Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Security Protection virus krijg ik hem niet weg....!

Anoniem
None
49 antwoorden
  • Hallo,
    Ik krijg de laatste tijd op mijn pc (windows xp) veel spam van een zogenaamde Security Protection (malware) programma.
    ik heb hem verwijdert met hijackthis tool en malware scan en heb ik herstelsysteem naar een moment voordat deze problemen zich voordeden.maar zonder succes ,hij komt weer terug als ik op internet ga surfen.
    Zouden jullie willen kijken hoe dit probleem opgelost kan worden?
    Alvast bedankt voor jullie medewerking!
  • Als eerste nogmaals MBAM draaien en het log hier posten.
    Zelfde voor hijackthis, ook draaien en log hier posten.
    Dan kan er verder naar gekeken worden.
  • Hier is MBAM log:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7610

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    30-8-2011 18:39:23
    mbam-log-2011-08-30 (18-39-23).txt

    Scantype: Snelle scan
    Objecten gescand: 181647
    Verstreken tijd: 7 minuut/minuten, 6 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\documents and settings\all users\application data\common.data (Malware.Trace) -> Quarantined and deleted successfully.


    Hier is hijackthis log:
    [b:fd222a6a3a]
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:40:37, on 30-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282500157953
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Documents and Settings\A.H\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Documents and Settings\A.H\Local Settings\Application Data\CrossLoop\tvnserver.exe
    O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe


    End of file - 7451 bytes
    [/b:fd222a6a3a][b:fd222a6a3a][/b:fd222a6a3a][b:fd222a6a3a][/b:fd222a6a3a]
  • Hoi Sander, die rogue in jouw Windows krijg je ook niet zomaar weg!
    Dat komt omdat er ook een MBR-rootkit bij zit!

    [b:501afb7d6b]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:501afb7d6b]
  • Abraham54,
    ik ga aan de slag ,je hoort nog van mij
  • Abraham54, ,
    je bent een held,hij is weg
    ik heb je instructies gevolgd en het probleem is opgelost.ik was 3 dagen bezig om de rogue weg te krijgen
    dank je voor de hulp
  • Hoi Sander, wil jij wel alle logs posten die ik gevraagd heb.
    Want ik vind het belangrijk samen met jouw te onderzoeken waarom jij dat kreng in jouw Windows hebt gekregen.
  • Hoi Abraham54

    Hier is de logs:
    TDSSKiller Log:
    2011/08/30 20:14:27.0328 1764 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
    2011/08/30 20:14:27.0812 1764 ================================================================================
    2011/08/30 20:14:27.0812 1764 SystemInfo:
    2011/08/30 20:14:27.0812 1764
    2011/08/30 20:14:27.0812 1764 OS Version: 5.1.2600 ServicePack: 3.0
    2011/08/30 20:14:27.0812 1764 Product type: Workstation
    2011/08/30 20:14:27.0828 1764 ComputerName: COOLMASTER
    2011/08/30 20:14:27.0828 1764
    2011/08/30 20:14:27.0828 1764 Windows directory: C:\WINDOWS
    2011/08/30 20:14:27.0828 1764 System windows directory: C:\WINDOWS
    2011/08/30 20:14:27.0828 1764 Processor architecture: Intel x86
    2011/08/30 20:14:27.0828 1764 Number of processors: 2
    2011/08/30 20:14:27.0828 1764 Page size: 0x1000
    2011/08/30 20:14:27.0828 1764 Boot type: Safe boot with network
    2011/08/30 20:14:27.0828 1764 ================================================================================
    2011/08/30 20:14:31.0453 1764 Initialize success
    2011/08/30 20:14:32.0953 0116 ================================================================================
    2011/08/30 20:14:32.0953 0116 Scan started
    2011/08/30 20:14:32.0953 0116 Mode: Manual;
    2011/08/30 20:14:32.0953 0116 ================================================================================
    2011/08/30 20:14:37.0437 0116 713xTVCard (e9de5148c0a9829e9e3bcf8a93d035c1) C:\WINDOWS\system32\DRIVERS\SAA713x.sys
    2011/08/30 20:14:38.0578 0116 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/08/30 20:14:39.0140 0116 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/08/30 20:14:39.0984 0116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/08/30 20:14:40.0578 0116 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/08/30 20:14:41.0156 0116 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/08/30 20:14:43.0500 0116 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/08/30 20:14:44.0093 0116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/08/30 20:14:44.0187 0116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/08/30 20:14:44.0265 0116 ateuzdkh (0787f6b8d1d81487ec7988ddb00e30be) C:\WINDOWS\system32\drivers\ateuzdkh.sys
    2011/08/30 20:14:44.0265 0116 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ateuzdkh.sys. md5: 0787f6b8d1d81487ec7988ddb00e30be
    2011/08/30 20:14:44.0296 0116 ateuzdkh - detected LockedFile.Multi.Generic (1)
    2011/08/30 20:14:45.0296 0116 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/08/30 20:14:47.0562 0116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/08/30 20:14:47.0828 0116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/08/30 20:14:48.0281 0116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/08/30 20:14:48.0437 0116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/08/30 20:14:48.0531 0116 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/08/30 20:14:49.0031 0116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/08/30 20:14:49.0375 0116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/08/30 20:14:49.0640 0116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/08/30 20:14:51.0265 0116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/08/30 20:14:51.0625 0116 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/08/30 20:14:52.0140 0116 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/08/30 20:14:52.0406 0116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/08/30 20:14:52.0609 0116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/08/30 20:14:53.0125 0116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/08/30 20:14:53.0312 0116 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/08/30 20:14:54.0015 0116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/08/30 20:14:54.0593 0116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/08/30 20:14:55.0062 0116 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/08/30 20:14:55.0375 0116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/08/30 20:14:55.0734 0116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/08/30 20:14:56.0250 0116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/08/30 20:14:56.0625 0116 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/08/30 20:14:57.0015 0116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/08/30 20:14:57.0312 0116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/08/30 20:14:57.0890 0116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/08/30 20:14:58.0328 0116 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/08/30 20:14:58.0468 0116 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/08/30 20:14:58.0781 0116 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/08/30 20:14:59.0000 0116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/08/30 20:14:59.0562 0116 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/08/30 20:14:59.0812 0116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/08/30 20:15:00.0828 0116 IntcAzAudAddService (9f6320e7b0c43e4e5693e1515ba5595c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/08/30 20:15:02.0250 0116 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/08/30 20:15:02.0656 0116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/08/30 20:15:03.0046 0116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/08/30 20:15:03.0375 0116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/08/30 20:15:03.0500 0116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/08/30 20:15:03.0765 0116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/08/30 20:15:03.0984 0116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/08/30 20:15:04.0250 0116 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/08/30 20:15:04.0734 0116 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/08/30 20:15:05.0187 0116 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/08/30 20:15:05.0625 0116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/08/30 20:15:06.0234 0116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/08/30 20:15:06.0562 0116 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/08/30 20:15:07.0046 0116 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2011/08/30 20:15:08.0312 0116 LVcKap (3eb293211b3adfa50c5bd84660c6ef33) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    2011/08/30 20:15:09.0546 0116 LVMVDrv (f323ba024da94ec7524755a3b3625097) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    2011/08/30 20:15:10.0453 0116 LVPr2Mon (6a5ceed6a3fa358a42654e7876cc81de) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    2011/08/30 20:15:10.0703 0116 LVUSBSta (259690a8ea2d9164aba9cb80a9c3ddb1) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/08/30 20:15:11.0062 0116 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
    2011/08/30 20:15:11.0250 0116 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/08/30 20:15:11.0468 0116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/08/30 20:15:11.0625 0116 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/08/30 20:15:11.0843 0116 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/08/30 20:15:12.0031 0116 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/08/30 20:15:12.0218 0116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/08/30 20:15:12.0281 0116 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/08/30 20:15:12.0421 0116 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/08/30 20:15:13.0015 0116 MpKsld2575547 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96C439F9-DF5D-4685-AE0A-6DCA30631AFB}\MpKsld2575547.sys
    2011/08/30 20:15:13.0390 0116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/08/30 20:15:13.0593 0116 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/08/30 20:15:13.0875 0116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/08/30 20:15:14.0078 0116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/08/30 20:15:14.0265 0116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/08/30 20:15:14.0312 0116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/08/30 20:15:14.0437 0116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/08/30 20:15:14.0625 0116 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/08/30 20:15:14.0765 0116 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/08/30 20:15:14.0875 0116 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/08/30 20:15:15.0093 0116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/08/30 20:15:15.0265 0116 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/08/30 20:15:15.0359 0116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    2011/08/30 20:15:15.0437 0116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    2011/08/30 20:15:15.0687 0116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    2011/08/30 20:15:15.0953 0116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/08/30 20:15:16.0078 0116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    2011/08/30 20:15:16.0343 0116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    2011/08/30 20:15:16.0578 0116 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    2011/08/30 20:15:17.0234 0116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/08/30 20:15:17.0359 0116 NTACCESS (cdc47ed4de1b7ac00eea6ece05afe63e) D:\MSI drivers\G71-MI31013 (E)\NTACCESS.sys
    2011/08/30 20:15:17.0656 0116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/08/30 20:15:17.0828 0116 NtFsLdf20 (07514c37c52551bf9fb52f54e19eb0f1) C:\WINDOWS\system32\drivers\NtFsLdf20.sys
    2011/08/30 20:15:17.0968 0116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/08/30 20:15:18.0015 0116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    2011/08/30 20:15:18.0125 0116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    2011/08/30 20:15:18.0218 0116 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/08/30 20:15:18.0328 0116 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/08/30 20:15:18.0593 0116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/08/30 20:15:18.0781 0116 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/08/30 20:15:19.0046 0116 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/08/30 20:15:19.0187 0116 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/08/30 20:15:19.0484 0116 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/08/30 20:15:20.0265 0116 pepifilter (c7c8310572eaee3b55ae1af150089c9b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    2011/08/30 20:15:21.0156 0116 PID_PEPI (108fa5084016074ba50856aac1f2bcc9) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    2011/08/30 20:15:21.0578 0116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/08/30 20:15:21.0734 0116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/08/30 20:15:22.0015 0116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/08/30 20:15:22.0718 0116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/08/30 20:15:22.0937 0116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/08/30 20:15:23.0140 0116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/08/30 20:15:23.0375 0116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/08/30 20:15:23.0609 0116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/08/30 20:15:23.0656 0116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/08/30 20:15:23.0765 0116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/08/30 20:15:23.0984 0116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/08/30 20:15:24.0078 0116 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/08/30 20:15:24.0281 0116 rt2870 (84beaf4a13a36cb9bb0663df9089cea2) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    2011/08/30 20:15:24.0515 0116 RTLE8023xp (e6e5af7d6920824b066832d3e1665506) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/08/30 20:15:24.0656 0116 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2011/08/30 20:15:24.0890 0116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/08/30 20:15:25.0046 0116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/08/30 20:15:25.0187 0116 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/08/30 20:15:25.0296 0116 SetupNTGLM7X (b1604d6ab464bed672bb28251bc29c4e) D:\MSI drivers\G71-MI31013 (E)\NTGLM7X.sys
    2011/08/30 20:15:25.0484 0116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/08/30 20:15:25.0718 0116 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/08/30 20:15:26.0015 0116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/08/30 20:15:26.0078 0116 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/08/30 20:15:26.0140 0116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/08/30 20:15:26.0250 0116 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/08/30 20:15:26.0296 0116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/08/30 20:15:26.0390 0116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/08/30 20:15:26.0656 0116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/08/30 20:15:26.0781 0116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/08/30 20:15:26.0890 0116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/08/30 20:15:27.0031 0116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/08/30 20:15:27.0093 0116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/08/30 20:15:27.0250 0116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/08/30 20:15:27.0500 0116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/08/30 20:15:27.0843 0116 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/08/30 20:15:27.0906 0116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/08/30 20:15:28.0093 0116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/08/30 20:15:28.0296 0116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/08/30 20:15:28.0453 0116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/08/30 20:15:28.0640 0116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/08/30 20:15:28.0796 0116 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2011/08/30 20:15:28.0968 0116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/08/30 20:15:29.0015 0116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/08/30 20:15:29.0078 0116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/08/30 20:15:29.0296 0116 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
    2011/08/30 20:15:29.0500 0116 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/08/30 20:15:29.0734 0116 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
    2011/08/30 20:15:29.0906 0116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/08/30 20:15:30.0031 0116 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/08/30 20:15:30.0109 0116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/08/30 20:15:30.0312 0116 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/08/30 20:15:30.0453 0116 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/08/30 20:15:30.0578 0116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/08/30 20:15:30.0718 0116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/08/30 20:15:30.0859 0116 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    2011/08/30 20:15:31.0609 0116 Boot (0x1200) (127dae58ca193d5731c4c2d21c81bc8e) \Device\Harddisk0\DR0\Partition0
    2011/08/30 20:15:31.0656 0116 Boot (0x1200) (3a1019a3795dc3ef11cc123121dfcdad) \Device\Harddisk0\DR0\Partition1
    2011/08/30 20:15:31.0671 0116 ================================================================================
    2011/08/30 20:15:31.0671 0116 Scan finished
    2011/08/30 20:15:31.0671 0116 ================================================================================
    2011/08/30 20:15:31.0703 2040 Detected object count: 1
    2011/08/30 20:15:31.0703 2040 Actual detected object count: 1
    2011/08/30 20:16:08.0812 2040 HKLM\SYSTEM\ControlSet001\services\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0812 2040 HKLM\SYSTEM\ControlSet001\control\safeboot\Minimal\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0812 2040 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0843 2040 HKLM\SYSTEM\ControlSet003\services\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0875 2040 HKLM\SYSTEM\ControlSet003\control\safeboot\Minimal\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0890 2040 HKLM\SYSTEM\ControlSet003\control\safeboot\Network\ateuzdkh - will be deleted after reboot
    2011/08/30 20:16:08.0890 2040 C:\WINDOWS\system32\drivers\ateuzdkh.sys - will be deleted after reboot
    2011/08/30 20:16:08.0890 2040 LockedFile.Multi.Generic(ateuzdkh) - User select action: Delete
    2011/08/30 20:16:26.0312 1760 Deinitialize success


    Hier is Malwarebytes log:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7613

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    30-8-2011 20:29:45
    mbam-log-2011-08-30 (20-29-45).txt

    Scantype: Snelle scan
    Objecten gescand: 181835
    Verstreken tijd: 1 minuut/minuten, 59 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\documents and settings\all users\application data\common.data (Malware.Trace) -> Quarantined and deleted successfully.







  • Mooi zo.

    Wil je TDSSKiller opnieuw laten scannen en daarvan het log weer posten!
  • Hier is TDSSKiller log:

    2011/08/31 22:31:48.0921 0944 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
    2011/08/31 22:31:49.0062 0944 ================================================================================
    2011/08/31 22:31:49.0062 0944 SystemInfo:
    2011/08/31 22:31:49.0062 0944
    2011/08/31 22:31:49.0062 0944 OS Version: 5.1.2600 ServicePack: 3.0
    2011/08/31 22:31:49.0062 0944 Product type: Workstation
    2011/08/31 22:31:49.0062 0944 ComputerName: COOLMASTER
    2011/08/31 22:31:49.0062 0944 UserName: A.H
    2011/08/31 22:31:49.0062 0944 Windows directory: C:\WINDOWS
    2011/08/31 22:31:49.0062 0944 System windows directory: C:\WINDOWS
    2011/08/31 22:31:49.0062 0944 Processor architecture: Intel x86
    2011/08/31 22:31:49.0062 0944 Number of processors: 2
    2011/08/31 22:31:49.0062 0944 Page size: 0x1000
    2011/08/31 22:31:49.0062 0944 Boot type: Normal boot
    2011/08/31 22:31:49.0062 0944 ================================================================================
    2011/08/31 22:31:50.0578 0944 Initialize success
    2011/08/31 22:31:52.0078 3816 ================================================================================
    2011/08/31 22:31:52.0078 3816 Scan started
    2011/08/31 22:31:52.0078 3816 Mode: Manual;
    2011/08/31 22:31:52.0078 3816 ================================================================================
    2011/08/31 22:31:52.0890 3816 713xTVCard (e9de5148c0a9829e9e3bcf8a93d035c1) C:\WINDOWS\system32\DRIVERS\SAA713x.sys
    2011/08/31 22:31:52.0953 3816 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/08/31 22:31:53.0000 3816 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/08/31 22:31:53.0031 3816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/08/31 22:31:53.0078 3816 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/08/31 22:31:53.0203 3816 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/08/31 22:31:53.0328 3816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/08/31 22:31:53.0406 3816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/08/31 22:31:53.0453 3816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/08/31 22:31:53.0656 3816 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/08/31 22:31:53.0828 3816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/08/31 22:31:53.0890 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/08/31 22:31:53.0953 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/08/31 22:31:53.0968 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/08/31 22:31:54.0046 3816 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/08/31 22:31:54.0093 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/08/31 22:31:54.0140 3816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/08/31 22:31:54.0156 3816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/08/31 22:31:54.0296 3816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/08/31 22:31:54.0343 3816 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/08/31 22:31:54.0453 3816 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/08/31 22:31:54.0484 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/08/31 22:31:54.0531 3816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/08/31 22:31:54.0593 3816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/08/31 22:31:54.0625 3816 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/08/31 22:31:54.0656 3816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/08/31 22:31:54.0703 3816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/08/31 22:31:54.0718 3816 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/08/31 22:31:54.0734 3816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/08/31 22:31:54.0750 3816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/08/31 22:31:54.0781 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/08/31 22:31:54.0796 3816 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/08/31 22:31:54.0828 3816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/08/31 22:31:54.0921 3816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/08/31 22:31:54.0984 3816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/08/31 22:31:55.0046 3816 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/08/31 22:31:55.0078 3816 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/08/31 22:31:55.0093 3816 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/08/31 22:31:55.0140 3816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/08/31 22:31:55.0265 3816 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/08/31 22:31:55.0312 3816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/08/31 22:31:55.0468 3816 IntcAzAudAddService (9f6320e7b0c43e4e5693e1515ba5595c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/08/31 22:31:55.0640 3816 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/08/31 22:31:55.0671 3816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/08/31 22:31:55.0687 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/08/31 22:31:55.0703 3816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/08/31 22:31:55.0734 3816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/08/31 22:31:55.0750 3816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/08/31 22:31:55.0781 3816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/08/31 22:31:55.0796 3816 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/08/31 22:31:55.0828 3816 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/08/31 22:31:55.0859 3816 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/08/31 22:31:55.0906 3816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/08/31 22:31:56.0140 3816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/08/31 22:31:56.0281 3816 LVcKap (3eb293211b3adfa50c5bd84660c6ef33) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    2011/08/31 22:31:56.0437 3816 LVMVDrv (f323ba024da94ec7524755a3b3625097) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    2011/08/31 22:31:56.0546 3816 LVPr2Mon (6a5ceed6a3fa358a42654e7876cc81de) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    2011/08/31 22:31:56.0609 3816 LVUSBSta (259690a8ea2d9164aba9cb80a9c3ddb1) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/08/31 22:31:56.0687 3816 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
    2011/08/31 22:31:56.0718 3816 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/08/31 22:31:56.0750 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/08/31 22:31:56.0843 3816 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/08/31 22:31:56.0875 3816 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/08/31 22:31:56.0906 3816 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/08/31 22:31:56.0953 3816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/08/31 22:31:57.0015 3816 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/08/31 22:31:57.0046 3816 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/08/31 22:31:57.0187 3816 MpKsl88fec493 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96C439F9-DF5D-4685-AE0A-6DCA30631AFB}\MpKsl88fec493.sys
    2011/08/31 22:31:57.0359 3816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/08/31 22:31:57.0406 3816 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/08/31 22:31:57.0437 3816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/08/31 22:31:57.0515 3816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/08/31 22:31:57.0593 3816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/08/31 22:31:57.0656 3816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/08/31 22:31:57.0687 3816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/08/31 22:31:57.0718 3816 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/08/31 22:31:57.0890 3816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/08/31 22:31:58.0000 3816 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/08/31 22:31:58.0234 3816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/08/31 22:31:58.0468 3816 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/08/31 22:31:58.0531 3816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    2011/08/31 22:31:58.0546 3816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    2011/08/31 22:31:58.0562 3816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    2011/08/31 22:31:58.0609 3816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/08/31 22:31:58.0625 3816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    2011/08/31 22:31:58.0656 3816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    2011/08/31 22:31:58.0703 3816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    2011/08/31 22:31:58.0890 3816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/08/31 22:31:58.0921 3816 NTACCESS (cdc47ed4de1b7ac00eea6ece05afe63e) D:\MSI drivers\G71-MI31013 (E)\NTACCESS.sys
    2011/08/31 22:31:59.0000 3816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/08/31 22:31:59.0031 3816 NtFsLdf20 (07514c37c52551bf9fb52f54e19eb0f1) C:\WINDOWS\system32\drivers\NtFsLdf20.sys
    2011/08/31 22:31:59.0093 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/08/31 22:31:59.0265 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    2011/08/31 22:31:59.0296 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    2011/08/31 22:31:59.0343 3816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/08/31 22:31:59.0484 3816 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/08/31 22:31:59.0578 3816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/08/31 22:31:59.0640 3816 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/08/31 22:31:59.0671 3816 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/08/31 22:31:59.0718 3816 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/08/31 22:31:59.0734 3816 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/08/31 22:31:59.0843 3816 pepifilter (c7c8310572eaee3b55ae1af150089c9b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    2011/08/31 22:31:59.0953 3816 PID_PEPI (108fa5084016074ba50856aac1f2bcc9) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    2011/08/31 22:32:00.0062 3816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/08/31 22:32:00.0093 3816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/08/31 22:32:00.0125 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/08/31 22:32:00.0218 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/08/31 22:32:00.0234 3816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/08/31 22:32:00.0265 3816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/08/31 22:32:00.0281 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/08/31 22:32:00.0296 3816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/08/31 22:32:00.0328 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/08/31 22:32:00.0343 3816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/08/31 22:32:00.0390 3816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/08/31 22:32:00.0578 3816 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/08/31 22:32:00.0671 3816 rt2870 (84beaf4a13a36cb9bb0663df9089cea2) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    2011/08/31 22:32:00.0734 3816 RTLE8023xp (e6e5af7d6920824b066832d3e1665506) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/08/31 22:32:00.0859 3816 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2011/08/31 22:32:01.0000 3816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/08/31 22:32:01.0046 3816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/08/31 22:32:01.0093 3816 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/08/31 22:32:01.0187 3816 SetupNTGLM7X (b1604d6ab464bed672bb28251bc29c4e) D:\MSI drivers\G71-MI31013 (E)\NTGLM7X.sys
    2011/08/31 22:32:01.0250 3816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/08/31 22:32:01.0296 3816 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/08/31 22:32:01.0343 3816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/08/31 22:32:01.0437 3816 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/08/31 22:32:01.0500 3816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/08/31 22:32:01.0515 3816 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/08/31 22:32:01.0546 3816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/08/31 22:32:01.0609 3816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/08/31 22:32:01.0687 3816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/08/31 22:32:01.0750 3816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/08/31 22:32:01.0812 3816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/08/31 22:32:01.0875 3816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/08/31 22:32:01.0906 3816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/08/31 22:32:02.0000 3816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/08/31 22:32:02.0031 3816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/08/31 22:32:02.0093 3816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/08/31 22:32:02.0140 3816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/08/31 22:32:02.0203 3816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/08/31 22:32:02.0250 3816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/08/31 22:32:02.0296 3816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/08/31 22:32:02.0312 3816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/08/31 22:32:02.0375 3816 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2011/08/31 22:32:02.0421 3816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/08/31 22:32:02.0546 3816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/08/31 22:32:02.0781 3816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/08/31 22:32:02.0843 3816 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
    2011/08/31 22:32:02.0921 3816 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/08/31 22:32:02.0968 3816 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
    2011/08/31 22:32:03.0062 3816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/08/31 22:32:03.0125 3816 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/08/31 22:32:03.0203 3816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/08/31 22:32:03.0312 3816 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/08/31 22:32:03.0343 3816 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/08/31 22:32:03.0421 3816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/08/31 22:32:03.0453 3816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/08/31 22:32:03.0515 3816 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    2011/08/31 22:32:03.0593 3816 Boot (0x1200) (127dae58ca193d5731c4c2d21c81bc8e) \Device\Harddisk0\DR0\Partition0
    2011/08/31 22:32:03.0625 3816 Boot (0x1200) (3a1019a3795dc3ef11cc123121dfcdad) \Device\Harddisk0\DR0\Partition1
    2011/08/31 22:32:03.0625 3816 ================================================================================
    2011/08/31 22:32:03.0625 3816 Scan finished
    2011/08/31 22:32:03.0625 3816 ================================================================================
    2011/08/31 22:32:03.0640 1952 Detected object count: 0
    2011/08/31 22:32:03.0640 1952 Actual detected object count: 0







  • Prima en mooi zo.

    We gaan dieper kijken:

    [b:4fa7e85f07]Welk programma[/b:4fa7e85f07]: ComboFix
    [b:4fa7e85f07]Waarvoor/waarom[/b:4fa7e85f07]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:4fa7e85f07]Moeilijkheidsgraad[/b:4fa7e85f07]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:4fa7e85f07]Downloadlokatie[/b:4fa7e85f07]: Dit programma absoluut naar het bureaublad downloaden!
    [b:4fa7e85f07]Download ComboFix via één van deze locaties[/b:4fa7e85f07]:
    [list:4fa7e85f07][*:4fa7e85f07][b:4fa7e85f07]Bleepingcomputer[/b:4fa7e85f07]
    [*:4fa7e85f07][b:4fa7e85f07]ForoSpyware[/b:4fa7e85f07]
    [*:4fa7e85f07][b:4fa7e85f07]Geekstogo[/b:4fa7e85f07][/list:u:4fa7e85f07]
    [b:4fa7e85f07]Hier[/b:4fa7e85f07] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:4fa7e85f07]Hier[/b:4fa7e85f07] en [b:4fa7e85f07]hier[/b:4fa7e85f07] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:4fa7e85f07]Voor alle duidelijkheid nogmaals[/b:4fa7e85f07]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:4fa7e85f07]Opmerkingen[/b:4fa7e85f07]:
    [list:4fa7e85f07][*:4fa7e85f07] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:4fa7e85f07]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:4fa7e85f07]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:4fa7e85f07]
    [b:4fa7e85f07]ComboFix is opgestart[/b:4fa7e85f07]:
    [list:4fa7e85f07][*:4fa7e85f07]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:4fa7e85f07]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:4fa7e85f07]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:4fa7e85f07]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:4fa7e85f07]Post de inhoud van dit logbestand in je volgende bericht.
    [*:4fa7e85f07]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4fa7e85f07]
    [b:4fa7e85f07]Belangrijke opmerking[/b:4fa7e85f07]:
    [list:4fa7e85f07][*:4fa7e85f07][b:4fa7e85f07]
  • Hier is logbestand van ComboFix:

    ComboFix 11-09-01.02 - A.H 01-09-2011 17:30:28.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1408 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\A.H\Bureaublad\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\A.H\Application Data\24U
    c:\documents and settings\A.H\Application Data\Adobe\plugs
    c:\documents and settings\A.H\Application Data\Adobe\shed
    c:\documents and settings\A.H\Application Data\Cage
    c:\documents and settings\A.H\Application Data\Cage\ungu.exe
    c:\documents and settings\A.H\Application Data\Noyt
    c:\documents and settings\A.H\Application Data\Noyt\utsy.exe
    c:\documents and settings\A.H\Mijn documenten\DPE.DUS
    c:\documents and settings\All Users\Application Data\24U
    c:\documents and settings\All Users\Application Data\jL02300CkEcP02300
    c:\documents and settings\All Users\Application Data\jL02300CkEcP02300\jL02300CkEcP02300
    c:\documents and settings\All Users\Application Data\jL02300CkEcP02300\jL02300CkEcP02300.exe
    c:\windows\462B3D83.exe
    c:\windows\60415A8A.exe
    c:\windows\ehome\medctrro.exe
    c:\windows\iun6002.exe
    c:\windows\system32\lvci1201278.dll
    c:\windows\winhelp.ini
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-08-01 to 2011-09-01 ))))))))))))))))))))))))))))))
    .
    .
    2011-09-01 15:05 . 2011-09-01 15:05 28752 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96C439F9-DF5D-4685-AE0A-6DCA30631AFB}\MpKsl38c8cce5.sys
    2011-08-30 18:41 . 2011-08-30 18:41 ——– d—–w- c:\program files\Common Files\Java
    2011-08-30 12:45 . 2011-05-04 00:25 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2011-08-30 12:26 . 2011-09-01 15:17 ——– d–h–r- c:\documents and settings\A.H\Onlangs geopend
    2011-08-29 18:37 . 2011-08-29 18:37 ——– d-sh–w- c:\documents and settings\NetworkService\IETldCache
    2011-08-29 15:20 . 2011-08-29 15:20 94768 —-a-w- c:\windows\system32\drivers\86650235.sys
    2011-08-29 11:33 . 2011-08-16 06:48 7152464 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96C439F9-DF5D-4685-AE0A-6DCA30631AFB}\mpengine.dll
    2011-08-29 07:35 . 2008-04-14 17:03 140800 —-a-w- C:\Explorer .exe.exe
    2011-08-28 17:43 . 2011-08-28 17:43 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-08-28 14:39 . 2011-08-29 17:53 ——– d—–w- c:\documents and settings\All Users\Application Data\hB02300EmJnP02300
    2011-08-28 09:01 . 2011-08-28 09:01 ——– d—–w- c:\program files\Lavasoft
    2011-08-02 18:06 . 2011-08-02 18:06 ——– d—–w- c:\documents and settings\A.H\Local Settings\Application Data\ALK_Technologies
    2011-08-02 18:05 . 2011-08-02 18:05 ——– d—–w- c:\documents and settings\A.H\Application Data\ALK Technologies
    2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\documents and settings\A.H\Local Settings\Application Data\Downloaded Installations
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-10 20:34 . 2011-05-18 06:40 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-23 21:02 . 2006-03-02 12:00 26112 —-a-w- c:\windows\system32\userinit.exe
    2011-07-06 17:52 . 2010-08-23 09:15 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 17:52 . 2010-08-23 09:15 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-28 17:16 . 2011-06-25 16:51 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-28 06:55 . 2003-03-18 19:14 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2011-06-28 06:55 . 2003-02-21 03:42 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2011-06-07 15:55 . 2011-07-23 12:59 7074640 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-06-07 15:55 . 2011-07-03 15:57 7074640 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-08-31 17:24 . 2011-04-30 18:47 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-18 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CLJ"="0 (0x0)" [X]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^A.H^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\documents and settings\A.H\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 1000 series.lnk
    backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Remote Control.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Remote Control.lnk
    backup=c:\windows\pss\Remote Control.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-11 20:43 640376 -c–a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 00:25 37232 -c–a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-08 04:02 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2007-09-27 21:10 122880 -c—-w- c:\program files\Cyberlink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 -c–a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    2010-10-17 19:38 1259008 -c–a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2006-12-22 10:27 497176 -c–a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2006-12-22 10:28 756248 -c–a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-07-06 17:52 449584 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 08:17 5252408 —-a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2011-06-15 13:16 997920 —-a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    2007-09-29 14:53 2680104 -c—-w- c:\program files\Cyberlink\Power2Go\Power2GoExpress.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-06-16 08:52 167936 -c–a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2006-07-21 08:14 86016 -c–a-w- c:\windows\SoundMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-09-18 15:47 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-06-28 06:55 273544 —-a-w- c:\program files\real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\GameTop.com\\Extreme Racers\\Extreme Racers.exe"=
    "c:\\Documents and Settings\\A.H\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
    "c:\\Documents and Settings\\A.H\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
    "c:\\Documents and Settings\\A.H\\Local Settings\\Application Data\\CrossLoop\\CrossLoopConnect.exe"=
    "c:\\Documents and Settings\\A.H\\Mijn documenten\\Burggraaf it\\SimpelFact280\\Simpelfact.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5910:TCP"= 5910:TCP:vnc5910
    "1048:UDP"= 1048:UDP:Windows Media Format SDK (Radio Online.exe)
    "1049:UDP"= 1049:UDP:Windows Media Format SDK (Radio Online.exe)
    .
    R1 MpKsl38c8cce5;MpKsl38c8cce5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96C439F9-DF5D-4685-AE0A-6DCA30631AFB}\MpKsl38c8cce5.sys [1-9-2011 17:05 28752]
    R1 NtFsLdf20;NtFsLdf20;c:\windows\system32\drivers\NtFsLdf20.sys [10-5-2011 20:15 31342]
    R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [22-8-2010 22:26 277504]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [3-9-2010 21:17 29416]
    S0 hejyyp;hejyyp;c:\windows\system32\drivers\xmtwrl.sys –> c:\windows\system32\drivers\xmtwrl.sys [?]
    S1 MpKsl30c86916;MpKsl30c86916;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{503438A8-022C-4E2F-B779-D32008976D6E}\MpKsl30c86916.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{503438A8-022C-4E2F-B779-D32008976D6E}\MpKsl30c86916.sys [?]
    S1 MpKsl6330eb50;MpKsl6330eb50;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E49FC01-9572-4F5E-833F-BEB95918D6A1}\MpKsl6330eb50.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E49FC01-9572-4F5E-833F-BEB95918D6A1}\MpKsl6330eb50.sys [?]
    S1 MpKsl649efe35;MpKsl649efe35;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{930C8F88-80D6-430D-B7B2-6171D7593328}\MpKsl649efe35.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{930C8F88-80D6-430D-B7B2-6171D7593328}\MpKsl649efe35.sys [?]
    S1 MpKsl960797a2;MpKsl960797a2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E49FC01-9572-4F5E-833F-BEB95918D6A1}\MpKsl960797a2.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E49FC01-9572-4F5E-833F-BEB95918D6A1}\MpKsl960797a2.sys [?]
    S1 MpKslc0390cee;MpKslc0390cee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{503438A8-022C-4E2F-B779-D32008976D6E}\MpKslc0390cee.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{503438A8-022C-4E2F-B779-D32008976D6E}\MpKslc0390cee.sys [?]
    S1 MpKslce195e3b;MpKslce195e3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD0DD1E9-92E8-4C3D-8C8A-2E086D18DE8C}\MpKslce195e3b.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD0DD1E9-92E8-4C3D-8C8A-2E086D18DE8C}\MpKslce195e3b.sys [?]
    S2 CrossLoopService;CrossLoop Service;c:\documents and settings\A.H\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [3-1-2011 23:20 560848]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18-9-2010 17:47 136176]
    S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys –> c:\windows\system32\DRIVERS\3xHybrid.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18-9-2010 17:47 136176]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys –> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23-8-2010 11:15 22712]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23-8-2010 11:15 41272]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
    mwcdnsu.sys –> c:\windows\system32\drivers
    mwcdnsu.sys [?]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
    mwcdnsuc.sys –> c:\windows\system32\drivers
    mwcdnsuc.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;d:\msi drivers\G71-MI31013 (E)\NTGLM7X.SYS [13-7-2008 17:36 27648]
    S3 tvnserver;TightVNC Server;c:\documents and settings\A.H\Local Settings\Application Data\CrossLoop\tvnserver.exe [3-1-2011 23:20 814080]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23-8-2010 11:15 366640]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - MPKSL38C8CCE5
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 15:47]
    .
    2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 15:47]
    .
    2011-09-01 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
    .
    2011-08-21 c:\windows\Tasks\prismDowngrade.job
    - c:\program files\NCH Software\Prism\prism.exe [2011-02-19 14:44]
    .
    2011-08-21 c:\windows\Tasks\prismShakeIcon.job
    - c:\program files\NCH Software\Prism\prism.exe [2011-02-19 14:44]
    .
    2011-09-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-838170752-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
    .
    2011-09-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-838170752-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.com/
    IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    FF - ProfilePath - c:\documents and settings\A.H\Application Data\Mozilla\Firefox\Profiles\bc8s1z62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=nl&q=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-92160549.sys
    MSConfigStartUp-Hiyo - c:\program files\HiYo\bin\HiYo.exe
    MSConfigStartUp-KeePass 2 PreLoad - c:\program files\KeePass Password Safe 2\KeePass.exe
    MSConfigStartUp-LogitechSetup - e:\setup\Setup.exe
    MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    MSConfigStartUp-{1A8104E5-370E-7E05-4B95-FFDF8C732415} - c:\documents and settings\A.H\Application Data\Ifyta\zako.exe
    AddRemove-Uninstall WYSIWYG Web Builder 7 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-01 17:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CLJ = 63
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(1012)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Voltooingstijd: 2011-09-01 17:35:36
    ComboFix-quarantined-files.txt 2011-09-01 15:35
    .
    Pre-Run: 78.707.339.264 bytes beschikbaar
    Post-Run: 79.072.116.736 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 7DFFF6CDBA0580C7B71FD3DB295FFC85



  • Doe het volgende:

    [b:1ae702092b]Welk programma[/b:1ae702092b]: "aswMBR.exe'
    [b:1ae702092b]Waarvoor/waarom[/b:1ae702092b]: MBR-Rootkitscanner
    [b:1ae702092b]Moeilijkheidsgraad[/b:1ae702092b]: geen
    [b:1ae702092b]Downloadlokatie[/b:1ae702092b]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:1ae702092b]Download[/b:1ae702092b] [b:1ae702092b]aswMBR.exe[/b:1ae702092b] [b:1ae702092b]hier[/b:1ae702092b].


    [b:1ae702092b]aswMBR.exe gebruiken[/b:1ae702092b]:
    [list:1ae702092b][*:1ae702092b]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:1ae702092b]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:1ae702092b]Als Administrator uitvoeren[/b:1ae702092b].[/list:u:1ae702092b]

    [img:1ae702092b]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:1ae702092b]
    [list:1ae702092b][*:1ae702092b] Klik nu in het zwarte scherm op de knop [b:1ae702092b]Scan[/b:1ae702092b]
    [*:1ae702092b] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:1ae702092b]Save log[/b:1ae702092b][/list:u:1ae702092b]
    [img:1ae702092b]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:1ae702092b]
    [list:1ae702092b][*:1ae702092b] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:1ae702092b] Tevens vindt je nu op het bureaublad ook het bestand [b:1ae702092b]MBR.dat[/b:1ae702092b]!
    [*:1ae702092b] [b:1ae702092b]MBR.dat[/b:1ae702092b] is een backupbestand, bewaar dat dus voorlopig.
    [*:1ae702092b] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:1ae702092b]aswMBR.txt[/b:1ae702092b]
    [*:1ae702092b] Post de inhoud van [b:1ae702092b]aswMBR.txt[/b:1ae702092b] in jouw volgende bericht.[/list:u:1ae702092b]
  • Hier is aswMBR.txt:

    aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
    Run date: 2011-09-01 19:49:44
    —————————–
    19:49:44.390 OS Version: Windows 5.1.2600 Service Pack 3
    19:49:44.390 Number of processors: 2 586 0xF0D
    19:49:44.390 ComputerName: COOLMASTER
    19:49:45.109 Initialize success
    19:50:19.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-16
    19:50:19.546 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA73A Size: 305245MB BusType: 3
    19:50:21.562 Disk 0 MBR read successfully
    19:50:21.562 Disk 0 MBR scan
    19:50:21.562 Disk 0 Windows XP default MBR code
    19:50:21.562 Disk 0 scanning sectors +625121280
    19:50:21.625 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:50:26.328 Service scanning
    19:50:27.468 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    19:50:27.546 Service MpKsl1f3e5b6f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{606288CE-4D30-43DB-AC83-B99D63459AEA}\MpKsl1f3e5b6f.sys **LOCKED** 32
    19:50:28.296 Modules scanning
    19:50:32.093 Disk 0 trace - called modules:
    19:50:32.109 ntoskrnl.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
    19:50:32.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a318ab8]
    19:50:32.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a397f18]
    19:50:32.125 5 ACPI.sys[ba7b6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-16[0x8a319940]
    19:50:32.125 Scan finished successfully
    19:55:44.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\A.H\Bureaublad\MBR.dat"
    19:55:44.812 The log file has been saved successfully to "C:\Documents and Settings\A.H\Bureaublad\aswMBR.txt"[b:69c4a188dd][/b:69c4a188dd]
  • Mooi.

    Ik denk dat we er bijna zijn!

    Doe het volgende: [b:e9dcaf45ae]Doe de ESET online scan (Klik).[/b:e9dcaf45ae]
    [list:e9dcaf45ae]
    [*:e9dcaf45ae]Klik op de knop [b:e9dcaf45ae]ESET Online Scanner[/b:e9dcaf45ae]
    [*:e9dcaf45ae]Zet een vinkje bij [b:e9dcaf45ae]YES, I accept the Terms of Use[/b:e9dcaf45ae]
    [*:e9dcaf45ae]Klik op [b:e9dcaf45ae]Start[/b:e9dcaf45ae]
    [*:e9dcaf45ae]Sta het ActiveX control toe om te installeren.
    [*:e9dcaf45ae]Zet een vinkje bij de volgende opties:
    [list:e9dcaf45ae][*:e9dcaf45ae][b:e9dcaf45ae]Remove found threats[/b:e9dcaf45ae]
    [*:e9dcaf45ae][b:e9dcaf45ae]Scan archives[/b:e9dcaf45ae][/list:u:e9dcaf45ae]
    [*:e9dcaf45ae]Klik vervolgens op [b:e9dcaf45ae][/b:e9dcaf45ae]
    [list:e9dcaf45ae][*:e9dcaf45ae][b:e9dcaf45ae]Scan for potentially unwanted applications[/b:e9dcaf45ae]
    [*:e9dcaf45ae][b:e9dcaf45ae]Scan for potentially unsafe applications[/b:e9dcaf45ae]
    [*:e9dcaf45ae][b:e9dcaf45ae]Enable Anti-Stealth technology [/b:e9dcaf45ae][/list:u:e9dcaf45ae]
    [*:e9dcaf45ae]Klik op [b:e9dcaf45ae]Start[/b:e9dcaf45ae]
    [*:e9dcaf45ae]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:e9dcaf45ae]is de scan klaar, klik dan op [b:e9dcaf45ae][/b:e9dcaf45ae]
    [*:e9dcaf45ae]Klik vervolgens op [*:e9dcaf45ae]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
    [*:e9dcaf45ae]Daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:e9dcaf45ae]Open vervolgens het log dat op je bureaublad staat.
    [*:e9dcaf45ae]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:e9dcaf45ae]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Hier is Eset log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=877251f4868f174a9a7a5086c592a023
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-09-02 02:03:32
    # local_time=2011-09-02 04:03:32 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 32183393 32183393 0 0
    # compatibility_mode=5891 16776869 42 87 2645 18925063 0 0
    # compatibility_mode=8192 67108863 100 0 154 154 0 0
    # scanned=239405
    # found=21
    # cleaned=21
    # scan_time=26768
    C:\Documents and Settings\A.H\Application Data\Sun\Java\Deployment\cache\6.0\45\1a31206d-3972b58c Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Documents and Settings\A.H\Application Data\Cage\ungu.exe.vir Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Documents and Settings\A.H\Application Data\Noyt\utsy.exe.vir a variant of Win32/Injector.ISI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{B30412CA-FCE8-4BA9-9571-9A8CA887ACBB}\RP1\A0000117.exe Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{B30412CA-FCE8-4BA9-9571-9A8CA887ACBB}\RP1\A0000118.exe a variant of Win32/Injector.ISI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Download\spy tools\007_Spy_Software_ver._3.873_wWw.quds4.Com\007_Spy_Software_ver._3.873_wWw.quds4.Com\ass38730.rar a variant of Win32/Spy.007 Spy application (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Download\spy tools\007_Spy_Software_ver._3.873_wWw.quds4.Com\007_Spy_Software_ver._3.873_wWw.quds4.Com\ass38730\setup.exe a variant of Win32/Spy.007 Spy application (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Download\Tools scan&reparatie pc\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\I Have The Password.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Studie\IDee\Cisco\Cisco\TFTPd32\tftpd32.exe a variant of Win32/TFTPD32.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\IDee\Cisco\TFTPd32\tftpd32.exe a variant of Win32/TFTPD32.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\APT\apt.exe Win32/APT application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\HTTPSERVER\hfs.exe a variant of Win32/Server-Web.HFS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\NIRSOFT\dialupass2.exe Win32/PSWTool.Dialupass.I application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\NIRSOFT\iepv.exe Win32/PSWTool.IEPassView.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\NIRSOFT\ProduKey.exe Win32/PSWTool.ProductKey.126 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\NIRSOFT\PstPassword.exe a variant of Win32/PSWTool.PstPassword.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\NIRSOFT\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\RADMIN\raddrv.dll Win32/RemoteAdmin application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Studie\PC Reperatie Tools\I have the pasword dvc\PROGRAMS\RADMIN\radmin.exe Win32/RAdmin.22 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Torrent\CyberLink.Power.Director.Ultra.7.00.1628.iso probably a variant of Win32/Agent.JAMZZKT trojan (deleted - quarantined) 00000000000000000000000000000000 C
  • Lijkt me wel duidelijk waar de virussen vandaan komen.
    Ik adviseer je geen illegale software meer te downloaden.
    Ook geen spy software!
    Een gewaarschuwd mens telt voor 2, de volgende keer kunnen we je hier niet meer helpen.
  • Hoi Sander, die map D:\Studie?

    Want daar is nogal wat verwijderd.

    Heb jij overigens te betalen programma's geïnstalleerd en geactiveerd met keygens/cracks enz.?


    In ieder geval: de systeemherstelpunten zijn niet meer te vertrouwen!

    [b:68633a85c5]Systeemherstelpunten opschonen[/b:68633a85c5]
    Klik met rechts op [b:68633a85c5]Deze computer [/b:68633a85c5]en klik op [b:68633a85c5]Eigenschappen[/b:68633a85c5].
    [list:68633a85c5][*:68633a85c5] In het venster Systeemeigenschappen klik je op de tab [b:68633a85c5]Systeemherstel[/b:68633a85c5]
    [*:68633a85c5] Zet nu een vinkje bij [b:68633a85c5]Systeemherstel op alle statons uitschakelen[/b:68633a85c5]
    [*:68633a85c5] Klik vervolgens op de knoppen [b:68633a85c5]Toepassen[/b:68633a85c5] en [b:68633a85c5]OK[/b:68633a85c5]
    [*:68633a85c5] Herstart nu je computer, daardoor worden alle herstelpunten, dus ook de vervuilde, gewist.
    [*:68633a85c5] Na de herstart van jouw PC ga je via dezelfde weg Systeemherstel weer inschakelen. [/list:u:68633a85c5]


    En doe ook het volgende:

    [b:68633a85c5]Download LopSD of LOPSD naar je Bureaublad.[/b:68633a85c5]
    [list:68633a85c5][*:68633a85c5] [b:68633a85c5]De-activeer bij dit tooltje je antispyware en virusscanner.[/b:68633a85c5]
    [list:68633a85c5][*:68633a85c5][b:68633a85c5]Vista- en Windows 7 gebruikers: rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"![/list:u:68633a85c5]
    [*:68633a85c5] Kies Optie N en Enter
    [*:68633a85c5] Klik OK bij het informatie venter
    [*:68633a85c5] Kies Optie 2 en Enter
    [*:68633a85c5] Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord[/b:68633a85c5][/list:u:68633a85c5]


    Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:68633a85c5][/b:68633a85c5].
    [list:68633a85c5][*:68633a85c5] Klik/dubbelklik op [b:68633a85c5]SecurityCheck.exe[/b:68633a85c5] en let op de instrukties in het zwarte venster.
    [*:68633a85c5] Een Kladblok document genaamd [b:68633a85c5]checkup.txt[/b:68633a85c5] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:68633a85c5] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:68633a85c5]
    Post de inhoud van [b:68633a85c5]checkup.txt [/b:68633a85c5]in je volgende post.
  • Hier is LopSD log:

    ——————–\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
    BIOS : Default System BIOS
    USER : A.H ( Administrator )
    BOOT : Normal boot
    Antivirus : Microsoft Security Essentials 2.1.6805.0 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:117 Go (Free:72 Go)
    D:\ (Local Disk) - NTFS - Total:180 Go (Free:30 Go)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( vr 02-09-2011|11:23 )





    ——————–\\ Beschrijving van mappen in APPLIC~1

    [01-09-2011|17:33] C:\DOCUME~1\A.H\APPLIC~1\Adobe
    [02-08-2011|20:05] C:\DOCUME~1\A.H\APPLIC~1\ALK Technologies
    [02-07-2011|17:42] C:\DOCUME~1\A.H\APPLIC~1\AnvSoft
    [25-08-2010|09:20] C:\DOCUME~1\A.H\APPLIC~1\Apple Computer
    [03-05-2011|17:09] C:\DOCUME~1\A.H\APPLIC~1\Belastingdienst
    [24-08-2010|22:42] C:\DOCUME~1\A.H\APPLIC~1\CyberLink
    [28-04-2011|15:41] C:\DOCUME~1\A.H\APPLIC~1\Datalayer
    [22-05-2011|12:32] C:\DOCUME~1\A.H\APPLIC~1\Divo Games
    [25-08-2010|11:01] C:\DOCUME~1\A.H\APPLIC~1\DivX
    [30-08-2011|14:26] C:\DOCUME~1\A.H\APPLIC~1\FileZilla
    [18-09-2010|17:51] C:\DOCUME~1\A.H\APPLIC~1\Google
    [12-07-2011|15:44] C:\DOCUME~1\A.H\APPLIC~1\Haaqqi
    [26-11-2010|21:22] C:\DOCUME~1\A.H\APPLIC~1\Help
    [22-08-2010|21:39] C:\DOCUME~1\A.H\APPLIC~1\Hewlett-Packard
    [22-08-2010|19:32] C:\DOCUME~1\A.H\APPLIC~1\Identities
    [12-05-2011|21:42] C:\DOCUME~1\A.H\APPLIC~1\Ifyta
    [23-08-2010|17:48] C:\DOCUME~1\A.H\APPLIC~1\InstallShield
    [05-04-2011|12:34] C:\DOCUME~1\A.H\APPLIC~1\KeePass
    [12-07-2011|18:01] C:\DOCUME~1\A.H\APPLIC~1\Kyiqw
    [26-12-2010|18:04] C:\DOCUME~1\A.H\APPLIC~1\Logitech
    [22-08-2010|20:51] C:\DOCUME~1\A.H\APPLIC~1\Macromedia
    [23-08-2010|11:15] C:\DOCUME~1\A.H\APPLIC~1\Malwarebytes
    [11-07-2011|23:36] C:\DOCUME~1\A.H\APPLIC~1\Maquym
    [02-08-2011|20:06] C:\DOCUME~1\A.H\APPLIC~1\Microsoft
    [22-08-2010|21:53] C:\DOCUME~1\A.H\APPLIC~1\Mozilla
    [19-02-2011|16:44] C:\DOCUME~1\A.H\APPLIC~1\NCH Software
    [25-08-2010|18:37] C:\DOCUME~1\A.H\APPLIC~1\Nero
    [01-09-2010|14:57] C:\DOCUME~1\A.H\APPLIC~1\Nokia
    [13-05-2011|21:30] C:\DOCUME~1\A.H\APPLIC~1\Notepad++
    [03-04-2011|21:37] C:\DOCUME~1\A.H\APPLIC~1\Nvu
    [02-07-2011|17:42] C:\DOCUME~1\A.H\APPLIC~1\OpenCandy
    [01-09-2010|14:57] C:\DOCUME~1\A.H\APPLIC~1\PC Suite
    [09-01-2011|21:28] C:\DOCUME~1\A.H\APPLIC~1\Real
    [05-11-2010|14:52] C:\DOCUME~1\A.H\APPLIC~1\Sahmon Games
    [04-02-2011|22:57] C:\DOCUME~1\A.H\APPLIC~1\Simpelfact
    [14-08-2011|14:37] C:\DOCUME~1\A.H\APPLIC~1\Skype
    [06-09-2010|14:18] C:\DOCUME~1\A.H\APPLIC~1\Sun
    [18-12-2010|11:44] C:\DOCUME~1\A.H\APPLIC~1\Tific
    [01-05-2011|09:42] C:\DOCUME~1\A.H\APPLIC~1\Urfo
    [30-08-2011|14:26] C:\DOCUME~1\A.H\APPLIC~1\uTorrent
    [12-07-2011|17:21] C:\DOCUME~1\A.H\APPLIC~1\Uzam
    [02-09-2010|19:38] C:\DOCUME~1\A.H\APPLIC~1\vlc
    [22-08-2010|21:50] C:\DOCUME~1\A.H\APPLIC~1\Yahoo!
    [12-07-2011|18:01] C:\DOCUME~1\A.H\APPLIC~1\Ykyk
    [12-07-2011|15:59] C:\DOCUME~1\A.H\APPLIC~1\Zesu
    [0|bestand(en)] C:\DOCUME~1\A.H\APPLIC~1\bytes
    [47|map(pen)] C:\DOCUME~1\A.H\APPLIC~1\bytes beschikbaar

    [21-05-2011|20:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [21-05-2011|20:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [21-05-2011|20:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
    [21-05-2011|20:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [21-05-2011|20:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
    [7|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar

    [25-08-2010|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [24-08-2010|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [08-04-2011|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [23-07-2011|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bN02300DdKjD02300
    [24-08-2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [25-08-2010|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivX
    [19-05-2011|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [23-08-2010|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverScanner
    [23-07-2011|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eE02300AfObM02300
    [06-07-2011|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fK02300PmAlM02300
    [08-09-2010|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [18-09-2010|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [29-08-2011|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hB02300EmJnP02300
    [01-09-2010|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [23-07-2011|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\jH02300JpFeJ02300
    [28-08-2011|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [07-07-2011|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\lJ02300DoHkN02300
    [22-08-2010|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [23-08-2010|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [31-05-2011|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [01-09-2011|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [13-03-2011|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
    [25-08-2010|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [01-09-2010|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [30-03-2011|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
    [18-12-2010|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
    [23-07-2011|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\oI02300NaGlO02300
    [01-09-2010|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [06-01-2011|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [14-08-2011|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [06-09-2010|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
    [30-03-2011|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [06-07-2011|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22-08-2010|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [23-02-2011|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [23-08-2010|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    [0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
    [38|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar


    [22-08-2010|19:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

    [22-08-2010|19:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [04-01-2011|13:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\TightVNC
    [0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
    [4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

    [22-08-2010|19:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

    ——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

    [21-08-2011 18:47][–a——] C:\WINDOWS\tasks\prismShakeIcon.job
    [21-08-2011 18:47][–a——] C:\WINDOWS\tasks\prismDowngrade.job
    [02-09-2011 08:33][–a——] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-838170752-725345543-1003.job
    [02-09-2011 11:17][–a——] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-838170752-725345543-1003.job
    [02-09-2011 09:13][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [02-09-2011 11:17][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [02-09-2011 11:17][–ah—–] C:\WINDOWS\tasks\SA.DAT
    [02-03-2006 14:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini

    ——————–\\ Beschrijving van mappen in C:\Program Files

    [08-09-2010|21:25] C:\Program Files\Acro Software
    [07-10-2010|16:18] C:\Program Files\Adobe
    [29-10-2010|17:45] C:\Program Files\AmbraSoft
    [21-05-2011|17:38] C:\Program Files\AMD APP
    [02-07-2011|17:42] C:\Program Files\AnvSoft
    [24-08-2010|20:53] C:\Program Files\Apple Software Update
    [23-08-2010|14:27] C:\Program Files\ATI
    [21-05-2011|17:29] C:\Program Files\ATI Technologies
    [22-08-2010|21:43] C:\Program Files\AvRack
    [03-05-2011|12:13] C:\Program Files\Belastingdienst
    [04-02-2011|22:56] C:\Program Files\Burggraaf_it_PDF
    [18-12-2010|18:55] C:\Program Files\BVE
    [16-02-2011|22:30] C:\Program Files\CamStudio
    [01-09-2011|17:31] C:\Program Files\Common Files
    [22-08-2010|19:25] C:\Program Files\ComPlus Applications
    [24-08-2010|22:42] C:\Program Files\Cyberlink
    [01-09-2010|14:37] C:\Program Files\DIFX
    [23-08-2010|17:48] C:\Program Files\Disney Interactive
    [25-08-2010|09:24] C:\Program Files\DivX
    [26-08-2010|13:50] C:\Program Files\eMule
    [01-09-2011|20:34] C:\Program Files\ESET
    [22-08-2011|09:38] C:\Program Files\FileZilla FTP Client
    [16-11-2010|21:08] C:\Program Files\FileZilla Server
    [10-07-2011|09:49] C:\Program Files\GameTop.com
    [30-08-2011|14:32] C:\Program Files\Google
    [08-09-2010|21:26] C:\Program Files\GPLGS
    [22-08-2010|21:38] C:\Program Files\Hewlett-Packard
    [22-08-2010|21:46] C:\Program Files\HP
    [14-08-2011|14:29] C:\Program Files\InstallShield Installation Information
    [01-09-2011|17:50] C:\Program Files\Internet Explorer
    [30-08-2011|20:41] C:\Program Files\Java
    [19-05-2011|22:01] C:\Program Files\KeePass Password Safe 2
    [28-08-2011|11:01] C:\Program Files\Lavasoft
    [22-08-2010|21:30] C:\Program Files\Logitech
    [23-07-2011|09:31] C:\Program Files\Malwarebytes' Anti-Malware
    [22-08-2010|21:19] C:\Program Files\Messenger
    [23-08-2010|16:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [22-08-2010|19:28] C:\Program Files\microsoft frontpage
    [22-08-2010|22:18] C:\Program Files\Microsoft Office
    [23-07-2011|16:35] C:\Program Files\Microsoft Security Client
    [16-06-2011|12:21] C:\Program Files\Microsoft Silverlight
    [30-08-2010|19:55] C:\Program Files\Microsoft Virtual PC
    [22-08-2010|22:18] C:\Program Files\Microsoft Visual Studio
    [23-08-2010|16:55] C:\Program Files\Microsoft Works
    [23-08-2010|16:53] C:\Program Files\Movie Maker
    [31-08-2011|19:24] C:\Program Files\Mozilla Firefox
    [24-08-2010|20:30] C:\Program Files\MSBuild
    [25-08-2010|19:41] C:\Program Files\MSECache
    [22-08-2010|19:24] C:\Program Files\MSN Gaming Zone
    [23-08-2010|16:52] C:\Program Files\MSXML 4.0
    [14-09-2010|12:18] C:\Program Files\Mythicsoft
    [14-09-2010|12:21] C:\Program Files\MYWS
    [13-03-2011|22:35] C:\Program Files\NCH Software
    [26-08-2010|14:34] C:\Program Files\Nend Software
    [25-08-2010|17:48] C:\Program Files\Nero
    [22-08-2010|21:14] C:\Program Files\NetMeeting
    [18-03-2011|21:48] C:\Program Files\Notepad++
    [03-04-2011|21:35] C:\Program Files\Nvu
    [22-08-2010|19:27] C:\Program Files\Online Services
    [15-12-2010|11:30] C:\Program Files\Outlook Express
    [28-10-2010|22:00] C:\Program Files\Paint.NET
    [25-09-2010|14:47] C:\Program Files\PDF Editor 3
    [22-08-2010|21:58] C:\Program Files\PowerISO
    [08-04-2011|20:06] C:\Program Files\QuickTime
    [28-06-2011|08:56] C:\Program Files\real
    [28-10-2010|21:42] C:\Program Files\Realtek
    [22-08-2010|21:43] C:\Program Files\Realtek AC97
    [22-08-2010|21:43] C:\Program Files\Realtek Sound Manager
    [24-08-2010|20:30] C:\Program Files\Reference Assemblies
    [24-11-2010|20:40] C:\Program Files\Speedbalance60
    [25-08-2010|08:47] C:\Program Files\Trend Micro
    [22-08-2010|19:32] C:\Program Files\Uninstall Information
    [29-03-2011|09:43] C:\Program Files\uTorrent
    [02-09-2010|19:37] C:\Program Files\VideoLAN
    [23-08-2010|18:56] C:\Program Files\Windows Media Connect 2
    [23-08-2010|18:56] C:\Program Files\Windows Media Player
    [22-08-2010|21:14] C:\Program Files\Windows NT
    [22-08-2010|19:27] C:\Program Files\WindowsUpdate
    [23-08-2010|17:39] C:\Program Files\WinRAR
    [22-08-2010|19:28] C:\Program Files\xerox
    [23-08-2010|19:51] C:\Program Files\Yahoo!
    [08-03-2011|21:36] C:\Program Files\Zolid Multimedia
    [0|bestand(en)] C:\Program Files\bytes
    [89|map(pen)] C:\Program Files\bytes beschikbaar

    ——————–\\ Beschrijving van mappen in C:\Program Files\Common Files

    [07-10-2010|16:18] C:\Program Files\Common Files\Adobe
    [29-10-2010|17:45] C:\Program Files\Common Files\AmbraSoft
    [24-08-2010|20:54] C:\Program Files\Common Files\Apple
    [23-11-2010|21:57] C:\Program Files\Common Files\Borland Shared
    [22-08-2010|22:18] C:\Program Files\Common Files\DESIGNER
    [25-08-2010|09:23] C:\Program Files\Common Files\DivX Shared
    [22-08-2010|21:35] C:\Program Files\Common Files\Hewlett-Packard
    [09-10-2010|13:06] C:\Program Files\Common Files\InstallShield
    [30-08-2011|20:41] C:\Program Files\Common Files\Java
    [22-08-2010|21:36] C:\Program Files\Common Files\logishrd
    [22-08-2010|21:31] C:\Program Files\Common Files\Logitech
    [25-08-2010|21:28] C:\Program Files\Common Files\Macrovision Shared
    [25-08-2010|16:52] C:\Program Files\Common Files\Microsoft Shared
    [22-08-2010|19:26] C:\Program Files\Common Files\MSSoap
    [25-08-2010|17:47] C:\Program Files\Common Files\Nero
    [22-08-2010|21:18] C:\Program Files\Common Files\ODBC
    [22-08-2010|19:26] C:\Program Files\Common Files\Services
    [22-08-2010|21:18] C:\Program Files\Common Files\SpeechEngines
    [23-08-2010|16:54] C:\Program Files\Common Files\System
    [28-06-2011|08:56] C:\Program Files\Common Files\xing shared
    [0|bestand(en)] C:\Program Files\Common Files\bytes
    [22|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

    ——————–\\ Process

    ( 38 Processes )

    … OK !

    ——————–\\ Zoeken met S_Lop

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken naar Lop Bestanden - Mappen

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken doorheen het Register

    ….. OK !

    ——————–\\ Nazicht van het Hosts bestand

    Hosts bestand IN ORDE


    ——————–\\ Zoeken naar verborgen bestanden met Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-02 11:25:42
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes …
    scanning hidden files …
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    ——————–\\ Zoeken naar andere infecties


    Geen andere infecties gevonden !

    [F:34][D:14]-> C:\DOCUME~1\A.H\LOCALS~1\Temp
    [F:14][D:0]-> C:\DOCUME~1\A.H\Cookies
    [F:149][D:4]-> C:\DOCUME~1\A.H\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - vr 02-09-2011|11:26 - Option : [2]

    ——————–\\ Scan voltooid om 11:26:30


    Hier is Security Check log:

    Results of screen317's Security Check version 0.99.18
    Windows XP Service Pack 3
    Internet Explorer 8
    [b:a1fc46e0c3]``````````````````````````````
    [u:a1fc46e0c3]Antivirus/Firewall Check:[/u:a1fc46e0c3][/b:a1fc46e0c3]
    ESET Online Scanner v3
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning [b:a1fc46e0c3]disabled[/b:a1fc46e0c3]!)
    [b:a1fc46e0c3]```````````````````````````````
    [u:a1fc46e0c3]Anti-malware/Other Utilities Check:[/u:a1fc46e0c3][/b:a1fc46e0c3]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Adobe Flash Player 10.3.183.5
    [b:a1fc46e0c3]````````````````````````````````
    Process Check:
    [u:a1fc46e0c3]objlist.exe by Laurent[/u:a1fc46e0c3][/b:a1fc46e0c3]
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    [b:a1fc46e0c3]``````````End of Log````````````[/b:a1fc46e0c3]
  • Hoi Sander, graag antwoord op mijn vorige vraag.

    En dit: C:\Program Files\Burggraaf_it_PDF is mij ook niet bekend.

    Privé map ook?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.