Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virus, worm, etc. op laptop, en nu?

Anoniem
catillac
73 antwoorden
  • Goedemorgen,

    ik zit net familie stambomen te zoeken op internet met de laptop.
    Ineens de hele laptop op tilt, allemaal waarschuwingen van een onbekend programma.
    Maar krijg helemaal niets meer aan qua programma's om schoon te maken. Ook Ccleaner wil niet meer aan etc. Mijn eigen virusscanner gaat niet meer aan Microsoft security essentials. Tenminste, volgens mij is dat niet het programma dat ineens aan het scannen ging. Ik zit nu op de vaste pc en heb internet direct stil gezet op de laptop. Maar wat nu?
    Kan ik op deze vaste pc een schijfje branden en op de laptop draaien, of zal ie dat ook niet opstarten?
    Ik heb dit dus nog nooit meegemaakt in 13 jaar tijd :roll:

    Betreft laptop met Windows XP.
  • Weggehaald.
  • De laptop stond nog wel aan terwijl ik op deze pc aan het zoeken ging.
    Nu kijk ik op de laptop, kan ik ineens wel ccleaner aanzetten en m'n eigen virusscanner draaien, maar het 'onbekende' virus programma staat nog aan.
    Die vraagt ook steeds om me te registreren, dat doe ik natuurlijk niet.

    Hoe krijg ik hem buiten ccleaner en Microsoft security essentials weer helemaal schoon?
  • Na de virusscan is in quarantaine gezet: Rogue: win32/FakeRean
    Het schijnt een heftig ding te zijn.
    De (nep) scanner zie ik ook niet meer nu.

    Hij staat dus in quarantaine maar kan hem niet verwijderen.
    Hoe kan ik hem toch (safe) verwijderen?
  • Je hebt reguliere en obscure genealogiesites!

    [b:882ce36d4b]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:882ce36d4b]
  • Opnieuw opgestart maar het begint weer van vooraf aan.

    Heb foto's gemaakt van de (nep) scanner, maar mijn camera is niet goed dus het zijn slechte foto's.
    Het lijkt net een Windows schild, maar vraag mij dus af of dat echt is.

    http://www.freebits.nl/images/726NepScannerBeeld1.jpg

    http://www.freebits.nl/images/521NepScannerBeeld2.jpg

    http://www.freebits.nl/images/698NepScannerBeeld3.jpg
  • [quote:0c1bb5acff="Abraham54"]Je hebt reguliere en obscure genealogiesites!
    [/quote:0c1bb5acff]

    Excuus ik was tegelijk aan het typen, maar kan weer niks met de laptop.
  • Heb hem weer aan de praat en hij is bezig met stap 1.
    Afwachten maar…

    Mag ik de log straks ook in een PB zetten?
    Of staan er geen privé dingen in zo'n log?
  • Gewoon posten, op logs per PB reageer ik niet!
  • De eerste log, moest hem na het draaien van programma 1 opnieuw opstarten, maar hij draait dan niets meer, na een paar minuten kan ik zo weer alles draaien als goed is en kan ik naar stap 2.

    Zover ik kan zien is dit hieronder een programma die ik niet draai.
    Helaas niet het betreffende bestand gevonden.
    Ik ga even kijken of ik het 2e programma kan draaien….

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 11-3-2012 10:40:17

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 11-3-2012 10:40:56

    c:\documents and settings\fujitsu amilo\menu start\programma's\BitLord Ontdekt: Trace.Directory.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> DisplayIcon Ontdekt: Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> DisplayName Ontdekt: Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> Publisher Ontdekt: Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> UninstallString Ontdekt: Trace.Registry.BitLord 1.1!A2
    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:222 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:259 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:260 Ontdekt: Trace.TrackingCookie.stat.onestat!A2

    Gescand

    Bestanden: 115309
    Sporen: 405504
    Cookies: 205
    Processen: 31

    Gevonden

    Bestanden: 0
    Sporen: 5
    Cookies: 5
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 11-3-2012 11:41:06
    Scantijd: 1:00:10

    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:259 Verwijderd Trace.TrackingCookie.stat.onestat!A2
    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:260 Verwijderd Trace.TrackingCookie.stat.onestat!A2
    C:\Documents and Settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\cookies.sqlite:222 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> DisplayIcon Verwijderd Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> DisplayName Verwijderd Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> Publisher Verwijderd Trace.Registry.BitLord 1.1!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord –> UninstallString Verwijderd Trace.Registry.BitLord 1.1!A2
    c:\documents and settings\fujitsu amilo\menu start\programma's\BitLord Verwijderd Trace.Directory.BitLord 1.1!A2

    Verwijderd

    Bestanden: 0
    Sporen: 5
    Cookies: 3
  • Log 2

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.03.11.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Fujitsu Amilo :: PC-807D868 [administrator]

    11-3-2012 12:06:44
    mbam-log-2012-03-11 (12-06-44).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 163879
    Verstreken tijd: 2 minuut/minuten, 20 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Backdoor.IRCBot) -> Data: C:\Documents and Settings\All Users\Application Data\isecurity.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 3
    C:\Documents and Settings\Fujitsu Amilo\Local Settings\Temp\mor.exe (Trojan.UMadBro) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Documents and Settings\Fujitsu Amilo\Local Settings\Temp\E.tmp (Trojan.UMadBro) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Documents and Settings\All Users\Application Data\isecurity.exe (Backdoor.IRCBot) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Poepoe, niet mis hoor, wat in jouw Windows is geland!

  • En dat door even op Google stambomen te zoeken…
    Doen we dan maar niet meer.

    Ojee, stap 2 ziet er eng uit…
    Ik ga m'n best doen.
  • Dit is 1, ga nu stap 2 proberen…

    12:48:04.0717 0180 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    12:48:04.0717 0180 ============================================================
    12:48:04.0717 0180 Current date / time: 2012/03/11 12:48:04.0717
    12:48:04.0717 0180 SystemInfo:
    12:48:04.0717 0180
    12:48:04.0717 0180 OS Version: 5.1.2600 ServicePack: 3.0
    12:48:04.0717 0180 Product type: Workstation
    12:48:04.0717 0180 ComputerName: PC-807D868
    12:48:04.0717 0180 UserName: Fujitsu Amilo
    12:48:04.0717 0180 Windows directory: C:\WINDOWS
    12:48:04.0717 0180 System windows directory: C:\WINDOWS
    12:48:04.0717 0180 Processor architecture: Intel x86
    12:48:04.0717 0180 Number of processors: 1
    12:48:04.0717 0180 Page size: 0x1000
    12:48:04.0717 0180 Boot type: Normal boot
    12:48:04.0717 0180 ============================================================
    12:48:08.0392 0180 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x2860B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000054
    12:48:08.0402 0180 \Device\Harddisk0\DR0:
    12:48:08.0402 0180 MBR used
    12:48:08.0402 0180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE, BlocksNum 0x12A195C6
    12:48:08.0452 0180 Initialize success
    12:48:08.0452 0180 ============================================================
    12:48:08.0512 2664 ============================================================
    12:48:08.0512 2664 Scan started
    12:48:08.0512 2664 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:48:08.0512 2664 ============================================================
    12:48:09.0714 2664 Abiosdsk - ok
    12:48:09.0724 2664 abp480n5 - ok
    12:48:09.0784 2664 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:48:10.0315 2664 ACPI - ok
    12:48:10.0375 2664 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    12:48:10.0485 2664 ACPIEC - ok
    12:48:10.0495 2664 adpu160m - ok
    12:48:10.0555 2664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    12:48:10.0836 2664 aec - ok
    12:48:10.0896 2664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    12:48:10.0976 2664 AFD - ok
    12:48:11.0006 2664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    12:48:11.0256 2664 agp440 - ok
    12:48:11.0266 2664 Aha154x - ok
    12:48:11.0276 2664 aic78u2 - ok
    12:48:11.0286 2664 aic78xx - ok
    12:48:11.0296 2664 AliIde - ok
    12:48:11.0306 2664 amsint - ok
    12:48:11.0327 2664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    12:48:11.0567 2664 Arp1394 - ok
    12:48:11.0577 2664 asc - ok
    12:48:11.0587 2664 asc3350p - ok
    12:48:11.0597 2664 asc3550 - ok
    12:48:11.0627 2664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:48:11.0837 2664 AsyncMac - ok
    12:48:11.0847 2664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:48:12.0118 2664 atapi - ok
    12:48:12.0308 2664 Atdisk - ok
    12:48:12.0398 2664 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    12:48:12.0498 2664 ati2mtag - ok
    12:48:12.0538 2664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:48:12.0698 2664 Atmarpc - ok
    12:48:12.0719 2664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:48:12.0839 2664 audstub - ok
    12:48:12.0909 2664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    12:48:13.0099 2664 Beep - ok
    12:48:13.0149 2664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:48:13.0309 2664 cbidf2k - ok
    12:48:13.0319 2664 cd20xrnt - ok
    12:48:13.0329 2664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:48:13.0560 2664 Cdaudio - ok
    12:48:13.0580 2664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    12:48:13.0840 2664 Cdfs - ok
    12:48:13.0880 2664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:48:14.0141 2664 Cdrom - ok
    12:48:14.0151 2664 Changer - ok
    12:48:14.0171 2664 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    12:48:14.0371 2664 CmBatt - ok
    12:48:14.0381 2664 CmdIde - ok
    12:48:14.0391 2664 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    12:48:14.0591 2664 Compbatt - ok
    12:48:14.0641 2664 CONAN (52a4e2ad9349a837ad602dc97db305d4) C:\WINDOWS\system32\drivers\o2mmb.sys
    12:48:14.0731 2664 CONAN - ok
    12:48:14.0741 2664 Cpqarray - ok
    12:48:14.0751 2664 dac2w2k - ok
    12:48:14.0761 2664 dac960nt - ok
    12:48:14.0771 2664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    12:48:15.0002 2664 Disk - ok
    12:48:15.0052 2664 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    12:48:15.0322 2664 dmboot - ok
    12:48:15.0352 2664 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    12:48:15.0573 2664 dmio - ok
    12:48:15.0613 2664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    12:48:15.0793 2664 dmload - ok
    12:48:15.0823 2664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    12:48:16.0103 2664 DMusic - ok
    12:48:16.0133 2664 dpti2o - ok
    12:48:16.0143 2664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    12:48:16.0244 2664 drmkaud - ok
    12:48:16.0274 2664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    12:48:16.0424 2664 Fastfat - ok
    12:48:16.0454 2664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    12:48:16.0604 2664 Fdc - ok
    12:48:16.0634 2664 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    12:48:16.0804 2664 Fips - ok
    12:48:16.0814 2664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    12:48:16.0955 2664 Flpydisk - ok
    12:48:16.0985 2664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    12:48:17.0165 2664 FltMgr - ok
    12:48:17.0175 2664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:48:17.0305 2664 Fs_Rec - ok
    12:48:17.0395 2664 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:48:17.0676 2664 Ftdisk - ok
    12:48:17.0926 2664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:48:18.0106 2664 Gpc - ok
    12:48:18.0126 2664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:48:18.0307 2664 HidUsb - ok
    12:48:18.0317 2664 hpn - ok
    12:48:18.0387 2664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    12:48:18.0477 2664 HTTP - ok
    12:48:18.0487 2664 i2omgmt - ok
    12:48:18.0497 2664 i2omp - ok
    12:48:18.0517 2664 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:48:18.0727 2664 i8042prt - ok
    12:48:18.0747 2664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:48:18.0968 2664 Imapi - ok
    12:48:18.0988 2664 ini910u - ok
    12:48:19.0018 2664 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    12:48:19.0248 2664 IntelIde - ok
    12:48:19.0268 2664 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:48:19.0498 2664 intelppm - ok
    12:48:19.0528 2664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    12:48:19.0809 2664 Ip6Fw - ok
    12:48:19.0849 2664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:48:20.0079 2664 IpFilterDriver - ok
    12:48:20.0119 2664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:48:20.0360 2664 IpInIp - ok
    12:48:20.0390 2664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:48:20.0590 2664 IpNat - ok
    12:48:20.0610 2664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:48:20.0830 2664 IPSec - ok
    12:48:20.0860 2664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:48:20.0990 2664 IRENUM - ok
    12:48:21.0030 2664 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:48:21.0191 2664 isapnp - ok
    12:48:21.0221 2664 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:48:21.0381 2664 Kbdclass - ok
    12:48:21.0461 2664 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    12:48:21.0631 2664 kbdhid - ok
    12:48:21.0661 2664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    12:48:21.0812 2664 kmixer - ok
    12:48:21.0862 2664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    12:48:21.0992 2664 KSecDD - ok
    12:48:22.0002 2664 lbrtfdc - ok
    12:48:22.0062 2664 MbxStby (96330f694bd665b3a0f814ef6b1bbff8) C:\WINDOWS\system32\drivers\MbxStby.sys
    12:48:22.0112 2664 MbxStby - ok
    12:48:22.0132 2664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    12:48:22.0322 2664 mnmdd - ok
    12:48:22.0372 2664 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    12:48:22.0603 2664 Modem - ok
    12:48:22.0633 2664 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    12:48:22.0873 2664 MODEMCSA - ok
    12:48:23.0093 2664 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:48:23.0344 2664 Mouclass - ok
    12:48:23.0394 2664 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:48:23.0604 2664 mouhid - ok
    12:48:23.0624 2664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    12:48:23.0905 2664 MountMgr - ok
    12:48:23.0945 2664 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    12:48:24.0005 2664 MpFilter - ok
    12:48:24.0015 2664 mraid35x - ok
    12:48:24.0025 2664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:48:24.0145 2664 MRxDAV - ok
    12:48:24.0195 2664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:48:24.0325 2664 MRxSmb - ok
    12:48:24.0335 2664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    12:48:24.0485 2664 Msfs - ok
    12:48:24.0505 2664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:48:24.0656 2664 MSKSSRV - ok
    12:48:24.0676 2664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:48:24.0816 2664 MSPCLOCK - ok
    12:48:24.0836 2664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    12:48:24.0986 2664 MSPQM - ok
    12:48:25.0026 2664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:48:25.0186 2664 mssmbios - ok
    12:48:25.0267 2664 Mtlmnt5 (2bd5e41dbc10335da517c63126edd9f0) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
    12:48:25.0347 2664 Mtlmnt5 - ok
    12:48:25.0467 2664 Mtlstrm (cd8cd38eb0089825daba33b78c4bca0a) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
    12:48:25.0657 2664 Mtlstrm - ok
    12:48:25.0727 2664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    12:48:25.0837 2664 Mup - ok
    12:48:25.0897 2664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    12:48:26.0238 2664 NDIS - ok
    12:48:26.0308 2664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    12:48:26.0388 2664 NdisTapi - ok
    12:48:26.0418 2664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    12:48:26.0689 2664 Ndisuio - ok
    12:48:26.0699 2664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    12:48:27.0119 2664 NdisWan - ok
    12:48:27.0159 2664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    12:48:27.0239 2664 NDProxy - ok
    12:48:27.0259 2664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    12:48:27.0420 2664 NetBIOS - ok
    12:48:27.0450 2664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    12:48:27.0630 2664 NetBT - ok
    12:48:27.0670 2664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    12:48:27.0840 2664 NIC1394 - ok
    12:48:27.0860 2664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    12:48:28.0031 2664 Npfs - ok
    12:48:28.0071 2664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    12:48:28.0291 2664 Ntfs - ok
    12:48:28.0371 2664 NtMtlFax (993e68224c0f871015e06039f3a92167) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
    12:48:28.0431 2664 NtMtlFax - ok
    12:48:28.0441 2664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    12:48:28.0551 2664 Null - ok
    12:48:28.0601 2664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    12:48:28.0722 2664 NwlnkFlt - ok
    12:48:28.0732 2664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    12:48:28.0862 2664 NwlnkFwd - ok
    12:48:28.0882 2664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    12:48:29.0032 2664 ohci1394 - ok
    12:48:29.0072 2664 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    12:48:29.0272 2664 Parport - ok
    12:48:29.0282 2664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    12:48:29.0453 2664 PartMgr - ok
    12:48:29.0483 2664 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    12:48:29.0633 2664 ParVdm - ok
    12:48:29.0643 2664 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    12:48:29.0853 2664 PCI - ok
    12:48:29.0863 2664 PCIDump - ok
    12:48:29.0883 2664 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:48:30.0033 2664 PCIIde - ok
    12:48:30.0043 2664 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    12:48:30.0224 2664 Pcmcia - ok
    12:48:30.0234 2664 PDCOMP - ok
    12:48:30.0244 2664 PDFRAME - ok
    12:48:30.0254 2664 PDRELI - ok
    12:48:30.0264 2664 PDRFRAME - ok
    12:48:30.0274 2664 perc2 - ok
    12:48:30.0284 2664 perc2hib - ok
    12:48:30.0314 2664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:48:30.0504 2664 PptpMiniport - ok
    12:48:30.0514 2664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    12:48:30.0704 2664 PSched - ok
    12:48:30.0714 2664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:48:30.0895 2664 Ptilink - ok
    12:48:30.0905 2664 ql1080 - ok
    12:48:30.0915 2664 Ql10wnt - ok
    12:48:30.0925 2664 ql12160 - ok
    12:48:30.0935 2664 ql1240 - ok
    12:48:30.0935 2664 ql1280 - ok
    12:48:30.0965 2664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:48:31.0105 2664 RasAcd - ok
    12:48:31.0125 2664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:48:31.0285 2664 Rasl2tp - ok
    12:48:31.0295 2664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:48:31.0445 2664 RasPppoe - ok
    12:48:31.0455 2664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:48:31.0596 2664 Raspti - ok
    12:48:31.0636 2664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:48:31.0816 2664 Rdbss - ok
    12:48:31.0826 2664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:48:31.0966 2664 RDPCDD - ok
    12:48:32.0036 2664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    12:48:32.0136 2664 RDPWD - ok
    12:48:32.0187 2664 RecAgent (4695397ac20c467a1ced29c37fdba0b1) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
    12:48:32.0257 2664 RecAgent - ok
    12:48:32.0287 2664 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:48:32.0477 2664 redbook - ok
    12:48:32.0507 2664 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    12:48:32.0607 2664 RTL8023xp - ok
    12:48:32.0657 2664 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    12:48:32.0817 2664 rtl8139 - ok
    12:48:32.0847 2664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:48:33.0028 2664 Secdrv - ok
    12:48:33.0068 2664 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
    12:48:33.0348 2664 Serial - ok
    12:48:33.0368 2664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:48:33.0568 2664 Sfloppy - ok
    12:48:33.0589 2664 Simbad - ok
    12:48:33.0629 2664 Slntamr (5f24500f53f8cc9182755b3fd4d49384) C:\WINDOWS\system32\DRIVERS\slntamr.sys
    12:48:33.0729 2664 Slntamr - ok
    12:48:33.0799 2664 SlNtHal (97005b600fbc6d73269e1261a9f7f36a) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
    12:48:33.0869 2664 SlNtHal - ok
    12:48:33.0889 2664 SlWdmSup (aef19da29cd4265fcae8e3ddbf5d8aba) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
    12:48:33.0939 2664 SlWdmSup - ok
    12:48:33.0949 2664 Sparrow - ok
    12:48:33.0959 2664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    12:48:34.0089 2664 splitter - ok
    12:48:34.0119 2664 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    12:48:34.0300 2664 sr - ok
    12:48:34.0380 2664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    12:48:34.0480 2664 Srv - ok
    12:48:34.0500 2664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:48:34.0620 2664 swenum - ok
    12:48:34.0640 2664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    12:48:34.0810 2664 swmidi - ok
    12:48:34.0820 2664 symc810 - ok
    12:48:34.0830 2664 symc8xx - ok
    12:48:34.0840 2664 sym_hi - ok
    12:48:34.0850 2664 sym_u3 - ok
    12:48:34.0910 2664 SynTP (065d6efc03486c2039b8c2b4c56e6edb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    12:48:35.0011 2664 SynTP - ok
    12:48:35.0041 2664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    12:48:35.0271 2664 sysaudio - ok
    12:48:35.0351 2664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:48:35.0511 2664 Tcpip - ok
    12:48:35.0551 2664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:48:35.0752 2664 TDPIPE - ok
    12:48:35.0772 2664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    12:48:35.0982 2664 TDTCP - ok
    12:48:36.0042 2664 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
    12:48:36.0142 2664 Teefer ( UnsignedFile.Multi.Generic ) - warning
    12:48:36.0142 2664 Teefer - detected UnsignedFile.Multi.Generic (1)
    12:48:36.0202 2664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:48:36.0413 2664 TermDD - ok
    12:48:36.0423 2664 TosIde - ok
    12:48:36.0453 2664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    12:48:36.0743 2664 Udfs - ok
    12:48:36.0753 2664 ultra - ok
    12:48:36.0793 2664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    12:48:36.0993 2664 Update - ok
    12:48:37.0043 2664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:48:37.0274 2664 usbccgp - ok
    12:48:37.0314 2664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:48:37.0524 2664 usbehci - ok
    12:48:37.0554 2664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:48:37.0795 2664 usbhub - ok
    12:48:37.0825 2664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:48:38.0045 2664 USBSTOR - ok
    12:48:38.0055 2664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:48:38.0235 2664 usbuhci - ok
    12:48:38.0255 2664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    12:48:38.0375 2664 VgaSave - ok
    12:48:38.0385 2664 ViaIde - ok
    12:48:38.0446 2664 VIAudio (3fb54164fc7412693895bb9924399456) C:\WINDOWS\system32\drivers\vinyl97.sys
    12:48:38.0546 2664 VIAudio - ok
    12:48:38.0576 2664 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    12:48:38.0716 2664 VolSnap - ok
    12:48:38.0736 2664 vsdatant - ok
    12:48:38.0886 2664 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    12:48:39.0126 2664 w29n51 - ok
    12:48:39.0197 2664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:48:39.0437 2664 Wanarp - ok
    12:48:39.0447 2664 WDICA - ok
    12:48:39.0477 2664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    12:48:39.0757 2664 wdmaud - ok
    12:48:39.0817 2664 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
    12:48:39.0838 2664 wg3n - ok
    12:48:39.0858 2664 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
    12:48:39.0878 2664 wg4n - ok
    12:48:39.0938 2664 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
    12:48:39.0958 2664 wg5n - ok
    12:48:39.0968 2664 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
    12:48:39.0988 2664 wg6n - ok
    12:48:40.0018 2664 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    12:48:40.0128 2664 wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
    12:48:40.0128 2664 wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
    12:48:40.0148 2664 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    12:48:40.0448 2664 \Device\Harddisk0\DR0 - ok
    12:48:40.0448 2664 Boot (0x1200) (41ec7b5c9bad9938816a53e9e3784059) \Device\Harddisk0\DR0\Partition0
    12:48:40.0448 2664 \Device\Harddisk0\DR0\Partition0 - ok
    12:48:40.0448 2664 ============================================================
    12:48:40.0448 2664 Scan finished
    12:48:40.0448 2664 ============================================================
    12:48:41.0440 3176 Deinitialize success

    ==============================================
    System Restore Point Check:

    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    EOF







  • ComboFix is niet eng, maar vereist enige aandacht!
    Succes ermee hoor.
  • Hopelijk heb ik het goed gedaan…

    ComboFix 12-03-10.02 - Fujitsu Amilo 11-03-2012 13:04:30.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.687 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Fujitsu Amilo\Bureaublad\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\IsUn0413.exe
    c:\windows\system32\dllcache\dlimport.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-11 to 2012-03-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 11:47 . 2012-03-11 11:48 ——– d—–w- C:\TDSSStarter
    2012-03-11 11:01 . 2012-03-11 11:01 ——– d—–w- c:\documents and settings\Fujitsu Amilo\Application Data\Malwarebytes
    2012-03-11 11:01 . 2012-03-11 11:01 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-11 11:01 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-11 11:01 . 2012-03-11 11:01 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-11 08:23 . 2012-02-08 06:03 6552120 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A5761ED-1134-408F-9398-C1BEEA9454EA}\mpengine.dll
    2012-03-11 08:21 . 2012-03-11 08:21 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2012-03-11 06:49 . 2012-03-11 11:57 ——– d–h–r- c:\documents and settings\Fujitsu Amilo\Onlangs geopend
    2012-03-04 10:05 . 2012-03-04 10:05 ——– d—–w- C:\Marktplaats
    2012-02-16 03:16 . 2012-01-11 19:07 3072 -c—-w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-16 03:16 . 2012-01-11 19:07 3072 ——w- c:\windows\system32\iacenc.dll
    2012-02-13 09:40 . 2012-02-13 09:40 ——– d—–w- c:\documents and settings\Fujitsu Amilo\Local Settings\Application Data\Help
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 14:17 . 2011-11-18 13:39 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-08 06:03 . 2011-11-19 16:29 6552120 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2011-11-18 15:24 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-01-12 17:20 . 2006-03-02 12:00 1860096 —-a-w- c:\windows\system32\win32k.sys
    2011-12-30 08:42 . 2011-12-30 08:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2011-12-30 08:42 . 2011-12-30 08:42 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-12-19 08:53 . 2006-03-02 12:00 670208 —-a-w- c:\windows\system32\wininet.dll
    2011-12-19 08:53 . 2006-03-02 12:00 61952 —-a-w- c:\windows\system32\tdc.ocx
    2011-12-19 08:53 . 2006-03-02 12:00 81920 —-a-w- c:\windows\system32\ieencode.dll
    2011-12-19 08:52 . 2006-03-02 12:00 371712 —-a-w- c:\windows\system32\html.iec
    2012-02-18 19:49 . 2011-11-18 13:36 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-09 519584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitLord 2\\Bitlord files\\bitlord.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    .
    R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [18-11-2011 12:54 191092]
    R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [18-11-2011 12:54 6100]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 51474337
    *Deregistered* - 51474337
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 13:06 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-03-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Fujitsu Amilo\Application Data\Mozilla\Firefox\Profiles\x2hdqdaj.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-11 13:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2012-03-11 13:08:18
    ComboFix-quarantined-files.txt 2012-03-11 12:08
    .
    Pre-Run: 142.273.654.784 bytes beschikbaar
    Post-Run: 142.241.357.824 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 84E92FAB8633A3006338C21BEE221D9A
  • Ga nu het volgende doen: [b:04bab34929]de ESET online scan (Klik).[/b:04bab34929]
    [list:04bab34929]
    [*:04bab34929]Klik op de knop [b:04bab34929]ESET Online Scanner[/b:04bab34929]
    [*:04bab34929]Zet een vinkje bij [b:04bab34929]YES, I accept the Terms of Use[/b:04bab34929]
    [*:04bab34929]Klik op [b:04bab34929]Start[/b:04bab34929]
    [*:04bab34929]Sta het ActiveX control toe om te installeren.
    [*:04bab34929]Zet een vinkje bij de volgende opties:
    [list:04bab34929][*:04bab34929][b:04bab34929]Remove found threats[/b:04bab34929]
    [*:04bab34929][b:04bab34929]Scan archives[/b:04bab34929][/list:u:04bab34929]
    [*:04bab34929]Klik vervolgens op [b:04bab34929]
  • Moet dit het zijn?

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=69e0f3064f7b5641a69f11cb5f5314e4
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-03-11 01:27:45
    # local_time=2012-03-11 02:27:45 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=5891 16776869 42 87 5428 28340705 0 0
    # compatibility_mode=8192 67108863 100 0 3781 3781 0 0
    # scanned=36342
    # found=0
    # cleaned=0
    # scan_time=2632
  • Mooi resultaat: niks gevonden.

    Vertel: hoe gaat jouw Windows nu?
  • Na het draaien van het 2e programma (dacht Malwarebytes) startte de nep virusscanner gelukkig al niet meer op.
    Windows staat er net pas zo'n 3 maanden op geloof ik, en ik doe er zeer weinig mee, het was ineens rond 7.30uur bingo vanmorgen.

    Heel hartelijk dank voor al je hulp!

    Welk van de programma's kan ik zelf eens laten lopen om op te schonen?
    En hoe kan het eigenlijk dat mijn firewall en virusscanner het niet tegen hielden?
    Kan ik beter toch een andere nemen?

    Oh en wat is LightScribe, niets vreemds?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.