610 5156 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/15 15:53:05.0645 5156 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/15 15:53:05.0660 5156 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    2011/04/15 15:53:05.0715 5156 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    2011/04/15 15:53:05.0765 5156 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    2011/04/15 15:53:05.0800 5156 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/15 15:53:05.0835 5156 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/15 15:53:05.0850 5156 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/15 15:53:05.0865 5156 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/15 15:53:06.0245 5156 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/15 15:53:06.0310 5156 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/15 15:53:06.0340 5156 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/15 15:53:06.0375 5156 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/04/15 15:53:06.0400 5156 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    2011/04/15 15:53:06.0480 5156 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/04/15 15:53:06.0580 5156 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers
    dis.sys
    2011/04/15 15:53:06.0605 5156 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/04/15 15:53:06.0655 5156 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/04/15 15:53:06.0755 5156 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/04/15 15:53:06.0770 5156 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/15 15:53:06.0820 5156 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/04/15 15:53:06.0895 5156 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/04/15 15:53:06.0945 5156 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers
    frd960.sys
    2011/04/15 15:53:06.0990 5156 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    2011/04/15 15:53:07.0020 5156 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers
    siproxy.sys
    2011/04/15 15:53:07.0100 5156 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/15 15:53:07.0120 5156 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    2011/04/15 15:53:07.0450 5156 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/04/15 15:53:07.0570 5156 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers
    vraid.sys
    2011/04/15 15:53:07.0670 5156 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers
    vstor.sys
    2011/04/15 15:53:07.0935 5156 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers
    v_agp.sys
    2011/04/15 15:53:08.0075 5156 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/15 15:53:08.0340 5156 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    2011/04/15 15:53:08.0355 5156 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    2011/04/15 15:53:08.0465 5156 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    2011/04/15 15:53:08.0520 5156 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
    2011/04/15 15:53:08.0565 5156 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    2011/04/15 15:53:08.0605 5156 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    2011/04/15 15:53:08.0735 5156 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/15 15:53:08.0750 5156 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    2011/04/15 15:53:08.0815 5156 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/15 15:53:08.0855 5156 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    2011/04/15 15:53:08.0875 5156 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/15 15:53:08.0895 5156 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/15 15:53:08.0925 5156 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/15 15:53:08.0965 5156 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/15 15:53:08.0995 5156 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/15 15:53:09.0030 5156 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/15 15:53:09.0085 5156 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/15 15:53:09.0100 5156 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/15 15:53:09.0130 5156 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/15 15:53:09.0150 5156 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/15 15:53:09.0195 5156 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/15 15:53:09.0275 5156 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
    2011/04/15 15:53:09.0320 5156 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/15 15:53:09.0375 5156 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/15 15:53:09.0415 5156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/04/15 15:53:09.0450 5156 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/15 15:53:09.0480 5156 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/15 15:53:09.0500 5156 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    2011/04/15 15:53:09.0525 5156 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/15 15:53:09.0540 5156 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/15 15:53:09.0555 5156 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/15 15:53:09.0570 5156 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/15 15:53:09.0590 5156 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/15 15:53:09.0605 5156 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/15 15:53:09.0650 5156 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/15 15:53:09.0720 5156 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    2011/04/15 15:53:09.0765 5156 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/15 15:53:09.0810 5156 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/15 15:53:09.0825 5156 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/15 15:53:09.0880 5156 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/15 15:53:09.0905 5156 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/15 15:53:09.0920 5156 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/15 15:53:09.0940 5156 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/15 15:53:10.0005 5156 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
    2011/04/15 15:53:10.0050 5156 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/15 15:53:10.0080 5156 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/15 15:53:10.0105 5156 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/15 15:53:10.0120 5156 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/15 15:53:10.0145 5156 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/15 15:53:10.0190 5156 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/15 15:53:10.0230 5156 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/15 15:53:10.0245 5156 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/15 15:53:10.0265 5156 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/15 15:53:10.0285 5156 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    2011/04/15 15:53:10.0345 5156 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/15 15:53:10.0385 5156 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/15 15:53:10.0400 5156 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    2011/04/15 15:53:10.0420 5156 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    2011/04/15 15:53:10.0440 5156 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/15 15:53:10.0450 5156 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/15 15:53:10.0505 5156 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/15 15:53:10.0530 5156 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    2011/04/15 15:53:10.0580 5156 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/15 15:53:10.0645 5156 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/15 15:53:10.0740 5156 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    2011/04/15 15:53:10.0825 5156 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/15 15:53:10.0855 5156 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/15 15:53:10.0895 5156 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/15 15:53:10.0915 5156 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/15 15:53:10.0940 5156 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/15 15:53:10.0950 5156 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    2011/04/15 15:53:10.0965 5156 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    2011/04/15 15:53:10.0985 5156 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    2011/04/15 15:53:11.0045 5156 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/15 15:53:11.0085 5156 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    2011/04/15 15:53:11.0110 5156 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/15 15:53:11.0135 5156 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    2011/04/15 15:53:11.0220 5156 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/15 15:53:11.0230 5156 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/15 15:53:11.0255 5156 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    2011/04/15 15:53:11.0295 5156 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/15 15:53:11.0380 5156 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/15 15:53:11.0415 5156 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/15 15:53:11.0470 5156 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/15 15:53:11.0550 5156 ================================================================================
    2011/04/15 15:53:11.0550 5156 Scan finished
    2011/04/15 15:53:11.0550 5156 ================================================================================
    2011/04/15 15:53:16.0485 4632 Deinitialize success












  • Mooi - geen rootkit van TDSS-familie aanwezig!

    Dus gaan we naar de volgende stap:

    [b:3d823a659e]Welk programma[/b:3d823a659e]: ComboFix
    [b:3d823a659e]Waarvoor/waarom[/b:3d823a659e]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:3d823a659e]Moeilijkheidsgraad[/b:3d823a659e]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:3d823a659e]Downloadlokatie[/b:3d823a659e]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3d823a659e]Download ComboFix via één van deze locaties[/b:3d823a659e]:
    [list:3d823a659e][*:3d823a659e][b:3d823a659e]Bleepingcomputer[/b:3d823a659e]
    [*:3d823a659e][b:3d823a659e]ForoSpyware[/b:3d823a659e]
    [*:3d823a659e][b:3d823a659e]Geekstogo[/b:3d823a659e][/list:u:3d823a659e]
    [b:3d823a659e]Hier[/b:3d823a659e] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:3d823a659e]Hier[/b:3d823a659e] en [b:3d823a659e]hier[/b:3d823a659e] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:3d823a659e]Voor alle duidelijkheid nogmaals[/b:3d823a659e]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:3d823a659e]Opmerkingen[/b:3d823a659e]:
    [list:3d823a659e][*:3d823a659e] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:3d823a659e]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:3d823a659e]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3d823a659e]
    [b:3d823a659e]ComboFix is opgestart[/b:3d823a659e]:
    [list:3d823a659e][*:3d823a659e]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:3d823a659e]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:3d823a659e]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:3d823a659e]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:3d823a659e]Post de inhoud van dit logbestand in je volgende bericht.
    [*:3d823a659e]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3d823a659e]
    [b:3d823a659e]Belangrijke opmerking[/b:3d823a659e]:
    [list:3d823a659e][*:3d823a659e][b:3d823a659e]
  • Bedankt Abraham,

    maar misschien denk ik wel te eenvoudig: ik heb taskmgr.exe vanuit de SysWOW64 map gekopieerd naar de System32 map en nu kan ik Taakbeheer gewoon opstarten.

    Denk je dat hiermee het probleem opgelost is of zou er meer achter zitten?

    Groeten
    Rob
  • Laat ComboFix absuluut scannen, want dat er verder nog niks is gevonden zegt nog niks!

    Want Taskmgr.exe zit standaard zowel in Syswow64 alsook in System32!
  • Hierbij de log van Combofix. Helaas heeft Combofix wel het bestand Steam.exe verwijderd en laat ik dat nu ongeveer het meest gebruiken. Ik hoop niet dat het middel nu erger is dan de kwaal???

    ComboFix 11-04-14.03 - Mijzelf 15-04-2011 20:27:18.1.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2899 [GMT 2:00]
    Gestart vanuit: c:\users\Mijzelf\Desktop\ComboFix.exe
    AV: McAfee Antivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Antivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Steam\Steam.exe
    L:\Autorun.inf
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-15 to 2011-04-15 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-15 18:35 . 2011-04-15 18:35 ——– d—–w- c:\users\Mijzelf\AppData\Local\temp
    2011-04-15 17:03 . 2008-01-21 02:50 163840 —-a-w- c:\windows\system32\taskmgr.exe
    2011-04-15 09:01 . 2011-04-15 09:01 388096 —-a-r- c:\users\Mijzelf\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-09 15:11 . 2011-04-09 15:11 ——– d—–w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-04-03 13:45 . 2011-04-15 15:23 ——– d—–w- c:\users\Mijzelf\AppData\Local\Microsoft Games
    2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\Malwarebytes
    2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\programdata\Malwarebytes
    2011-04-03 11:46 . 2010-12-20 16:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-03 11:46 . 2010-12-20 16:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-03 10:34 . 2011-04-03 10:34 ——– d—–w- C:\found.001
    2011-04-03 08:04 . 2011-04-03 08:04 ——– d—–w- C:\found.000
    2011-03-31 19:26 . 2011-03-31 19:26 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\Open Rails
    2011-03-31 18:41 . 2009-03-16 12:18 69448 —-a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2011-03-31 18:41 . 2009-03-16 12:18 517448 —-a-w- c:\windows\SysWow64\XAudio2_4.dll
    2011-03-31 18:41 . 2009-03-16 12:18 235352 —-a-w- c:\windows\SysWow64\xactengine3_4.dll
    2011-03-31 18:41 . 2009-03-16 12:18 22360 —-a-w- c:\windows\SysWow64\X3DAudio1_6.dll
    2011-03-31 18:41 . 2007-04-04 16:53 81768 —-a-w- c:\windows\SysWow64\xinput1_3.dll
    2011-03-31 18:41 . 2007-03-12 14:42 3495784 —-a-w- c:\windows\SysWow64\d3dx9_33.dll
    2011-03-31 18:41 . 2006-09-28 14:05 2414360 —-a-w- c:\windows\SysWow64\d3dx9_31.dll
    2011-03-31 18:41 . 2011-03-31 18:41 ——– d—–w- c:\program files (x86)\Microsoft XNA
    2011-03-28 16:11 . 2011-03-28 16:11 ——– d—–w- c:\users\Mijzelf\AppData\Local\VS Revo Group
    2011-03-28 16:11 . 2009-12-30 09:21 31800 —-a-w- c:\windows\system32\drivers\revoflt.sys
    2011-03-28 16:11 . 2011-03-28 16:11 ——– d—–w- c:\program files\VS Revo Group
    2011-03-26 13:15 . 2011-03-26 13:15 ——– d—–w- c:\users\Mijzelf\.jordan
    2011-03-26 13:11 . 2011-03-26 13:11 ——– d—–w- c:\windows\Sun
    2011-03-19 21:03 . 2011-03-19 21:03 ——– d—–w- c:\users\Mijzelf\AppData\Local\GHISLER
    2011-03-19 09:31 . 2011-03-19 09:31 ——– d—–w- c:\program files\Windows Portable Devices
    2011-03-19 09:31 . 2011-03-19 09:31 ——– d—–w- c:\program files (x86)\Windows Portable Devices
    2011-03-19 09:09 . 2009-10-01 01:02 30208 —-a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
    2011-03-19 09:08 . 2009-10-08 21:07 4096 —-a-w- c:\windows\SysWow64\oleaccrc.dll
    2011-03-19 09:08 . 2009-10-08 21:08 736256 —-a-w- c:\windows\system32\UIAutomationCore.dll
    2011-03-19 09:08 . 2009-10-08 21:08 555520 —-a-w- c:\windows\SysWow64\UIAutomationCore.dll
    2011-03-19 09:08 . 2009-10-08 21:08 234496 —-a-w- c:\windows\SysWow64\oleacc.dll
    2011-03-19 09:08 . 2009-10-08 21:07 315904 —-a-w- c:\windows\system32\oleacc.dll
    2011-03-19 09:08 . 2009-10-08 21:07 4096 —-a-w- c:\windows\system32\oleaccrc.dll
    2011-03-19 09:06 . 2009-09-10 02:00 92672 —-a-w- c:\windows\SysWow64\UIAnimation.dll
    2011-03-19 09:06 . 2009-09-10 02:05 103424 —-a-w- c:\windows\system32\UIAnimation.dll
    2011-03-19 09:06 . 2009-09-10 02:07 3815424 —-a-w- c:\windows\system32\UIRibbon.dll
    2011-03-19 09:06 . 2009-09-10 02:06 1164800 —-a-w- c:\windows\system32\UIRibbonRes.dll
    2011-03-19 09:06 . 2009-09-10 02:01 3023360 —-a-w- c:\windows\SysWow64\UIRibbon.dll
    2011-03-19 09:06 . 2009-09-10 02:00 1164800 —-a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2011-03-19 09:04 . 2010-05-04 19:40 316928 —-a-w- c:\windows\system32\msshsq.dll
    2011-03-19 09:04 . 2010-05-04 19:13 231424 —-a-w- c:\windows\SysWow64\msshsq.dll
    2011-03-17 19:43 . 2011-03-19 11:16 ——– d–h–w- c:\program files (x86)\InstallShield Installation Information
    2011-03-17 19:42 . 2011-03-17 19:42 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\InstallShield
    2011-03-17 19:41 . 2011-03-17 19:41 ——– d—–w- c:\programdata\Trymedia
    2011-03-17 18:57 . 2011-04-10 08:59 ——– d—–w- c:\program files (x86)\RW_Tools
    2011-03-17 13:52 . 2011-03-17 13:52 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
    2011-03-17 13:45 . 2011-03-17 13:45 ——– d—–w- C:\NVIDIA
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-11 19:41 . 2011-03-11 19:41 499712 —-a-w- c:\windows\SysWow64\msvcp71.dll
    2011-03-11 19:41 . 2011-03-11 19:41 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
    2011-03-11 19:37 . 2011-03-11 19:37 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-23 08:34 . 2011-03-09 19:08 7947600 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7B3F472-77BF-49B9-88A1-8FC3A96D8F71}\mpengine.dll
    2011-02-02 16:11 . 2011-03-09 19:08 270720 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-11 273544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-01-07 378984]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - mfeavfk01
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mijzelf\AppData\Roaming\Mozilla\Firefox\Profiles\1cz0hd18.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Steam App 24010 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Voltooingstijd: 2011-04-15 20:38:25
    ComboFix-quarantined-files.txt 2011-04-15 18:38
    .
    Pre-Run: 149.592.285.184 bytes beschikbaar
    Post-Run: 149.680.062.464 bytes beschikbaar
    .
    - - End Of File - - 6078D208FE7B2495670BB34F6CCC2AFC
  • Hoi Rob, ComboFix zal echt niet zo maar Steam zonder reden verwijderen!

    En verder zijn er geïnfecteerde USB-sticks met jouw PC verbonden geweest!


    En Steam kan je gewoon opnieuw installeren nietwaar?

    Hoe lang zit jij nog aan McAfee vast?
  • Hoi Abraham,

    Die geïnfecteerde USB sticks: kunnen dat ook externe HD's geweest zijn? Kan me niet herinneren dat ik ooit een USB stick aangesloten heb gehad.

    Ik zit volgens mij tot oktober aan Mcafee vast.

    Intussen heb ik wel Steam weer geïnstalleerd; anders kan ik nl. geen treintje meer rijden. :D

    Hoe kun je dat trouwens zien van die geïnfecteerde USB stick?

    Groeten
    Rob
  • Zo te zien is het inderdaad een externe HD:

    [b:bdb42e9749]L:\Autorun.inf [/b:bdb42e9749]

    Dat autorun.inf-script zorgt ervoor, dat malware op een extern opslag medium, HD of USB-stick, automatisch in Windows wordt ge-ïnstalleerd!

    Overigens, ik las laatst iets over een open-source trein-simulator!
    Dus freeware.
  • Nu je het zegt: L:\Autorun.inf zag ik ook verwijderd worden. Op dit moment heb ik een externe hd aangekoppeld staan.

    Die open source treinsim: is dat toevallig Open Rails? Daar zit (hoop ik) de toekomst in. Die is inderdaad gratis en kan overweg met de treinsimulator die ooit door Microsoft is uitgebracht.

    Maar om op het onderwerp terug te komen: nu weten we eigenlijk nog niet wat de boosdoener was aangezien ik handmatig taskmgr heb gekopieerd naar de System32 map.

    Zou ik dan van alle externe schijven het autorun bestand moeten verwijderen?
  • Hoeveel externe HD's heb jij dan?

    En ja - doe dat!

    En dan dit, laten we nog het volgende gaan doen:

    [b:b49d81fe20]Doe de ESET online scan (Klik).[/b:b49d81fe20]
    [list:b49d81fe20]
    [*:b49d81fe20]Klik op de knop [b:b49d81fe20]ESET Online Scanner[/b:b49d81fe20]
    [*:b49d81fe20]Zet een vinkje bij [b:b49d81fe20]YES, I accept the Terms of Use[/b:b49d81fe20]
    [*:b49d81fe20]Klik op [b:b49d81fe20]Start[/b:b49d81fe20]
    [*:b49d81fe20]Sta het ActiveX control toe om te installeren.
    [*:b49d81fe20]Klik op [b:b49d81fe20]"Advanced settings"[/b:b49d81fe20]
    [*:b49d81fe20]Zet een vinkje bij de volgende opties:
    [list:b49d81fe20][*:b49d81fe20][b:b49d81fe20]Remove found threats[/b:b49d81fe20]
    [*:b49d81fe20][b:b49d81fe20]Scan archives[/b:b49d81fe20]
    [*:b49d81fe20][b:b49d81fe20]Scan for potentially unwanted applications[/b:b49d81fe20]
    [*:b49d81fe20][b:b49d81fe20]Scan for potentially unsafe applications[/b:b49d81fe20]
    [*:b49d81fe20][b:b49d81fe20]Enable Anti-Stealth technology [/b:b49d81fe20][/list:u:b49d81fe20]
    [*:b49d81fe20]Klik op [b:b49d81fe20]Start[/b:b49d81fe20]
    [*:b49d81fe20]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:b49d81fe20]Je mag het venster sluiten wanneer de scan klaar is.
    [*:b49d81fe20]Gebruik [b:b49d81fe20]Kladblok[/b:b49d81fe20] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:b49d81fe20]log.txt[/b:b49d81fe20]
    [*:b49d81fe20]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:b49d81fe20]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • [quote:b46b9c3eac="Abraham54"]Hoeveel externe HD's heb jij dan?

    [/quote:b46b9c3eac]

    4 stuks.

    De log van de ESET online scan volgt straks. Heeft al wel wat gevonden, trouwens: a variant of Win32/Adware.ADON application.
  • De log van ESET:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=1686fbc4e9ff1c4796cf01072a125fee
    # end=stopped
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-15 10:09:35
    # local_time=2011-04-16 12:09:35 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=5121 16777213 100 75 3199400 16416397 0 0
    # compatibility_mode=5892 16776574 100 56 3202383 140420371 0 0
    # compatibility_mode=8192 67108863 100 0 91 91 0 0
    # scanned=423117
    # found=1
    # cleaned=1
    # scan_time=8909
    C:\Downloads\Klaar\fc_setup_.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
  • Hoi Rob, ik denk dat jouw Windows zo langzamerhand op orde is.

    Want hoe draait Windows nu en heb je er nog problemen mee?
  • Morgen Abraham,

    ik kan Taakbeheer weer opstarten, maar dat kon dus al nadat ik het naar de System32 map had gekopieerd. Voor de rest had ik geen problemen met Windows.
    We weten dus nu eigenlijk nog de oorzaak niet, denk ik. Het was misschien beter geweest als ik taskmgr niet handmatig had gekopieerd.
  • Ben jij de enigste gebruiker van je PC?
  • [quote:a067c23c8f="Abraham54"]Ben jij de enigste gebruiker van je PC?[/quote:a067c23c8f]

    Jawel.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.