Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

ING Scanner blijft melding geven

Abraham54
13 antwoorden
  • Een laatste probleem krijg ik niet uit mijn computer. Combo-Fix, TDDS Killer etc. hebben niet geholpen. Ook de ESET online scneer vindt niets meer.

    Toch blijf ik de volgende melding (ING-cleaner) krijgen en deze blijft terugkeren: http://flic.kr/p/biHJsr
  • Hallo Roeske, het gebruik van TDSSKiller, ComboFix en consorten op eigen houtje is volkomen af te raden, want daarvoor zijn die tools te gevaarlijk.

    Wil je nu eerst het laatste log van ComboFix posten?
    Dat vindt je terug in C:\Combofix
  • Hallo Abraham54,

    Je hebt me enkele weken geleden ook geadviseerd. Die handleiding van jou heb ik nu weer precies gebruikt. Ik zal vanavond het Combo-Fix rapport plaatsen.

    Gr. Rob
  • ComboFix 12-01-26.03 - Karin en Rob 27-01-2012 5:55.5.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1429 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Karin en Rob\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-27 to 2012-01-27 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-07 19:52 . 2012-01-07 19:52 ——– d—–w- c:\documents and settings\Gast\Application Data\Apple Computer
    2012-01-03 13:10 . 2012-01-03 13:10 182672 —-a-w- c:\program files\Mozilla Firefox\plugins
    ppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 —-a-w- c:\program files\Internet Explorer\Plugins
    ppdf32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-18 09:29 . 2011-05-31 17:32 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-11 18:36 . 2011-03-09 19:23 66872 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-12-07 20:18 . 2011-12-07 20:18 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
    2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:13 . 2008-04-15 12:00 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:25 . 2008-04-15 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2011-11-03 15:29 . 2008-04-15 12:00 386560 —-a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:29 . 2008-04-15 12:00 1296384 —-a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2008-04-15 12:00 1288192 —-a-w- c:\windows\system32\ole32.dll
    2011-10-31 20:15 . 2011-03-09 19:23 22328 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-10-31 20:15 . 2011-03-09 19:23 22328 —-a-w- c:\documents and settings\Karin en Rob\Application Data\PnkBstrK.sys
    2011-10-31 20:15 . 2011-03-09 19:23 103736 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-12-12 17:19 . 2011-12-07 22:21 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-25_18.06.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-15 12:00 . 2011-11-16 14:22 354816 c:\windows\system32\dllcache\winhttp.dll
    - 2008-04-15 12:00 . 2009-08-25 09:20 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-04-15 12:00 . 2011-11-16 14:22 152064 c:\windows\system32\dllcache\schannel.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-01-17 10:24 155416 —-a-w- c:\windows\system32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 08:20 57344 —-a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-02-03 09:32 18085888 —-a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ReflectService"=2 (0x2)
    "PnkBstrB"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Call of Duty\\CoDMP.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Documents and Settings\\Karin en Rob\\Application Data\\Wuala\\Roaming\\Wuala.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 32592]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20-5-2008 8:32 15328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 297168]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [11-9-2011 12:37 275088]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 4:33 269520]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-8-2010 21:42 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-8-2010 21:42 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-8-2010 21:42 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-8-2011 0:33 7390560]
    S3 76pa8.sys;76pa8.sys;\??\c:\windows\system32\drivers\76pa8.sys –> c:\windows\system32\drivers\76pa8.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-12-2009 16:29 1684736]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys –> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium Reflect\ReflectService.exe [12-11-2009 13:50 220128]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fwww.bergredding.nl%2F%3Fp%3D1517&subject=
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    FF - ProfilePath - c:\documents and settings\Karin en Rob\Application Data\Mozilla\Firefox\Profiles\p3r36217.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-60918537.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-27 05:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2948)
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2012-01-27 05:58:27
    ComboFix-quarantined-files.txt 2012-01-27 04:58
    ComboFix2.txt 2012-01-25 18:19
    .
    Pre-Run: 67.823.808.512 bytes beschikbaar
    Post-Run: 67.823.005.696 bytes beschikbaar
    .
    - - End Of File - - 887AB43304082DC08F418FF7208F8F47
  • Hallo Rob, dan gaan we beginnen.

    [b:4e27cf178a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:4e27cf178a]
    [list:4e27cf178a][*:4e27cf178a]Lees telkens elke instruktie eerst goed door.
    [*:4e27cf178a]De gegeven instrukties gelden alleen jouw Windows.
    [*:4e27cf178a]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
    [*:4e27cf178a]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
    [*:4e27cf178a]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef,
    [*:4e27cf178a] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
    [*:4e27cf178a]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:4e27cf178a]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:4e27cf178a]Ook indien je iets niet begrijpt, meldt dat dan.
    [*:4e27cf178a]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:4e27cf178a][/color:4e27cf178a]

    [b:4e27cf178a]Stap •1•[/b:4e27cf178a][/color:4e27cf178a]
    Verwijder nu eerst de oude ComboFix naar de prullenbak en leeg deze.

    [b:4e27cf178a]Stap •2•[/b:4e27cf178a][/color:4e27cf178a]
    [b:4e27cf178a]Welk programma[/b:4e27cf178a]: [b:4e27cf178a]TDSSStarter .exe[/b:4e27cf178a]
    [b:4e27cf178a]Waarvoor/waarom[/b:4e27cf178a]: Rootkitscanner
    [b:4e27cf178a]Moeilijkheidsgraad[/b:4e27cf178a]: geen
    Download [b:4e27cf178a]TDSSStarter [/b:4e27cf178a] naar het bureaublad.

    [b:4e27cf178a]"TDSSSStarter.exe" gebruiken[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a] [b:4e27cf178a]Sluit nu eerst alle nog openstaande programmavensters![/color:4e27cf178a][/b:4e27cf178a]
    [list:4e27cf178a][*:4e27cf178a][b:4e27cf178a]Windows 2000[/color:4e27cf178a][/b:4e27cf178a] en [b:4e27cf178a]Windows XP[/b:4e27cf178a][/color:4e27cf178a]: start het tool middels dubbelklik op "[i:4e27cf178a] TDSSStarter .exe[/i:4e27cf178a]".
    [*:4e27cf178a][b:4e27cf178a]Windows Vista[/b:4e27cf178a][/color:4e27cf178a] en [b:4e27cf178a]Windows 7[/b:4e27cf178a][/color:4e27cf178a]: start het tool middels rechtsklik op "[i:4e27cf178a]TDSSStarter.exe[/i:4e27cf178a]" en dan kiezen voor [i:4e27cf178a][b:4e27cf178a]Als Administrator uitvoeren[/b:4e27cf178a][/i:4e27cf178a].[/list:u:4e27cf178a]

    [*:4e27cf178a]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:4e27cf178a]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:4e27cf178a]


    [b:4e27cf178a]Stap •3•[/b:4e27cf178a][/color:4e27cf178a]
    [b:4e27cf178a]Welk programma[/b:4e27cf178a]: ComboFix
    [b:4e27cf178a]Waarvoor/waarom[/b:4e27cf178a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:4e27cf178a]Moeilijkheidsgraad[/b:4e27cf178a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:4e27cf178a]Downloadlokatie[/b:4e27cf178a]: Dit programma absoluut naar het bureaublad downloaden!
    [b:4e27cf178a]Download ComboFix via één van deze locaties[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a][b:4e27cf178a]Bleepingcomputer[/b:4e27cf178a]
    [*:4e27cf178a][b:4e27cf178a]ForoSpyware[/b:4e27cf178a]
    [*:4e27cf178a][b:4e27cf178a]Geekstogo[/b:4e27cf178a][/list:u:4e27cf178a]
    [b:4e27cf178a]Hier[/b:4e27cf178a] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:4e27cf178a]Hier[/b:4e27cf178a] en [b:4e27cf178a]hier[/b:4e27cf178a] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:4e27cf178a]Voor alle duidelijkheid nogmaals[/b:4e27cf178a]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:4e27cf178a]Opmerkingen[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:4e27cf178a]
    [b:4e27cf178a]ComboFix opstarten[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a] [b:4e27cf178a]Sluit nu eerst alle nog openstaande programmavensters![/color:4e27cf178a][/b:4e27cf178a]
    [list:4e27cf178a][*:4e27cf178a][b:4e27cf178a]Windows 2000[/color:4e27cf178a][/b:4e27cf178a] en [b:4e27cf178a]Windows XP[/b:4e27cf178a][/color:4e27cf178a]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
    [*:4e27cf178a][b:4e27cf178a]Windows Vista[/b:4e27cf178a][/color:4e27cf178a] en [b:4e27cf178a]Windows 7[/b:4e27cf178a][/color:4e27cf178a]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:4e27cf178a][b:4e27cf178a]Als Administrator uitvoeren[/b:4e27cf178a][/i:4e27cf178a].[/list:u:4e27cf178a][/list:u:4e27cf178a]
    [b:4e27cf178a]ComboFix is opgestart[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:4e27cf178a]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
    [*:4e27cf178a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:4e27cf178a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:4e27cf178a]Post de inhoud van dit logbestand in je volgende bericht.
    [*:4e27cf178a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4e27cf178a]
    [b:4e27cf178a]Belangrijke opmerking[/b:4e27cf178a]:
    [list:4e27cf178a][*:4e27cf178a][b:4e27cf178a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:4e27cf178a][/b:4e27cf178a]
    [*:4e27cf178a][b:4e27cf178a]Illegal operation attempted on a registery key that has been marked for deletion.[/color:4e27cf178a][/b:4e27cf178a]
    [*:4e27cf178a][b:4e27cf178a]Start dan de computer opnieuw op.[/color:4e27cf178a][/b:4e27cf178a][/list:u:4e27cf178a]

    [b:4e27cf178a]Stap •4•[/b:4e27cf178a][/color:4e27cf178a]
    [b:4e27cf178a]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:4e27cf178a]
    [list:4e27cf178a][*:4e27cf178a] TDSSKStarter-log
    [*:4e27cf178a] ComboFix.txt-log
    [/list:u:4e27cf178a]
  • Hallo Abraham54,

    Alle stappen doorlopen. Computer reageert op alle stappen goed. Hier komen de twee logfiles:

    17:09:45.0609 1844 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    17:09:45.0625 1844 ============================================================
    17:09:45.0625 1844 Current date / time: 2012/01/27 17:09:45.0625
    17:09:45.0625 1844 SystemInfo:
    17:09:45.0625 1844
    17:09:45.0625 1844 OS Version: 5.1.2600 ServicePack: 3.0
    17:09:45.0625 1844 Product type: Workstation
    17:09:45.0625 1844 ComputerName: ROESKE-ZOLDER
    17:09:45.0625 1844 UserName: Karin en Rob
    17:09:45.0625 1844 Windows directory: C:\WINDOWS
    17:09:45.0625 1844 System windows directory: C:\WINDOWS
    17:09:45.0625 1844 Processor architecture: Intel x86
    17:09:45.0625 1844 Number of processors: 2
    17:09:45.0625 1844 Page size: 0x1000
    17:09:45.0625 1844 Boot type: Normal boot
    17:09:45.0625 1844 ============================================================
    17:09:46.0875 1844 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:09:46.0875 1844 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:09:47.0000 1844 Initialize success
    17:09:47.0015 3260 ============================================================
    17:09:47.0015 3260 Scan started
    17:09:47.0015 3260 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    17:09:47.0015 3260 ============================================================
    17:09:47.0750 3260 76pa8.sys - ok
    17:09:47.0765 3260 Abiosdsk - ok
    17:09:47.0765 3260 abp480n5 - ok
    17:09:47.0796 3260 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:09:48.0203 3260 ACPI - ok
    17:09:48.0265 3260 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:09:48.0328 3260 ACPIEC - ok
    17:09:48.0343 3260 adpu160m - ok
    17:09:48.0375 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:09:48.0421 3260 aec - ok
    17:09:48.0453 3260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    17:09:48.0484 3260 AFD - ok
    17:09:48.0484 3260 Aha154x - ok
    17:09:48.0484 3260 aic78u2 - ok
    17:09:48.0484 3260 aic78xx - ok
    17:09:48.0500 3260 AliIde - ok
    17:09:48.0531 3260 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    17:09:48.0593 3260 Ambfilt - ok
    17:09:48.0593 3260 amsint - ok
    17:09:48.0593 3260 asc - ok
    17:09:48.0593 3260 asc3350p - ok
    17:09:48.0609 3260 asc3550 - ok
    17:09:48.0625 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:09:48.0687 3260 AsyncMac - ok
    17:09:48.0718 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:09:48.0781 3260 atapi - ok
    17:09:48.0781 3260 Atdisk - ok
    17:09:48.0859 3260 ati2mtag (554e45746a2ff688af87282c4d742255) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    17:09:48.0953 3260 ati2mtag - ok
    17:09:48.0968 3260 AtiHdmiService (590724416c5a6aa6fbc1f8ee75131afc) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    17:09:48.0984 3260 AtiHdmiService - ok
    17:09:49.0031 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:09:49.0093 3260 Atmarpc - ok
    17:09:49.0109 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:09:49.0187 3260 audstub - ok
    17:09:49.0218 3260 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    17:09:49.0218 3260 AVGIDSDriver - ok
    17:09:49.0250 3260 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    17:09:49.0250 3260 AVGIDSEH - ok
    17:09:49.0265 3260 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    17:09:49.0281 3260 AVGIDSFilter - ok
    17:09:49.0296 3260 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    17:09:49.0296 3260 AVGIDSShim - ok
    17:09:49.0312 3260 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    17:09:49.0312 3260 Avgldx86 - ok
    17:09:49.0328 3260 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    17:09:49.0328 3260 Avgmfx86 - ok
    17:09:49.0343 3260 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    17:09:49.0343 3260 Avgrkx86 - ok
    17:09:49.0375 3260 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    17:09:49.0375 3260 Avgtdix - ok
    17:09:49.0406 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:09:49.0468 3260 Beep - ok
    17:09:49.0531 3260 catchme - ok
    17:09:49.0578 3260 cbfs3 (84f1875e0969d2678823ebdba0580b2a) C:\WINDOWS\system32\drivers\cbfs3.sys
    17:09:49.0593 3260 cbfs3 - ok
    17:09:49.0609 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:09:49.0671 3260 cbidf2k - ok
    17:09:49.0687 3260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:09:49.0765 3260 CCDECODE - ok
    17:09:49.0765 3260 cd20xrnt - ok
    17:09:49.0796 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:09:49.0859 3260 Cdaudio - ok
    17:09:49.0890 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:09:49.0953 3260 Cdfs - ok
    17:09:49.0984 3260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:09:50.0031 3260 Cdrom - ok
    17:09:50.0031 3260 Changer - ok
    17:09:50.0046 3260 CmdIde - ok
    17:09:50.0046 3260 Cpqarray - ok
    17:09:50.0046 3260 dac2w2k - ok
    17:09:50.0046 3260 dac960nt - ok
    17:09:50.0078 3260 DCamUSBEMPIA (45a46a0af042f8bfe86a8d3b3b289a31) C:\WINDOWS\system32\DRIVERS\emDevice.sys
    17:09:50.0093 3260 DCamUSBEMPIA - ok
    17:09:50.0125 3260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:09:50.0187 3260 Disk - ok
    17:09:50.0218 3260 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    17:09:50.0281 3260 dmboot - ok
    17:09:50.0296 3260 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    17:09:50.0343 3260 dmio - ok
    17:09:50.0359 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:09:50.0421 3260 dmload - ok
    17:09:50.0453 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:09:50.0500 3260 DMusic - ok
    17:09:50.0515 3260 dpti2o - ok
    17:09:50.0515 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:09:50.0578 3260 drmkaud - ok
    17:09:50.0593 3260 emAudio (0613c7cf05dfe81ac70f4a925823c28e) C:\WINDOWS\system32\drivers\emAudio.sys
    17:09:50.0593 3260 emAudio - ok
    17:09:50.0625 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:09:50.0687 3260 Fastfat - ok
    17:09:50.0703 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    17:09:50.0750 3260 Fdc - ok
    17:09:50.0781 3260 FiltUSBEMPIA (32093e294ef997d7920473f029515948) C:\WINDOWS\system32\DRIVERS\emFilter.sys
    17:09:50.0781 3260 FiltUSBEMPIA - ok
    17:09:50.0796 3260 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    17:09:50.0859 3260 Fips - ok
    17:09:50.0859 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    17:09:50.0921 3260 Flpydisk - ok
    17:09:50.0953 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    17:09:51.0015 3260 FltMgr - ok
    17:09:51.0015 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:09:51.0078 3260 Fs_Rec - ok
    17:09:51.0078 3260 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:09:51.0140 3260 Ftdisk - ok
    17:09:51.0156 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:09:51.0203 3260 Gpc - ok
    17:09:51.0234 3260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    17:09:51.0296 3260 HDAudBus - ok
    17:09:51.0328 3260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:09:51.0390 3260 hidusb - ok
    17:09:51.0390 3260 hpn - ok
    17:09:51.0421 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:09:51.0468 3260 HTTP - ok
    17:09:51.0468 3260 i2omgmt - ok
    17:09:51.0468 3260 i2omp - ok
    17:09:51.0484 3260 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:09:51.0531 3260 i8042prt - ok
    17:09:51.0578 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:09:51.0625 3260 Imapi - ok
    17:09:51.0640 3260 ini910u - ok
    17:09:51.0734 3260 IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    17:09:51.0828 3260 IntcAzAudAddService - ok
    17:09:51.0828 3260 IntelIde - ok
    17:09:51.0875 3260 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:09:51.0921 3260 intelppm - ok
    17:09:51.0937 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    17:09:52.0000 3260 Ip6Fw - ok
    17:09:52.0000 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:09:52.0062 3260 IpFilterDriver - ok
    17:09:52.0078 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:09:52.0125 3260 IpInIp - ok
    17:09:52.0140 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:09:52.0187 3260 IpNat - ok
    17:09:52.0218 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:09:52.0265 3260 IPSec - ok
    17:09:52.0281 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:09:52.0312 3260 IRENUM - ok
    17:09:52.0328 3260 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:09:52.0390 3260 isapnp - ok
    17:09:52.0390 3260 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:09:52.0453 3260 Kbdclass - ok
    17:09:52.0468 3260 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:09:53.0015 3260 kbdhid - ok
    17:09:53.0046 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:09:53.0109 3260 kmixer - ok
    17:09:53.0140 3260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:09:53.0171 3260 KSecDD - ok
    17:09:53.0187 3260 Lavasoft Kernexplorer - ok
    17:09:53.0203 3260 lbrtfdc - ok
    17:09:53.0218 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:09:53.0281 3260 mnmdd - ok
    17:09:53.0312 3260 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    17:09:53.0375 3260 Modem - ok
    17:09:53.0421 3260 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    17:09:53.0453 3260 Monfilt - ok
    17:09:53.0484 3260 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:09:53.0546 3260 Mouclass - ok
    17:09:53.0578 3260 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:09:53.0640 3260 mouhid - ok
    17:09:53.0640 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:09:53.0703 3260 MountMgr - ok
    17:09:53.0703 3260 mraid35x - ok
    17:09:53.0718 3260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:09:53.0765 3260 MRxDAV - ok
    17:09:53.0796 3260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:09:53.0843 3260 MRxSmb - ok
    17:09:53.0843 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:09:53.0906 3260 Msfs - ok
    17:09:53.0937 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:09:54.0000 3260 MSKSSRV - ok
    17:09:54.0015 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:09:54.0062 3260 MSPCLOCK - ok
    17:09:54.0078 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:09:54.0125 3260 MSPQM - ok
    17:09:54.0140 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:09:54.0203 3260 mssmbios - ok
    17:09:54.0218 3260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    17:09:54.0281 3260 MSTEE - ok
    17:09:54.0312 3260 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    17:09:54.0343 3260 MTsensor - ok
    17:09:54.0359 3260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:09:54.0375 3260 Mup - ok
    17:09:54.0406 3260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:09:54.0468 3260 NABTSFEC - ok
    17:09:54.0500 3260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:09:54.0578 3260 NDIS - ok
    17:09:54.0578 3260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:09:54.0625 3260 NdisIP - ok
    17:09:54.0656 3260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    17:09:54.0656 3260 NdisTapi - ok
    17:09:54.0687 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    17:09:54.0750 3260 Ndisuio - ok
    17:09:54.0750 3260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    17:09:54.0812 3260 NdisWan - ok
    17:09:54.0828 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:09:54.0843 3260 NDProxy - ok
    17:09:54.0859 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    17:09:54.0921 3260 NetBIOS - ok
    17:09:54.0937 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    17:09:54.0984 3260 NetBT - ok
    17:09:55.0000 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:09:55.0062 3260 Npfs - ok
    17:09:55.0078 3260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:09:55.0140 3260 Ntfs - ok
    17:09:55.0156 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:09:55.0218 3260 Null - ok
    17:09:55.0234 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    17:09:55.0312 3260 NwlnkFlt - ok
    17:09:55.0343 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    17:09:55.0406 3260 NwlnkFwd - ok
    17:09:55.0421 3260 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:09:55.0468 3260 Parport - ok
    17:09:55.0484 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:09:55.0546 3260 PartMgr - ok
    17:09:55.0578 3260 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:09:55.0625 3260 ParVdm - ok
    17:09:55.0640 3260 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:09:55.0703 3260 PCI - ok
    17:09:55.0703 3260 PCIDump - ok
    17:09:55.0703 3260 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:09:55.0765 3260 PCIIde - ok
    17:09:55.0781 3260 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:09:55.0843 3260 Pcmcia - ok
    17:09:55.0843 3260 PDCOMP - ok
    17:09:55.0843 3260 PDFRAME - ok
    17:09:55.0843 3260 PDRELI - ok
    17:09:55.0859 3260 PDRFRAME - ok
    17:09:55.0859 3260 perc2 - ok
    17:09:55.0859 3260 perc2hib - ok
    17:09:55.0875 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:09:55.0921 3260 PptpMiniport - ok
    17:09:55.0937 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:09:55.0984 3260 PSched - ok
    17:09:56.0000 3260 pssnap (599dac0114eaf8edaf88b44d0c6183f6) C:\WINDOWS\system32\DRIVERS\pssnap.sys
    17:09:56.0015 3260 pssnap - ok
    17:09:56.0015 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:09:56.0078 3260 Ptilink - ok
    17:09:56.0078 3260 ql1080 - ok
    17:09:56.0078 3260 Ql10wnt - ok
    17:09:56.0078 3260 ql12160 - ok
    17:09:56.0093 3260 ql1240 - ok
    17:09:56.0093 3260 ql1280 - ok
    17:09:56.0109 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:09:56.0156 3260 RasAcd - ok
    17:09:56.0187 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:09:56.0234 3260 Rasl2tp - ok
    17:09:56.0234 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:09:56.0296 3260 RasPppoe - ok
    17:09:56.0312 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:09:56.0375 3260 Raspti - ok
    17:09:56.0390 3260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:09:56.0453 3260 Rdbss - ok
    17:09:56.0468 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:09:56.0531 3260 RDPCDD - ok
    17:09:56.0546 3260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:09:56.0562 3260 RDPWD - ok
    17:09:56.0593 3260 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:09:56.0656 3260 redbook - ok
    17:09:56.0687 3260 RTLE8023xp (185641ad7e80bfce0aa545d3ec79d557) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    17:09:56.0718 3260 RTLE8023xp - ok
    17:09:56.0734 3260 ScanUSBEMPIA (9202c8474937fa710accfbc9c6e9a769) C:\WINDOWS\system32\DRIVERS\emScan.sys
    17:09:56.0750 3260 ScanUSBEMPIA - ok
    17:09:56.0765 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:09:56.0796 3260 Secdrv - ok
    17:09:56.0828 3260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:09:56.0875 3260 serenum - ok
    17:09:56.0921 3260 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:09:56.0984 3260 Serial - ok
    17:09:57.0000 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:09:57.0062 3260 Sfloppy - ok
    17:09:57.0062 3260 Simbad - ok
    17:09:57.0078 3260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:09:57.0125 3260 SLIP - ok
    17:09:57.0140 3260 Sparrow - ok
    17:09:57.0171 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:09:57.0234 3260 splitter - ok
    17:09:57.0265 3260 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:09:57.0281 3260 sr - ok
    17:09:57.0312 3260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:09:57.0343 3260 Srv - ok
    17:09:57.0359 3260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:09:57.0421 3260 streamip - ok
    17:09:57.0437 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:09:57.0500 3260 swenum - ok
    17:09:57.0531 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:09:57.0578 3260 swmidi - ok
    17:09:57.0593 3260 symc810 - ok
    17:09:57.0593 3260 symc8xx - ok
    17:09:57.0593 3260 sym_hi - ok
    17:09:57.0609 3260 sym_u3 - ok
    17:09:57.0609 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:09:57.0671 3260 sysaudio - ok
    17:09:57.0718 3260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:09:57.0765 3260 Tcpip - ok
    17:09:57.0781 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:09:57.0843 3260 TDPIPE - ok
    17:09:57.0859 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:09:57.0937 3260 TDTCP - ok
    17:09:57.0968 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:09:58.0015 3260 TermDD - ok
    17:09:58.0031 3260 TosIde - ok
    17:09:58.0046 3260 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
    17:09:58.0062 3260 truecrypt - ok
    17:09:58.0093 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:09:58.0140 3260 Udfs - ok
    17:09:58.0140 3260 ultra - ok
    17:09:58.0171 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:09:58.0234 3260 Update - ok
    17:09:58.0265 3260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:09:58.0343 3260 usbccgp - ok
    17:09:58.0375 3260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:09:58.0453 3260 usbehci - ok
    17:09:58.0468 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:09:58.0515 3260 usbhub - ok
    17:09:58.0546 3260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:09:58.0609 3260 usbscan - ok
    17:09:58.0625 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:09:58.0671 3260 USBSTOR - ok
    17:09:58.0703 3260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:09:58.0765 3260 usbuhci - ok
    17:09:58.0781 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:09:58.0828 3260 VgaSave - ok
    17:09:58.0843 3260 ViaIde - ok
    17:09:58.0843 3260 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:09:58.0906 3260 VolSnap - ok
    17:09:58.0921 3260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:09:58.0984 3260 Wanarp - ok
    17:09:59.0015 3260 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    17:09:59.0031 3260 Wdf01000 - ok
    17:09:59.0046 3260 WDICA - ok
    17:09:59.0062 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:09:59.0125 3260 wdmaud - ok
    17:09:59.0140 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:09:59.0203 3260 WS2IFSL - ok
    17:09:59.0218 3260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:09:59.0265 3260 WSTCODEC - ok
    17:09:59.0281 3260 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:09:59.0312 3260 WudfPf - ok
    17:09:59.0312 3260 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:09:59.0328 3260 WudfRd - ok
    17:09:59.0343 3260 xcpip - ok
    17:09:59.0343 3260 xpsec - ok
    17:09:59.0343 3260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:09:59.0406 3260 \Device\Harddisk0\DR0 - ok
    17:09:59.0421 3260 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
    17:09:59.0640 3260 \Device\Harddisk1\DR1 - ok
    17:09:59.0640 3260 Boot (0x1200) (2a61250491a9451a8f876be4c5a54ac3) \Device\Harddisk0\DR0\Partition0
    17:09:59.0640 3260 \Device\Harddisk0\DR0\Partition0 - ok
    17:09:59.0640 3260 Boot (0x1200) (44550caacd67884535752677048b4976) \Device\Harddisk1\DR1\Partition0
    17:09:59.0640 3260 \Device\Harddisk1\DR1\Partition0 - ok
    17:09:59.0640 3260 Boot (0x1200) (adec274e0bd9b3488d5e76b11529b8cd) \Device\Harddisk1\DR1\Partition1
    17:09:59.0640 3260 \Device\Harddisk1\DR1\Partition1 - ok
    17:09:59.0640 3260 Boot (0x1200) (69388d59b113250211e2dfc85386c96e) \Device\Harddisk1\DR1\Partition2
    17:09:59.0640 3260 \Device\Harddisk1\DR1\Partition2 - ok
    17:09:59.0640 3260 ============================================================
    17:09:59.0640 3260 Scan finished
    17:09:59.0640 3260 ============================================================
    17:10:00.0562 2744 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    RP3: 27-1-2012 17:09:41 - TDSSKiller Starter Restore Point
    ==============================================

    Older logs
    ==============================================
    C:\TDSSKiller.2.7.7.0_26.01.2012_06.14.41_log.txt
    C:\TDSSKiller.2.7.7.0_27.01.2012_17.01.37_log.txt
    ==============================================
    EOF



    En:

    ComboFix 12-01-27.01 - Karin en Rob 27-01-2012 17:12:01.6.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1406 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Karin en Rob\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-27 to 2012-01-27 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-27 16:09 . 2012-01-27 16:10 ——– d—–w- C:\TDSSStarter
    2012-01-07 19:52 . 2012-01-07 19:52 ——– d—–w- c:\documents and settings\Gast\Application Data\Apple Computer
    2012-01-03 13:10 . 2012-01-03 13:10 182672 —-a-w- c:\program files\Mozilla Firefox\plugins
    ppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 —-a-w- c:\program files\Internet Explorer\Plugins
    ppdf32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-18 09:29 . 2011-05-31 17:32 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-11 18:36 . 2011-03-09 19:23 66872 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-12-07 20:18 . 2011-12-07 20:18 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
    2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:13 . 2008-04-15 12:00 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:25 . 2008-04-15 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2011-11-03 15:29 . 2008-04-15 12:00 386560 —-a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:29 . 2008-04-15 12:00 1296384 —-a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2008-04-15 12:00 1288192 —-a-w- c:\windows\system32\ole32.dll
    2011-10-31 20:15 . 2011-03-09 19:23 22328 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-10-31 20:15 . 2011-03-09 19:23 22328 —-a-w- c:\documents and settings\Karin en Rob\Application Data\PnkBstrK.sys
    2011-10-31 20:15 . 2011-03-09 19:23 103736 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-12-12 17:19 . 2011-12-07 22:21 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-25_18.06.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-15 12:00 . 2011-11-16 14:22 354816 c:\windows\system32\dllcache\winhttp.dll
    - 2008-04-15 12:00 . 2009-08-25 09:20 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-04-15 12:00 . 2011-11-16 14:22 152064 c:\windows\system32\dllcache\schannel.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 —-a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-01-17 10:24 155416 —-a-w- c:\windows\system32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 08:20 57344 —-a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-02-03 09:32 18085888 —-a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ReflectService"=2 (0x2)
    "PnkBstrB"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Call of Duty\\CoDMP.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Documents and Settings\\Karin en Rob\\Application Data\\Wuala\\Roaming\\Wuala.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 32592]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20-5-2008 8:32 15328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 297168]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [11-9-2011 12:37 275088]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 4:33 269520]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-8-2010 21:42 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-8-2010 21:42 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-8-2010 21:42 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-8-2011 0:33 7390560]
    S3 76pa8.sys;76pa8.sys;\??\c:\windows\system32\drivers\76pa8.sys –> c:\windows\system32\drivers\76pa8.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-12-2009 16:29 1684736]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys –> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium Reflect\ReflectService.exe [12-11-2009 13:50 220128]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 30624798
    *NewlyCreated* - 77185110
    *Deregistered* - 30624798
    *Deregistered* - 77185110
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fwww.bergredding.nl%2F%3Fp%3D1517&subject=
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    FF - ProfilePath - c:\documents and settings\Karin en Rob\Application Data\Mozilla\Firefox\Profiles\p3r36217.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-27 17:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(712)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3420)
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2012-01-27 17:14:59
    ComboFix-quarantined-files.txt 2012-01-27 16:14
    ComboFix2.txt 2012-01-27 04:58
    ComboFix3.txt 2012-01-25 18:19
    .
    Pre-Run: 67.790.778.368 bytes beschikbaar
    Post-Run: 67.779.633.152 bytes beschikbaar
    .
    - - End Of File - - 6F5987AF66ACEBA1A1B7CAF30331D850
  • Hoi Rob, ga het volgende doen: [b:9101b32a2b]de ESET online scan (Klik).[/b:9101b32a2b]
    [list:9101b32a2b]
    [*:9101b32a2b]Klik op de knop [b:9101b32a2b]ESET Online Scanner[/b:9101b32a2b]
    [*:9101b32a2b]Zet een vinkje bij [b:9101b32a2b]YES, I accept the Terms of Use[/b:9101b32a2b]
    [*:9101b32a2b]Klik op [b:9101b32a2b]Start[/b:9101b32a2b]
    [*:9101b32a2b]Sta het ActiveX control toe om te installeren.
    [*:9101b32a2b]Zet een vinkje bij de volgende opties:
    [list:9101b32a2b][*:9101b32a2b][b:9101b32a2b]Remove found threats[/b:9101b32a2b]
    [*:9101b32a2b][b:9101b32a2b]Scan archives[/b:9101b32a2b][/list:u:9101b32a2b]
    [*:9101b32a2b]Klik vervolgens op [b:9101b32a2b]"Advanced Settings"[/color:9101b32a2b][/b:9101b32a2b]
    [list:9101b32a2b][*:9101b32a2b][b:9101b32a2b]Scan for potentially unwanted applications[/b:9101b32a2b]
    [*:9101b32a2b][b:9101b32a2b]Scan for potentially unsafe applications[/b:9101b32a2b]
    [*:9101b32a2b][b:9101b32a2b]Enable Anti-Stealth technology [/b:9101b32a2b][/list:u:9101b32a2b]
    [*:9101b32a2b]Klik op [b:9101b32a2b]Start[/b:9101b32a2b]
    [*:9101b32a2b]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:9101b32a2b]is de scan klaar, klik dan op [b:9101b32a2b]> List of found threats[/color:9101b32a2b][/b:9101b32a2b]
    [*:9101b32a2b]Klik vervolgens op [b:9101b32a2b]> Export to text file….[/b:9101b32a2b][/color:9101b32a2b]
    [*:9101b32a2b]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
    [*:9101b32a2b]Daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:9101b32a2b]Open vervolgens het log dat op je bureaublad staat.
    [*:9101b32a2b]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:9101b32a2b]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Volgend weekend weer verder. Paar dagen niet thuis.
    Groet, Rob
  • Ben ik weer.

    De ESAT Online Scanner heeft niets gevonden.
    Zie screenshot: http://flic.kr/p/brB4Uz

    Volgens de scanner van de ING-bank zit er GEEN malware meer in deze computer. Zie: http://flic.kr/p/brBiVv

    Thx, Rob
  • Mooi zo, dan gaan we opruimen.

    Maar eerst dit:
    hou MBAM en de Eset Onlinescanner in jouw Windows erbij.
    Navigeer naar [b:5f5362c39b]C:\Program Files\ESET\ESET Online Scanner[/b:5f5362c39b] en klik met rechts op [b:5f5362c39b]OnlineScannerApp.exe[/b:5f5362c39b][/color:5f5362c39b] en kies dan voor Snelkoppeling op het bureaublad plaatsen.
    Gebruik OnlineScannerApp.exe ix maandelijks.
    Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten.

    En dan nog een tip: hier - http://www.jawwi.nl/artikelen/cookies.html - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren.


    [b:5f5362c39b]Stap •1•[/b:5f5362c39b][/color:5f5362c39b]
    [b:5f5362c39b]C:\TDSSStarter [/b:5f5362c39b] mag je handmatig verwijderen.

    [b:5f5362c39b]Stap •2•[/b:5f5362c39b][/color:5f5362c39b]
    ComboFix mag nu verwijderd worden:
    [list:5f5362c39b][*:5f5362c39b] ga daarvoor naar Start - Uitvoeren
    [*:5f5362c39b] kopieer en plak hierin het volgende: [b:5f5362c39b]Combofix /Uninstall[/b:5f5362c39b]
    [*:5f5362c39b] klik daarna op [b:5f5362c39b]OK[/b:5f5362c39b].
    [*:5f5362c39b] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:5f5362c39b]

    Voorbeeld:

    [img:5f5362c39b]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:5f5362c39b]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:5f5362c39b]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:5f5362c39b]

    [b:5f5362c39b]Stap •3•[/b:5f5362c39b][/color:5f5362c39b]
    [b:5f5362c39b]Welk programma[/b:5f5362c39b]: TFC.
    [b:5f5362c39b]Waarvoor/waarom[/b:5f5362c39b]:grondige reiniging van Windows.
    [b:5f5362c39b]Moeilijkheidsgraad[/b:5f5362c39b]: geen.

    Windows Vista en Windows 7 gebruikers starten dit tool via rechtsklik erop met administratorrechten.

    [b:5f5362c39b]Download: Download TFC naar je bureaublad (klick)[/color:5f5362c39b] [/b:5f5362c39b]

    [b:5f5362c39b]TFC opstarten[/b:5f5362c39b]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:5f5362c39b][*:5f5362c39b] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:5f5362c39b] Vervolgens klik je op de knop [b:5f5362c39b]Start[/b:5f5362c39b] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:5f5362c39b] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:5f5362c39b] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:5f5362c39b] Noot: TFC vertoont geen log![/list:u:5f5362c39b]

    [b:5f5362c39b]Stap •4•[/b:5f5362c39b][/color:5f5362c39b]
    Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:5f5362c39b]Security Check[/color:5f5362c39b][/b:5f5362c39b].
    [list:5f5362c39b][*:5f5362c39b] Klik/dubbelklik op [b:5f5362c39b]SecurityCheck.exe[/b:5f5362c39b] en let op de instrukties in het zwarte venster.
    [*:5f5362c39b] Een Kladblok document genaamd [b:5f5362c39b]checkup.txt[/b:5f5362c39b] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:5f5362c39b] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:5f5362c39b]
    Post de inhoud van [b:5f5362c39b]checkup.txt [/b:5f5362c39b]in je volgende post.
  • Results of screen317's Security Check version 0.99.31
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    [b:71732290c5]``````````````````````````````
    [u:71732290c5]Antivirus/Firewall Check:[/u:71732290c5][/b:71732290c5]
    AVG 2011
    ESET Online Scanner v3
    [b:71732290c5]```````````````````````````````
    [u:71732290c5]Anti-malware/Other Utilities Check:[/u:71732290c5][/b:71732290c5]
    Disk Cleaner (remove only)
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.2)
    Mozilla Firefox (8.0.1)
    [b:71732290c5]````````````````````````````````
    Process Check:
    [u:71732290c5]objlist.exe by Laurent[/u:71732290c5][/b:71732290c5]
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    [b:71732290c5]``````````End of Log````````````[/b:71732290c5]
  • Dat ziet er prima uit.

    Een laatste tip: ga een paar keer per jaar naar [b:0688182265]Secunia PSI (klik)[/b:0688182265] om te controleren of ook alles binnen Windows uptodate is.
    Want alleen dan is Windows op zijn veiligst!

    Klik op de Secunia site eerst op de knop [b:0688182265]Start Scanner[/b:0688182265] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:0688182265]Enable thorough system inspection[/b:0688182265] aleer op [b:0688182265]Start[/b:0688182265] te klikken!

    Gebruik je geen Java, dan zal de site niet werken.
    Dan kan je de [b:0688182265]Secunia Personal Software Inspector (PSI)[/b:0688182265] downloaden en installeren.
    N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
    http://secunia.com/vulnerability_scanning/personal/
  • Bedankt voor je ondersteuning.

    Gr. Rob

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.