Vraag & Antwoord

Beveiliging & privacy

Ook Gomeo virus + Hijack log

Anoniem
None
18 antwoorden
  • Hoi mensen,

    Het is laaaang geleden maar ik vrees dat ik weer getroffen ben! Zie dat ik niet de enige ben die last van het gomeo virus. Ik durf die MBAM niet aan en vertrouw volledig de hijack logs aangezien ik daar goede ervaringen mee heb.
    Ik kan ze alleen nog steeds niet 100% interpreteren. Kunnen jullie er iets mee?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:27:26 AM, on 4/14/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DriverCD] E:\Run.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


    End of file - 10269 bytes
  • Hoi Kream, de-ïnstalleer de ASK-toolbar!

    En daarna doe je toch het volgende:

    [b:d8d3713ad2]Welk programma[/b:d8d3713ad2]: Malwarebytes MBAM
    [b:d8d3713ad2]Waarvoor/waarom[/b:d8d3713ad2]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:d8d3713ad2]Moeilijkheidsgraad[/b:d8d3713ad2]: geen.

    [b:d8d3713ad2]Download Malwarebytes MBAM via één van deze locaties[/b:d8d3713ad2]:
    [list:d8d3713ad2] [*:d8d3713ad2][b:d8d3713ad2]Download.com[/b:d8d3713ad2]
    [*:d8d3713ad2][b:d8d3713ad2]Softpedia.com[/b:d8d3713ad2][*:d8d3713ad2][b:d8d3713ad2]Majorgeeks.com[/b:d8d3713ad2][/list:u:d8d3713ad2]
    [b:d8d3713ad2]Allereerst[/b:d8d3713ad2]:[list:d8d3713ad2][*:d8d3713ad2] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:d8d3713ad2] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:d8d3713ad2]
    [b:d8d3713ad2]Malwarebytes MBAM opstarten[/b:d8d3713ad2]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:d8d3713ad2]Scannen[/b:d8d3713ad2]:
    [list:d8d3713ad2][*:d8d3713ad2] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:d8d3713ad2]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:d8d3713ad2]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:d8d3713ad2]
    [b:d8d3713ad2]Infecties gevonden[/b:d8d3713ad2]:
    [list:d8d3713ad2][*:d8d3713ad2]Klik nu eerst op OK om de melding weg te klikken
    [*:d8d3713ad2]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:d8d3713ad2]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:d8d3713ad2]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:d8d3713ad2]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:d8d3713ad2]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:d8d3713ad2]
    [b:d8d3713ad2]MBAM-Log[/b:d8d3713ad2]:
    [list:d8d3713ad2][*:d8d3713ad2] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:d8d3713ad2]
    [b:d8d3713ad2]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:d8d3713ad2]
  • Ok dan super bedankt!
    De Ask-toolbar kon ik niet deinstalleren omdat ik die niet kon vinden. Wilde het googlen hoe t moest, maja die verdomde gomeovirus werkte niet mee….

    Afijn, de log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6360

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/14/2011 12:48:53 PM
    mbam-log-2011-04-14 (12-48-52).txt

    Scantype: Snelle scan
    Objecten gescand: 188950
    Verstreken tijd: 19 minuut/minuten, 20 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 1
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1";) Good: (regedit.exe "%1";) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    Overigens is het virus er nog steeds.
  • Welke browser gebruik jij eigenlijk?

    En doe het volgende:

    [b:d732ae9e15]Welk programma[/b:d732ae9e15]: ComboFix
    [b:d732ae9e15]Waarvoor/waarom[/b:d732ae9e15]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:d732ae9e15]Moeilijkheidsgraad[/b:d732ae9e15]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:d732ae9e15]Downloadlokatie[/b:d732ae9e15]: Dit programma absoluut naar het bureaublad downloaden!
    [b:d732ae9e15]Download ComboFix via één van deze locaties[/b:d732ae9e15]:
    [list:d732ae9e15][*:d732ae9e15][b:d732ae9e15]Bleepingcomputer[/b:d732ae9e15]
    [*:d732ae9e15][b:d732ae9e15]ForoSpyware[/b:d732ae9e15]
    [*:d732ae9e15][b:d732ae9e15]Geekstogo[/b:d732ae9e15][/list:u:d732ae9e15]
    [b:d732ae9e15]Hier[/b:d732ae9e15] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:d732ae9e15]Hier[/b:d732ae9e15] en [b:d732ae9e15]hier[/b:d732ae9e15] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:d732ae9e15]Voor alle duidelijkheid nogmaals[/b:d732ae9e15]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:d732ae9e15]Opmerkingen[/b:d732ae9e15]:
    [list:d732ae9e15][*:d732ae9e15] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:d732ae9e15]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:d732ae9e15]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:d732ae9e15]
    [b:d732ae9e15]ComboFix is opgestart[/b:d732ae9e15]:
    [list:d732ae9e15][*:d732ae9e15]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:d732ae9e15]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:d732ae9e15]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:d732ae9e15]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:d732ae9e15]Post de inhoud van dit logbestand in je volgende bericht.
    [*:d732ae9e15]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:d732ae9e15]
    [b:d732ae9e15]Belangrijke opmerking[/b:d732ae9e15]:
    [list:d732ae9e15][*:d732ae9e15][b:d732ae9e15]
  • ComboFix log:


    ComboFix 11-04-13.04 - TM Hupkens 04/14/2011 14:07:04.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2786 [GMT 2:00]
    Running from: c:\documents and settings\TM Hupkens\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\msvcsv60.dll
    c:\windows\system32\slibgs.dll
    c:\windows\system32\slibmmn.dll
    c:\windows\system32\sslibeh.dll
    c:\windows\system32\sslibff.dll
    c:\windows\system32\sslibfg.dll
    c:\windows\system32\sslibjy.dll
    c:\windows\system32\sslibsd.dll
    c:\windows\system32\ssprs.dll
    F:\AUTORUN.INF
    F:\install.exe
    I:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Malwarebytes
    2011-04-14 10:02 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-14 10:02 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-14 09:25 . 2011-04-14 09:25 388096 —-a-r- c:\documents and settings\TM Hupkens\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-14 09:25 . 2011-04-14 09:25 ——– d—–w- c:\program files\Trend Micro
    2011-04-12 13:06 . 2011-04-12 13:06 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Korg
    2011-04-11 15:58 . 2011-04-11 15:58 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\PunkBuster
    2011-04-07 09:39 . 2009-11-26 14:08 183360 ——w- c:\windows\system32\US-122_MKII_US-144_MKII.CPL
    2011-04-04 14:25 . 2011-04-06 21:29 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Mumble
    2011-04-04 14:24 . 2011-04-04 14:24 ——– d—–w- c:\program files\Mumble
    2011-03-21 10:27 . 2011-03-21 10:27 ——– d—–w- c:\windows\system32\Lang
    2011-03-21 10:23 . 2006-08-01 07:02 49152 ——r- c:\windows\system32\ChCfg.exe
    2011-03-21 10:23 . 2011-03-21 10:23 ——– d—–w- c:\windows\system32\RTCOM
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 10:52 . 2009-10-18 22:07 16608 —-a-w- c:\windows\gdrv.sys
    2011-04-11 15:58 . 2010-04-14 18:59 189248 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-04-11 15:58 . 2010-04-14 18:59 75136 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-02-09 13:53 . 2008-04-14 05:42 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 05:41 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2009-10-18 21:55 2067456 —-a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-10-18 21:55 677888 —-a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2008-04-14 05:42 439296 —-a-w- c:\windows\system32\shimgvw.dll
    2010-02-25 09:49 . 2010-02-25 09:47 18499623 —-a-w- c:\program files\vlc-1.0.5-win32.exe
    .
    .
    ——- Sigcheck ——-
    .
    [-] 2008-07-19 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-18 11:58 333192 —-a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-26 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-05-24 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-04 77824]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
    "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
    "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
    .
    c:\documents and settings\TM Hupkens\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-19 575488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\Warhammer 40000 Dawn of War II - Chaos Rising\\DOW2.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
    "c:\\Documents and Settings\\TM Hupkens\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Activision\\Transformers - War for Cybertron\\Binaries\\TWFC.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor MP Open Beta\\MoHMPUpdater.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor MP Open Beta\\MoHMPGame.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\lara croft and the guardian of light\\lcgol.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "6853:TCP"= 6853:TCP:Services
    "6854:TCP"= 6854:TCP:Services
    "9571:TCP"= 9571:TCP:Services
    "5055:TCP"= 5055:TCP:Services
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2009 9:30 AM 108289]
    R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [10/19/2009 12:10 AM 80392]
    R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [10/19/2009 12:42 AM 399424]
    R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [10/19/2009 12:42 AM 26688]
    R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [10/19/2009 12:42 AM 39488]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 288112]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-842925246-682003330-1003Core.job
    - c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 10:14]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-842925246-682003330-1003UA.job
    - c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 10:14]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
    uInternet Settings,ProxyOverride = *.local
    IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    FF - ProfilePath - c:\documents and settings\TM Hupkens\Application Data\Mozilla\Firefox\Profiles\gf0qk2f0.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|about:blank
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}

    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-DriverCD - E:\Run.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 14:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes …
    .
    scanning hidden autostart entries …
    .
    scanning hidden files …
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_USERS\S-1-5-21-823518204-842925246-682003330-1003\Software\SecuROM\License information*]
    "datasecu"=hex:31,ad,27,73,56,68,5f,20,4c,f3,40,55,d2,dd,5d,eb,e9,5f,94,64,b8,
    2d,4b,d8,6d,71,b7,6a,06,65,f8,d7,d9,61,dc,80,0e,15,0d,d8,22,0d,68,c4,94,7c,\
    "rkeysecu"=hex:3b,90,c2,0b,45,47,63,1a,80,9b,98,27,97,da,88,89
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:45,35,77,b9,07,9e,44,54,af,41,ad,d3,21,d1,2a,2c,4f,d6,07,7f,b2,
    3e,4d,b3,b7,0c,cd,e6,dd,f1,fb,ba,af,46,a7,5c,7d,7e,62,31,03,d3,6b,98,cf,82,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:45,35,77,b9,07,9e,44,54,af,41,ad,d3,21,d1,2a,2c,4f,d6,07,7f,b2,
    3e,4d,b3,b7,0c,cd,e6,dd,f1,fb,ba,af,46,a7,5c,7d,7e,62,31,03,d3,6b,98,cf,82,\
    .
    ——————— DLLs Loaded Under Running Processes ———————
    .
    - - - - - - - > 'winlogon.exe'(1004)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-04-14 14:15:18
    ComboFix-quarantined-files.txt 2011-04-14 12:15
    .
    Pre-Run: 186,909,933,568 bytes free
    Post-Run: 198,389,932,032 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - CC4F111B1B66CD0D0A0769B366AC9760
  • Hoi Kream, nog problemen?

    Een opmerking: upgrade je VLC-player of installeer meteen de nieuwste!
    Want dat is een oude versie in jouw Windows - dus een beveiligingsrisico!
  • Super bedankt!

    Het is onduidelijk of het helemaal weg is aangezien ik net nog een paar google hits klikte en weer terug kwam op de google site en ik op een andere site terecht kwam toen ik op een suggestie van google klikte (omdat ik opzettelijk een spelfout maakte).
    Probeerde ik het net weer deed ie t wel opeens. Vreemd….

    Ik heb toch een vermoeden dat het er nog steeds ergens op de achtergrond zit. Heb het idee dat mn browser ook wat langzamer is geworden. Ik werk overigens met firefox, windows xp SP3. Had het probleem echter ook in Internet Explorer voor ik ComboFix had toegepast.

    Heb overigens VLC upgedate ;).

    Bedankt!
  • Hoi Kream, doe het volgende:

    1)

    open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:0770c89920]Kladblok[/b:0770c89920]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:0770c89920][/b:0770c89920]


    Sla dit kladblokbestand op je bureaublad op als [b:0770c89920]CFScript.txt[/b:0770c89920].

    [b:0770c89920][/b:0770c89920]


    Sleep CFScript.txt in ComboFix.exe


    [img:0770c89920]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:0770c89920]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!


    2)

    Gebruik [b:0770c89920]GooRedFix[/b:0770c89920] om FireFox website-omleidingen te fixen.

    [b:0770c89920]Downloadlink No. 1[/b:0770c89920]

    [b:0770c89920]Downloadlink No. 2[/b:0770c89920]

    • Zorg dat alle FireFox-vensters gesloten zijn!
    • Windows 2000 en Windows XP: start GooredFix middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start GooredFix middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren
    • Komt de melding om de scan te starten, klik dan op "Yes"
    • GooredFix zal naar infecties zoeken; daarna zal een log openen.
  • Ik had gister geen tijd meer op verder te gaan. Nu wel. Maar ik vroeg me af: Bij



    Moet neem ik aan niet de code bij toch? Volgens mij is dat een foutje omdat t forum geen kleuren kan toewijzen.

    Heb trouwens nu weer 100% last van Gimeo dus moet dit idd echt wel even toepassen…
  • Hoi Kream, sorry voor de verwarring, hieronder volgt zo als het had moeten zijn:

    open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:6b1eb0a396]Kladblok[/b:6b1eb0a396]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:6b1eb0a396]
  • ComboFix 11-04-14.03 - TM Hupkens 04/15/2011 12:25:37.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2733 [GMT 2:00]
    Running from: c:\documents and settings\TM Hupkens\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\TM Hupkens\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AskBarDis
    c:\program files\AskBarDis\bar\bin\askBar.dll
    c:\program files\AskBarDis\bar\bin\askPopStp.dll
    c:\program files\AskBarDis\bar\bin\psvince.dll
    c:\program files\AskBarDis\bar\Cache\0ED6C28B
    c:\program files\AskBarDis\bar\Cache\0ED6C7AB
    c:\program files\AskBarDis\bar\Cache\0ED6CA8A.bin
    c:\program files\AskBarDis\bar\Cache\0ED6CE04.bin
    c:\program files\AskBarDis\bar\Cache\0ED6D0B4.bin
    c:\program files\AskBarDis\bar\Cache\0ED6D24A.bin
    c:\program files\AskBarDis\bar\Cache\0ED6D41F.bin
    c:\program files\AskBarDis\bar\Cache\0ED6D622.bin
    c:\program files\AskBarDis\bar\Cache\0ED6D8D2.bin
    c:\program files\AskBarDis\bar\Cache\0ED6DB33.bin
    c:\program files\AskBarDis\bar\Cache\0ED6DE8F.bin
    c:\program files\AskBarDis\bar\Cache\0ED6E12F.bin
    c:\program files\AskBarDis\bar\Cache\files.ini
    c:\program files\AskBarDis\bar\History\search
    c:\program files\AskBarDis\bar\Settings\config.dat
    c:\program files\AskBarDis\bar\Settings\config.dat.bak
    c:\program files\AskBarDis\bar\Settings\prevcfg.htm
    c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
    c:\program files\AskBarDis\PopSwatter\History\notallow
    c:\program files\AskBarDis\unins000.dat
    c:\program files\AskBarDis\unins000.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-15 08:53 . 2011-04-15 08:53 ——– d—–w- c:\windows\LastGood
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Malwarebytes
    2011-04-14 10:02 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-14 10:02 . 2011-04-14 10:02 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-14 10:02 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-14 09:25 . 2011-04-14 09:25 388096 —-a-r- c:\documents and settings\TM Hupkens\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-14 09:25 . 2011-04-14 09:25 ——– d—–w- c:\program files\Trend Micro
    2011-04-12 13:06 . 2011-04-12 13:06 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Korg
    2011-04-11 15:58 . 2011-04-11 15:58 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\PunkBuster
    2011-04-07 09:39 . 2009-11-26 14:08 183360 ——w- c:\windows\system32\US-122_MKII_US-144_MKII.CPL
    2011-04-04 14:25 . 2011-04-06 21:29 ——– d—–w- c:\documents and settings\TM Hupkens\Application Data\Mumble
    2011-04-04 14:24 . 2011-04-04 14:24 ——– d—–w- c:\program files\Mumble
    2011-03-21 10:27 . 2011-03-21 10:27 ——– d—–w- c:\windows\system32\Lang
    2011-03-21 10:23 . 2006-08-01 07:02 49152 ——r- c:\windows\system32\ChCfg.exe
    2011-03-21 10:23 . 2011-03-21 10:23 ——– d—–w- c:\windows\system32\RTCOM
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-15 08:47 . 2009-10-18 22:07 16608 —-a-w- c:\windows\gdrv.sys
    2011-04-11 15:58 . 2010-04-14 18:59 189248 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-04-11 15:58 . 2010-04-14 18:59 75136 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-02-09 13:53 . 2008-04-14 05:42 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 05:41 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2009-10-18 21:55 2067456 —-a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-10-18 21:55 677888 —-a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2008-04-14 05:42 439296 —-a-w- c:\windows\system32\shimgvw.dll
    2010-02-25 09:49 . 2010-02-25 09:47 18499623 —-a-w- c:\program files\vlc-1.0.5-win32.exe
    .
    .
    ——- Sigcheck ——-
    .
    [-] 2008-07-19 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-14_12.13.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-15 08:47 . 2011-04-15 08:47 16384 c:\windows\Temp\Perflib_Perfdata_268.dat
    + 2011-04-15 08:47 . 2011-04-15 08:47 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Google Update"="c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-26 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-05-24 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-04 77824]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
    "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
    "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
    .
    c:\documents and settings\TM Hupkens\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-19 575488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\Warhammer 40000 Dawn of War II - Chaos Rising\\DOW2.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
    "c:\\Documents and Settings\\TM Hupkens\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Activision\\Transformers - War for Cybertron\\Binaries\\TWFC.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor MP Open Beta\\MoHMPUpdater.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor MP Open Beta\\MoHMPGame.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\lara croft and the guardian of light\\lcgol.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "6853:TCP"= 6853:TCP:Services
    "6854:TCP"= 6854:TCP:Services
    "9571:TCP"= 9571:TCP:Services
    "5055:TCP"= 5055:TCP:Services
    "3369:TCP"= 3369:TCP:Services
    "5238:TCP"= 5238:TCP:Services
    "2275:TCP"= 2275:TCP:Services
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2009 9:30 AM 108289]
    R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [10/19/2009 12:10 AM 80392]
    R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [10/19/2009 12:42 AM 399424]
    R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [10/19/2009 12:42 AM 26688]
    R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [10/19/2009 12:42 AM 39488]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 288112]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-842925246-682003330-1003Core.job
    - c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 10:14]
    .
    2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-842925246-682003330-1003UA.job
    - c:\documents and settings\TM Hupkens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-26 10:14]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
    uInternet Settings,ProxyOverride = *.local
    IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    FF - ProfilePath - c:\documents and settings\TM Hupkens\Application Data\Mozilla\Firefox\Profiles\gf0qk2f0.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|about:blank
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}

    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-15 12:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes …
    .
    scanning hidden autostart entries …
    .
    scanning hidden files …
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_USERS\S-1-5-21-823518204-842925246-682003330-1003\Software\SecuROM\License information*]
    "datasecu"=hex:31,ad,27,73,56,68,5f,20,4c,f3,40,55,d2,dd,5d,eb,e9,5f,94,64,b8,
    2d,4b,d8,6d,71,b7,6a,06,65,f8,d7,d9,61,dc,80,0e,15,0d,d8,22,0d,68,c4,94,7c,\
    "rkeysecu"=hex:3b,90,c2,0b,45,47,63,1a,80,9b,98,27,97,da,88,89
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:45,35,77,b9,07,9e,44,54,af,41,ad,d3,21,d1,2a,2c,4f,d6,07,7f,b2,
    3e,4d,b3,b7,0c,cd,e6,dd,f1,fb,ba,af,46,a7,5c,7d,7e,62,31,03,d3,6b,98,cf,82,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:45,35,77,b9,07,9e,44,54,af,41,ad,d3,21,d1,2a,2c,4f,d6,07,7f,b2,
    3e,4d,b3,b7,0c,cd,e6,dd,f1,fb,ba,af,46,a7,5c,7d,7e,62,31,03,d3,6b,98,cf,82,\
    .
    ——————— DLLs Loaded Under Running Processes ———————
    .
    - - - - - - - > 'winlogon.exe'(1004)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-04-15 12:39:25
    ComboFix-quarantined-files.txt 2011-04-15 10:39
    ComboFix2.txt 2011-04-14 12:15
    .
    Pre-Run: 197,792,972,800 bytes free
    Post-Run: 197,797,486,592 bytes free
    .
    - - End Of File - - 45F082E9CCD471FD4474816C52D3F638
  • Hoi Kream, hoe gaat het nu?

    En heb je GooRedFix ook al gedaan?
  • Gooredfix was ik vergeten:

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 12:52 on 15/04/2011 (TM Hupkens)
    Firefox version 3.6.16 (nl)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [22:16 18/10/2009]
    {AB2CE124-6272-4b12-94A9-7303C7397BD1} [10:28 26/07/2010]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [09:03 11/12/2009]
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [16:12 24/05/2010]
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [09:08 19/10/2010]

    C:\Documents and Settings\TM Hupkens\Application Data\Mozilla\Firefox\Profiles\gf0qk2f0.default\extensions\
    {20a82645-c095-46ed-80e3-08825760534b} [09:17 05/05/2010]
    {b749fc7c-e949-447f-926c-3f4eed6accfe} [14:27 12/02/2011]
    {E9A1DEE0-C623-4439-8932-001E7D17607D} [11:45 25/10/2009]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:57 22/10/2009]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:03 11/12/2009]

    -=E.O.F=-

    Heb er wel nog steeds last van…
  • Hoi Kream, je mag nu eerst het volgende doen:

    [b:c7e25dc152]Welk programma[/b:c7e25dc152]: Kaspersky [b:c7e25dc152]TDSSKiller[/b:c7e25dc152]
    [b:c7e25dc152]Waarvoor/waarom[/b:c7e25dc152]: Rootkitscanner
    [b:c7e25dc152]Moeilijkheidsgraad[/b:c7e25dc152]: geen
    [b:c7e25dc152]Downloadlokatie[/b:c7e25dc152]: Dit programma absoluut naar het bureaublad downloaden!
    [b:c7e25dc152]Download[/b:c7e25dc152] [b:c7e25dc152]TDSSKiller[/b:c7e25dc152] [b:c7e25dc152]hier[/b:c7e25dc152].

    [b:c7e25dc152]Installatie[/b:c7e25dc152]:
    [list:c7e25dc152][*:c7e25dc152] pak het bestand uit op je bureaublad.[/list:u:c7e25dc152]

    [b:c7e25dc152]TDSSKiller gebruiken[/b:c7e25dc152]:
    [list:c7e25dc152][*:c7e25dc152]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:c7e25dc152]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:c7e25dc152]Als Administrator uitvoeren[/b:c7e25dc152].
    [*:c7e25dc152] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:c7e25dc152] Post de inhoud van dat log[/list:u:c7e25dc152]
  • 2011/04/15 15:49:10.0125 3944 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/15 15:49:10.0359 3944 ================================================================================
    2011/04/15 15:49:10.0359 3944 SystemInfo:
    2011/04/15 15:49:10.0359 3944
    2011/04/15 15:49:10.0359 3944 OS Version: 5.1.2600 ServicePack: 3.0
    2011/04/15 15:49:10.0359 3944 Product type: Workstation
    2011/04/15 15:49:10.0359 3944 ComputerName: KREAM-F3985CE11
    2011/04/15 15:49:10.0359 3944 UserName: TM Hupkens
    2011/04/15 15:49:10.0359 3944 Windows directory: C:\WINDOWS
    2011/04/15 15:49:10.0359 3944 System windows directory: C:\WINDOWS
    2011/04/15 15:49:10.0359 3944 Processor architecture: Intel x86
    2011/04/15 15:49:10.0359 3944 Number of processors: 4
    2011/04/15 15:49:10.0359 3944 Page size: 0x1000
    2011/04/15 15:49:10.0359 3944 Boot type: Normal boot
    2011/04/15 15:49:10.0359 3944 ================================================================================
    2011/04/15 15:49:14.0500 3944 Initialize success
    2011/04/15 15:49:35.0187 3680 ================================================================================
    2011/04/15 15:49:35.0187 3680 Scan started
    2011/04/15 15:49:35.0187 3680 Mode: Manual;
    2011/04/15 15:49:35.0187 3680 ================================================================================
    2011/04/15 15:49:36.0609 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/15 15:49:36.0671 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/04/15 15:49:36.0734 3680 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
    2011/04/15 15:49:36.0796 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/15 15:49:36.0875 3680 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/15 15:49:37.0000 3680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/04/15 15:49:37.0093 3680 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    2011/04/15 15:49:37.0109 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/15 15:49:37.0156 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/15 15:49:37.0265 3680 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/04/15 15:49:37.0375 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/15 15:49:37.0437 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/15 15:49:37.0515 3680 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/04/15 15:49:37.0546 3680 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/04/15 15:49:37.0562 3680 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/04/15 15:49:37.0609 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/15 15:49:37.0750 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/15 15:49:37.0812 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/15 15:49:37.0843 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/15 15:49:37.0859 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/04/15 15:49:37.0968 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/15 15:49:38.0015 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/15 15:49:38.0031 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/15 15:49:38.0062 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/15 15:49:38.0093 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/15 15:49:38.0140 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/15 15:49:38.0187 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/15 15:49:38.0203 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/04/15 15:49:38.0234 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/15 15:49:38.0265 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/04/15 15:49:38.0312 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/04/15 15:49:38.0328 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/15 15:49:38.0343 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/15 15:49:38.0375 3680 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
    2011/04/15 15:49:38.0781 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/15 15:49:38.0843 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/15 15:49:38.0890 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/04/15 15:49:38.0921 3680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/04/15 15:49:38.0984 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/15 15:49:39.0046 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/04/15 15:49:39.0328 3680 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/04/15 15:49:39.0421 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/04/15 15:49:39.0484 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/04/15 15:49:39.0578 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/15 15:49:39.0593 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/15 15:49:39.0640 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/15 15:49:39.0687 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/15 15:49:39.0765 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/15 15:49:39.0828 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/15 15:49:39.0875 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/15 15:49:39.0906 3680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/04/15 15:49:39.0968 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/15 15:49:40.0031 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/15 15:49:40.0093 3680 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2011/04/15 15:49:40.0109 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/15 15:49:40.0140 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/15 15:49:40.0203 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/15 15:49:40.0250 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/04/15 15:49:40.0250 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/15 15:49:40.0296 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/15 15:49:40.0343 3680 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/15 15:49:40.0359 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/15 15:49:40.0359 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/15 15:49:40.0375 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/15 15:49:40.0390 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/15 15:49:40.0406 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/15 15:49:40.0453 3680 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/15 15:49:40.0468 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/15 15:49:40.0500 3680 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/15 15:49:40.0500 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/15 15:49:40.0531 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/15 15:49:40.0578 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/15 15:49:40.0609 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/15 15:49:40.0640 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/15 15:49:40.0687 3680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/04/15 15:49:40.0703 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/15 15:49:40.0734 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/15 15:49:40.0765 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/15 15:49:40.0796 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/15 15:49:40.0843 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/15 15:49:40.0859 3680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/04/15 15:49:40.0890 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/04/15 15:49:40.0906 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/15 15:49:40.0921 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/15 15:49:40.0937 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/15 15:49:40.0968 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/04/15 15:49:41.0000 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/04/15 15:49:41.0125 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/15 15:49:41.0156 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/15 15:49:41.0171 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/15 15:49:41.0187 3680 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/04/15 15:49:41.0250 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/15 15:49:41.0296 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/15 15:49:41.0312 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/15 15:49:41.0328 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/15 15:49:41.0375 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/15 15:49:41.0406 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/15 15:49:41.0453 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/04/15 15:49:41.0500 3680 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/15 15:49:41.0578 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/04/15 15:49:41.0625 3680 RTLE8023xp (eeb84629064abcb6198864d25bf15b1a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/04/15 15:49:41.0671 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/15 15:49:41.0734 3680 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    2011/04/15 15:49:41.0781 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/04/15 15:49:41.0828 3680 Serial (ddb032b5dc45dca340ff96212248df70) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
    2011/04/15 15:49:41.0875 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/15 15:49:41.0937 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/15 15:49:41.0968 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/15 15:49:42.0031 3680 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/15 15:49:42.0078 3680 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/04/15 15:49:42.0109 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/15 15:49:42.0125 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/15 15:49:42.0203 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/15 15:49:42.0265 3680 TASCAM_US122144 (be3d9cddd7f607b8990353cf06b0c0df) C:\WINDOWS\system32\Drivers\tascusb2.sys
    2011/04/15 15:49:42.0296 3680 TASCAM_US122L_MIDI (e606debbf2c7f59e043db01dc60f4299) C:\WINDOWS\system32\drivers\tscusb2m.sys
    2011/04/15 15:49:42.0328 3680 TASCAM_US122L_WDM (b3e1e0b03d54900ed877cdf285079082) C:\WINDOWS\system32\drivers\tscusb2a.sys
    2011/04/15 15:49:42.0359 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/15 15:49:42.0421 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/15 15:49:42.0468 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/15 15:49:42.0531 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/15 15:49:42.0593 3680 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
    2011/04/15 15:49:42.0640 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/15 15:49:42.0671 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/15 15:49:42.0734 3680 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/04/15 15:49:42.0796 3680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/04/15 15:49:42.0859 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/15 15:49:42.0906 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/15 15:49:42.0953 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/15 15:49:43.0000 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/15 15:49:43.0031 3680 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/15 15:49:43.0062 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/04/15 15:49:43.0125 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/15 15:49:43.0171 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/15 15:49:43.0203 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/15 15:49:43.0250 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/15 15:49:43.0343 3680 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/04/15 15:49:43.0375 3680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/04/15 15:49:43.0390 3680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/04/15 15:49:43.0437 3680 \HardDisk0 - detected Backdoor.Win32.Sinowal.knf (0)
    2011/04/15 15:49:43.0531 3680 ================================================================================
    2011/04/15 15:49:43.0531 3680 Scan finished
    2011/04/15 15:49:43.0531 3680 ================================================================================
    2011/04/15 15:49:43.0546 2712 Detected object count: 1
    2011/04/15 15:49:49.0750 2712 \HardDisk0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
    2011/04/15 15:49:49.0750 2712 \HardDisk0 - ok
    2011/04/15 15:49:49.0750 2712 Backdoor.Win32.Sinowal.knf(\HardDisk0) - User select action: Cure
    2011/04/15 15:50:18.0250 0808 Deinitialize success



    Heb nog niet uitgebreid getest (moet zo werken dus geen tijd) maar het ziet er naar uit dat het weg is. Super bedankt!
  • Hoi Kream, afwachten dus.

    Ga dan straks het volgende doen: [b:23e8d05df8]de ESET online scan (Klik).[/b:23e8d05df8]
    [list:23e8d05df8]
    [*:23e8d05df8]Klik op de knop [b:23e8d05df8]ESET Online Scanner[/b:23e8d05df8]
    [*:23e8d05df8]Zet een vinkje bij [b:23e8d05df8]YES, I accept the Terms of Use[/b:23e8d05df8]
    [*:23e8d05df8]Klik op [b:23e8d05df8]Start[/b:23e8d05df8]
    [*:23e8d05df8]Sta het ActiveX control toe om te installeren.
    [*:23e8d05df8]Klik op [b:23e8d05df8]"Advanced settings"[/b:23e8d05df8]
    [*:23e8d05df8]Zet een vinkje bij de volgende opties:
    [list:23e8d05df8][*:23e8d05df8][b:23e8d05df8]Remove found threats[/b:23e8d05df8]
    [*:23e8d05df8][b:23e8d05df8]Scan archives[/b:23e8d05df8]
    [*:23e8d05df8][b:23e8d05df8]Scan for potentially unwanted applications[/b:23e8d05df8]
    [*:23e8d05df8][b:23e8d05df8]Scan for potentially unsafe applications[/b:23e8d05df8]
    [*:23e8d05df8][b:23e8d05df8]Enable Anti-Stealth technology [/b:23e8d05df8][/list:u:23e8d05df8]
    [*:23e8d05df8]Klik op [b:23e8d05df8]Start[/b:23e8d05df8]
    [*:23e8d05df8]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:23e8d05df8]Je mag het venster sluiten wanneer de scan klaar is.
    [*:23e8d05df8]Gebruik [b:23e8d05df8]Kladblok[/b:23e8d05df8] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:23e8d05df8]log.txt[/b:23e8d05df8]
    [*:23e8d05df8]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:23e8d05df8]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Het afwachten heeft geholpen aangezien ik geen virussen meer had. Nog bedankt daarvoor!
  • Hoi Kream, mooi dat je geen problemen meer hebt, maar ik wil toch graag ter controle dat jij nogmaals TDSSKiller nogmaals laat scannen en dat je vervolgens het log post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.