Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijachThis log: virus te pakken?

Anoniem
joep d.
31 antwoorden
  • Hallo,

    Ik heb hier de PC van een vriend staan. Het apparaat werd steeds trager; ik heb er al enkele online virusscanners op los gelaten (Eset en Housecall). Die hebben wel een en ander gevonden, maar ik heb er nog geen goed gevoel bij. Het is weliswaar een oude PC, maar voor mijn gevoel is ie nog steeds te traag. Zouden jullie eens een blik in het HijackThis-log willen werpen om te zien of er nog meer rommel op staat? Ik wil graag zeker weten dat ie schoon is voordat ik de hardware begin te controleren. Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:31:38, on 16-1-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.woofi.info/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe


    End of file - 6503 bytes
  • Hallo Joep, dan beginnen we maar.

    [b:9a5591d661]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:9a5591d661]
  • Hoi Abraham,

    En zo ontmoeten wij elkaar weer!
    Zo te zien zat er inderdaad nog de nodige 'ongein' op deze PC.

    Het HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:42:55, on 16-1-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe


    End of file - 6241 bytes

    En het MBAM-log:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Databaseversie: v2012.01.16.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Martin :: CC1004831-A [administrator]

    16-1-2012 21:11:51
    mbam-log-2012-01-16 (21-11-51).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 199829
    Verstreken tijd: 18 minuut/minuten, 18 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 5
    HKCU\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\Documents and Settings\Jan\Application Data\ufxw.exe,C:\RECYCLER\S-1-5-21-2525057483-4695040859-314666008-9707\yv8g67.exe,explorer.exe,C:\Documents and Settings\Martin\Application Data\ufxw.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Slecht: (C:\Documents and Settings\Jan\Application Data\ufxw.exe,C:\RECYCLER\S-1-5-21-2525057483-4695040859-314666008-9707\yv8g67.exe,explorer.exe,C:\Documents and Settings\Martin\Application Data\ufxw.exe) Goed: (Explorer.exe) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 5
    C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Hoi Joep, we gaan door.

  • Hoi Abraham,

    Nou, die kameraad van me mag straks wel met 'n beste fles wijn aankomen: door die besmette machine van hem sta ik ondertussen op de blacklist bij m'n provider … Kan nu geen mail meer verzenden, maar alleen nog ontvangen. Maar goed, dat lossen we wel weer op. :)

    Als eerste het TDSSKiller-log:

    20:16:10.0078 1944 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
    20:16:10.0078 1944 ============================================================
    20:16:10.0078 1944 Current date / time: 2012/01/17 20:16:10.0078
    20:16:10.0078 1944 SystemInfo:
    20:16:10.0078 1944
    20:16:10.0078 1944 OS Version: 5.1.2600 ServicePack: 3.0
    20:16:10.0078 1944 Product type: Workstation
    20:16:10.0093 1944 ComputerName: CC1004831-A
    20:16:10.0093 1944 UserName: Martin
    20:16:10.0093 1944 Windows directory: C:\WINDOWS
    20:16:10.0093 1944 System windows directory: C:\WINDOWS
    20:16:10.0093 1944 Processor architecture: Intel x86
    20:16:10.0093 1944 Number of processors: 1
    20:16:10.0093 1944 Page size: 0x1000
    20:16:10.0093 1944 Boot type: Normal boot
    20:16:10.0093 1944 ============================================================
    20:16:23.0984 1944 Drive \Device\Harddisk0\DR0 - Size: 0x981018000 (38.02 Gb), SectorSize: 0x200, Cylinders: 0x1362, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:16:24.0000 1944 Drive \Device\Harddisk1\DR1 - Size: 0x727FBC000 (28.62 Gb), SectorSize: 0x200, Cylinders: 0xE98, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:16:24.0078 1944 Initialize success
    20:16:24.0109 3092 ============================================================
    20:16:24.0109 3092 Scan started
    20:16:24.0109 3092 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    20:16:24.0109 3092 ============================================================
    20:16:24.0859 3092 Abiosdsk - ok
    20:16:25.0312 3092 abp480n5 - ok
    20:16:25.0890 3092 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:16:28.0343 3092 ACPI - ok
    20:16:28.0843 3092 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:16:29.0171 3092 ACPIEC - ok
    20:16:29.0578 3092 adpu160m - ok
    20:16:30.0046 3092 aeaudio - ok
    20:16:30.0609 3092 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:16:31.0015 3092 aec - ok
    20:16:31.0546 3092 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:16:31.0687 3092 AFD - ok
    20:16:32.0140 3092 Aha154x - ok
    20:16:32.0593 3092 aic78u2 - ok
    20:16:33.0109 3092 aic78xx - ok
    20:16:33.0546 3092 AliIde - ok
    20:16:34.0000 3092 amsint - ok
    20:16:34.0437 3092 asc - ok
    20:16:34.0875 3092 asc3350p - ok
    20:16:35.0343 3092 asc3550 - ok
    20:16:35.0781 3092 ASPI32 - ok
    20:16:36.0312 3092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:16:36.0500 3092 AsyncMac - ok
    20:16:37.0031 3092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:16:37.0234 3092 atapi - ok
    20:16:37.0625 3092 Atdisk - ok
    20:16:38.0515 3092 ati2mtag (9d888490786f4c3b3e2a81492967a403) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    20:16:39.0406 3092 ati2mtag - ok
    20:16:39.0937 3092 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:16:40.0234 3092 Atmarpc - ok
    20:16:40.0734 3092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:16:40.0953 3092 audstub - ok
    20:16:41.0515 3092 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    20:16:42.0625 3092 AVGIDSDriver - ok
    20:16:43.0156 3092 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    20:16:43.0203 3092 AVGIDSEH - ok
    20:16:43.0671 3092 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    20:16:43.0687 3092 AVGIDSFilter - ok
    20:16:44.0171 3092 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    20:16:44.0203 3092 AVGIDSShim - ok
    20:16:44.0734 3092 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    20:16:44.0953 3092 Avgldx86 - ok
    20:16:45.0484 3092 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    20:16:45.0531 3092 Avgmfx86 - ok
    20:16:46.0140 3092 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    20:16:46.0234 3092 Avgrkx86 - ok
    20:16:46.0843 3092 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    20:16:47.0109 3092 Avgtdix - ok
    20:16:47.0609 3092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:16:47.0890 3092 Beep - ok
    20:16:48.0421 3092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:16:48.0671 3092 cbidf2k - ok
    20:16:49.0093 3092 cd20xrnt - ok
    20:16:49.0609 3092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:16:49.0875 3092 Cdaudio - ok
    20:16:50.0375 3092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:16:50.0640 3092 Cdfs - ok
    20:16:51.0156 3092 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    20:16:51.0203 3092 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
    20:16:51.0203 3092 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
    20:16:51.0734 3092 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:16:51.0968 3092 Cdrom - ok
    20:16:52.0421 3092 Changer - ok
    20:16:52.0843 3092 CmdIde - ok
    20:16:53.0421 3092 Cpqarray - ok
    20:16:53.0859 3092 dac2w2k - ok
    20:16:54.0375 3092 dac960nt - ok
    20:16:54.0875 3092 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:16:55.0187 3092 Disk - ok
    20:16:55.0812 3092 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    20:16:56.0703 3092 dmboot - ok
    20:16:57.0265 3092 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    20:16:57.0546 3092 dmio - ok
    20:16:58.0062 3092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:16:58.0265 3092 dmload - ok
    20:16:58.0734 3092 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:16:58.0984 3092 DMusic - ok
    20:16:59.0500 3092 dpti2o - ok
    20:17:00.0015 3092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:17:00.0265 3092 drmkaud - ok
    20:17:00.0828 3092 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:17:01.0062 3092 Fastfat - ok
    20:17:01.0562 3092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:17:01.0781 3092 Fdc - ok
    20:17:02.0281 3092 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    20:17:02.0484 3092 FETNDIS - ok
    20:17:02.0968 3092 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    20:17:03.0265 3092 Fips - ok
    20:17:03.0750 3092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20:17:03.0968 3092 Flpydisk - ok
    20:17:04.0468 3092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:17:04.0656 3092 FltMgr - ok
    20:17:05.0140 3092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:17:05.0343 3092 Fs_Rec - ok
    20:17:05.0812 3092 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:17:06.0046 3092 Ftdisk - ok
    20:17:06.0515 3092 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    20:17:06.0734 3092 gagp30kx - ok
    20:17:07.0343 3092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:17:07.0546 3092 Gpc - ok
    20:17:08.0031 3092 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:17:08.0250 3092 hidusb - ok
    20:17:08.0656 3092 hpn - ok
    20:17:09.0265 3092 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:17:09.0546 3092 HTTP - ok
    20:17:10.0000 3092 i2omgmt - ok
    20:17:10.0406 3092 i2omp - ok
    20:17:10.0890 3092 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:17:11.0109 3092 i8042prt - ok
    20:17:11.0562 3092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:17:11.0781 3092 Imapi - ok
    20:17:12.0218 3092 ini910u - ok
    20:17:12.0625 3092 IntelIde - ok
    20:17:13.0125 3092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:17:13.0328 3092 Ip6Fw - ok
    20:17:13.0781 3092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:17:14.0015 3092 IpFilterDriver - ok
    20:17:14.0468 3092 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:17:14.0687 3092 IpInIp - ok
    20:17:15.0234 3092 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:17:15.0468 3092 IpNat - ok
    20:17:16.0109 3092 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:17:16.0343 3092 IPSec - ok
    20:17:16.0812 3092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:17:16.0937 3092 IRENUM - ok
    20:17:17.0500 3092 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:17:17.0765 3092 isapnp - ok
    20:17:18.0312 3092 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:17:18.0500 3092 Kbdclass - ok
    20:17:19.0015 3092 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:17:19.0218 3092 kbdhid - ok
    20:17:19.0609 3092 kmgy.sys - ok
    20:17:20.0140 3092 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:17:20.0359 3092 kmixer - ok
    20:17:20.0828 3092 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:17:21.0109 3092 KSecDD - ok
    20:17:21.0671 3092 lbrtfdc - ok
    20:17:22.0187 3092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:17:22.0375 3092 mnmdd - ok
    20:17:22.0843 3092 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    20:17:23.0062 3092 Modem - ok
    20:17:23.0578 3092 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:17:23.0796 3092 Mouclass - ok
    20:17:24.0281 3092 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:17:24.0484 3092 mouhid - ok
    20:17:24.0921 3092 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:17:25.0156 3092 MountMgr - ok
    20:17:25.0562 3092 mraid35x - ok
    20:17:26.0140 3092 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:17:26.0390 3092 MRxDAV - ok
    20:17:27.0000 3092 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:17:27.0515 3092 MRxSmb - ok
    20:17:28.0125 3092 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:17:28.0343 3092 Msfs - ok
    20:17:28.0812 3092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:17:29.0062 3092 MSKSSRV - ok
    20:17:29.0562 3092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:17:29.0765 3092 MSPCLOCK - ok
    20:17:30.0265 3092 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:17:30.0484 3092 MSPQM - ok
    20:17:30.0921 3092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:17:31.0156 3092 mssmbios - ok
    20:17:31.0468 3092 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:17:31.0531 3092 Mup - ok
    20:17:31.0859 3092 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:17:32.0187 3092 NDIS - ok
    20:17:32.0468 3092 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    20:17:32.0500 3092 NdisTapi - ok
    20:17:32.0781 3092 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    20:17:32.0953 3092 Ndisuio - ok
    20:17:33.0234 3092 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    20:17:33.0515 3092 NdisWan - ok
    20:17:33.0812 3092 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:17:33.0921 3092 NDProxy - ok
    20:17:34.0156 3092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    20:17:34.0328 3092 NetBIOS - ok
    20:17:34.0609 3092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    20:17:34.0812 3092 NetBT - ok
    20:17:35.0109 3092 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:17:35.0296 3092 Npfs - ok
    20:17:35.0937 3092 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:17:36.0406 3092 Ntfs - ok
    20:17:36.0625 3092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:17:36.0828 3092 Null - ok
    20:17:37.0531 3092 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    20:17:38.0109 3092 nv - ok
    20:17:38.0484 3092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    20:17:38.0671 3092 NwlnkFlt - ok
    20:17:39.0031 3092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    20:17:39.0234 3092 NwlnkFwd - ok
    20:17:39.0546 3092 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:17:39.0734 3092 Parport - ok
    20:17:39.0984 3092 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:17:40.0187 3092 PartMgr - ok
    20:17:40.0468 3092 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:17:40.0656 3092 ParVdm - ok
    20:17:40.0937 3092 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:17:41.0218 3092 PCI - ok
    20:17:41.0531 3092 PCIDump - ok
    20:17:41.0890 3092 PCIIde - ok
    20:17:42.0421 3092 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:17:42.0593 3092 Pcmcia - ok
    20:17:42.0906 3092 PDCOMP - ok
    20:17:43.0187 3092 PDFRAME - ok
    20:17:43.0375 3092 PDRELI - ok
    20:17:43.0640 3092 PDRFRAME - ok
    20:17:43.0875 3092 perc2 - ok
    20:17:44.0093 3092 perc2hib - ok
    20:17:44.0453 3092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:17:44.0625 3092 PptpMiniport - ok
    20:17:44.0953 3092 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    20:17:45.0171 3092 Processor - ok
    20:17:45.0937 3092 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:17:46.0140 3092 PSched - ok
    20:17:46.0515 3092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:17:46.0671 3092 Ptilink - ok
    20:17:47.0031 3092 ql1080 - ok
    20:17:47.0296 3092 Ql10wnt - ok
    20:17:47.0437 3092 ql12160 - ok
    20:17:47.0703 3092 ql1240 - ok
    20:17:47.0875 3092 ql1280 - ok
    20:17:48.0093 3092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:17:48.0312 3092 RasAcd - ok
    20:17:48.0546 3092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:17:48.0750 3092 Rasl2tp - ok
    20:17:49.0015 3092 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:17:49.0187 3092 RasPppoe - ok
    20:17:49.0406 3092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:17:49.0593 3092 Raspti - ok
    20:17:49.0859 3092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:17:50.0093 3092 Rdbss - ok
    20:17:50.0328 3092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:17:50.0500 3092 RDPCDD - ok
    20:17:50.0828 3092 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:17:51.0015 3092 rdpdr - ok
    20:17:51.0250 3092 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:17:51.0343 3092 RDPWD - ok
    20:17:51.0562 3092 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:17:51.0734 3092 redbook - ok
    20:17:52.0109 3092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:17:52.0218 3092 Secdrv - ok
    20:17:52.0421 3092 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:17:52.0656 3092 serenum - ok
    20:17:52.0890 3092 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:17:53.0187 3092 Serial - ok
    20:17:53.0593 3092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:17:53.0765 3092 Sfloppy - ok
    20:17:54.0203 3092 Simbad - ok
    20:17:54.0359 3092 smwdm - ok
    20:17:54.0656 3092 Sparrow - ok
    20:17:54.0890 3092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:17:55.0078 3092 splitter - ok
    20:17:55.0312 3092 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:17:55.0421 3092 sr - ok
    20:17:55.0750 3092 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:17:55.0843 3092 Srv - ok
    20:17:56.0250 3092 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
    20:17:56.0265 3092 StarOpen ( UnsignedFile.Multi.Generic ) - warning
    20:17:56.0265 3092 StarOpen - detected UnsignedFile.Multi.Generic (1)
    20:17:56.0531 3092 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
    20:17:56.0703 3092 StillCam - ok
    20:17:57.0093 3092 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:17:57.0265 3092 swenum - ok
    20:17:57.0515 3092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:17:57.0703 3092 swmidi - ok
    20:17:57.0859 3092 symc810 - ok
    20:17:58.0140 3092 symc8xx - ok
    20:17:58.0453 3092 sym_hi - ok
    20:17:58.0796 3092 sym_u3 - ok
    20:17:59.0093 3092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:17:59.0281 3092 sysaudio - ok
    20:17:59.0578 3092 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:17:59.0734 3092 Tcpip - ok
    20:18:00.0000 3092 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:18:00.0187 3092 TDPIPE - ok
    20:18:00.0406 3092 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:18:00.0593 3092 TDTCP - ok
    20:18:00.0828 3092 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:18:01.0031 3092 TermDD - ok
    20:18:01.0218 3092 TosIde - ok
    20:18:01.0421 3092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:18:01.0609 3092 Udfs - ok
    20:18:01.0796 3092 ultra - ok
    20:18:02.0281 3092 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:18:02.0546 3092 Update - ok
    20:18:02.0781 3092 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:18:03.0000 3092 usbccgp - ok
    20:18:03.0250 3092 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:18:03.0421 3092 usbehci - ok
    20:18:03.0718 3092 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:18:03.0890 3092 usbhub - ok
    20:18:04.0156 3092 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:18:04.0343 3092 usbprint - ok
    20:18:04.0750 3092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:18:04.0937 3092 usbscan - ok
    20:18:05.0296 3092 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:18:05.0468 3092 USBSTOR - ok
    20:18:05.0812 3092 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:18:05.0984 3092 usbuhci - ok
    20:18:06.0375 3092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:18:06.0546 3092 VgaSave - ok
    20:18:06.0875 3092 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    20:18:06.0921 3092 viaagp1 - ok
    20:18:07.0312 3092 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:18:07.0640 3092 ViaIde - ok
    20:18:07.0906 3092 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
    20:18:07.0937 3092 viamraid - ok
    20:18:08.0312 3092 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:18:08.0546 3092 VolSnap - ok
    20:18:08.0875 3092 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:18:09.0046 3092 Wanarp - ok
    20:18:09.0281 3092 WDICA - ok
    20:18:09.0531 3092 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:18:09.0718 3092 wdmaud - ok
    20:18:10.0203 3092 xcpip - ok
    20:18:10.0562 3092 xpsec - ok
    20:18:10.0578 3092 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    20:18:13.0687 3092 \Device\Harddisk0\DR0 - ok
    20:18:13.0687 3092 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
    20:18:13.0812 3092 \Device\Harddisk1\DR1 - ok
    20:18:13.0843 3092 Boot (0x1200) (3285faccf3fcc2b7b1d8bbc0214ab37a) \Device\Harddisk0\DR0\Partition0
    20:18:13.0843 3092 \Device\Harddisk0\DR0\Partition0 - ok
    20:18:13.0843 3092 Boot (0x1200) (7ddad891ed9576e5bbf7c00fd069515a) \Device\Harddisk1\DR1\Partition0
    20:18:13.0843 3092 \Device\Harddisk1\DR1\Partition0 - ok
    20:18:13.0843 3092 ============================================================
    20:18:13.0843 3092 Scan finished
    20:18:13.0843 3092 ============================================================
    20:18:15.0093 0516 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    RP524: 17-1-2012 20:15:41 - TDSSKiller Starter Restore Point
    ==============================================

    Older logs
    ==============================================

    C:\TDSSKiller.2.7.2.0_16.01.2012_16.01.02_log.txt
    C:\TDSSKiller.2.7.2.0_16.01.2012_16.05.15_log.txt
    ==============================================
    EOF


    En het Combofix log:

    ComboFix 12-01-17.01 - Martin 17-01-2012 20:31:17.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.685 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Martin\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfeeAntivirus en antispyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Jan\Application Data\PriceGong
    c:\documents and settings\Jan\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data
    .xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Jan\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Jan\WINDOWS
    c:\documents and settings\Martin\Application Data\PriceGong
    c:\documents and settings\Martin\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data
    .xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Martin\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Martin\WINDOWS
    c:\windows\IsUn0413.exe
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\system32\msssc.dll
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\system32\sens32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_6TO4
    ——-\Legacy_SSHNAS
    ——-\Service_6to4
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-17 to 2012-01-17 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-17 19:15 . 2012-01-17 19:20 ——– d—–w- C:\TDSSStarter
    2012-01-17 19:13 . 2012-01-17 19:13 ——– d—–w- c:\windows\LastGood.Tmp
    2012-01-16 20:09 . 2012-01-16 20:09 ——– d—–w- c:\documents and settings\Martin\Application Data\Malwarebytes
    2012-01-16 20:09 . 2012-01-16 20:09 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-16 20:09 . 2012-01-16 20:09 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-16 20:09 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-16 19:29 . 2012-01-16 19:29 388096 —-a-r- c:\documents and settings\Martin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-16 19:29 . 2012-01-16 19:29 ——– d—–w- c:\program files\Trend Micro
    2012-01-16 19:28 . 2012-01-16 19:28 ——– d—–w- c:\documents and settings\Martin\Application Data\AVG2012
    2012-01-16 19:26 . 2012-01-16 19:26 ——– d—–w- c:\documents and settings\Martin\Application Data\AVG Secure Search
    2012-01-16 19:26 . 2012-01-16 19:26 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Secure Search
    2012-01-16 19:26 . 2012-01-16 19:26 ——– d—–w- c:\program files\Common Files\AVG Secure Search
    2012-01-16 19:26 . 2012-01-16 19:26 ——– d—–w- c:\program files\AVG Secure Search
    2012-01-16 19:22 . 2012-01-16 19:30 ——– d—–w- c:\windows\system32\drivers\AVG
    2012-01-16 19:22 . 2012-01-16 19:30 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-01-16 19:20 . 2012-01-16 19:20 ——– d—–w- c:\program files\AVG
    2012-01-16 19:17 . 2012-01-16 19:17 ——– d–h–w- c:\documents and settings\All Users\Application Data\Common Files
    2012-01-16 19:17 . 2012-01-16 19:31 ——– d—–w- c:\documents and settings\All Users\Application Data\MFAData
    2012-01-16 14:45 . 2012-01-16 14:45 ——– d—–w- c:\documents and settings\LocalService\Bureaublad
    2012-01-16 13:34 . 2012-01-16 17:53 ——– d—–w- c:\program files\Common Files\McAfee
    2012-01-16 13:33 . 2012-01-16 17:54 ——– d—–w- c:\program files\McAfee
    2012-01-16 13:32 . 2012-01-16 17:54 ——– d—–w- c:\documents and settings\All Users\Application Data\McAfee
    2012-01-16 12:59 . 2012-01-16 12:59 ——– d—–w- c:\documents and settings\Martin\Application Data\QuickScan
    2012-01-16 12:44 . 2012-01-17 19:21 ——– d–h–r- c:\documents and settings\Martin\Onlangs geopend
    2012-01-09 20:16 . 2012-01-09 20:17 ——– d—–w- c:\documents and settings\Martin\Application Data\GetRightToGo
    2012-01-05 19:14 . 2012-01-15 19:26 ——– d–h–r- c:\documents and settings\Jan\Onlangs geopend
    2012-01-01 18:00 . 2012-01-01 18:00 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2004-08-03 23:03 293888 —-a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40 . 2004-08-03 22:56 1859712 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12 . 2004-08-03 23:03 60928 —-a-w- c:\windows\system32\packager.exe
    2011-11-03 15:29 . 2004-08-03 23:03 386560 —-a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:29 . 2004-08-03 23:03 1296384 —-a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2004-08-03 23:03 1288192 —-a-w- c:\windows\system32\ole32.dll
    2011-10-31 23:37 . 2004-08-03 23:03 1830912 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-10-31 23:37 . 2004-08-03 23:03 832512 —-a-w- c:\windows\system32\wininet.dll
    2011-10-31 23:37 . 2004-08-03 23:03 78336 —-a-w- c:\windows\system32\ieencode.dll
    2011-10-31 23:37 . 2004-08-03 23:03 17408 —-a-w- c:\windows\system32\corpol.dll
    2011-10-31 01:21 . 2011-10-31 01:21 359040 —-a-w- c:\windows\system32\tcpip.dat
    2011-10-28 05:32 . 2004-08-03 23:03 33280 —-a-w- c:\windows\system32\csrsrv.dll
    2011-10-26 10:50 . 2004-08-04 00:58 2073728 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-10-26 10:50 . 2004-08-03 22:58 2197120 —-a-w- c:\windows\system32
    toskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 19:26 1574240 —-a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-16 1574240]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-17 77824]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 892768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync
    estart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 20:16 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
    2005-04-26 03:22 589824 —-a-r- c:\program files\VIA\RAID\raid_tool.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 6:23 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [16-1-2012 20:26 869216]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4-10-2011 6:21 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 12:21 135664]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 12:21 135664]
    S3 kmgy.sys;kmgy.sys;\??\c:\windows\system32\drivers\kmgy.sys –> c:\windows\system32\drivers\kmgy.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]
    S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:20]
    .
    2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:20]
    .
    2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-527237240-682003330-1004Core.job
    - c:\documents and settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-03 08:03]
    .
    2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-527237240-682003330-1004UA.job
    - c:\documents and settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-03 08:03]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 213.197.28.3 213.197.30.28
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-HP PrecisionScan LT - c:\windows\IsUn0413.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-17 20:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–¤|ÿÿÿÿ¤•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-01-17 20:56:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-01-17 19:56
    .
    Pre-Run: 16.323.522.560 bytes beschikbaar
    Post-Run: 16.476.778.496 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - CA282BEA0F5C19AC30F2AB2F8EA36BB1












  • Hoi Joep, even een tip voor de volgende keer dat jij een PC van een ander onderhanden neemt: het is niet noodzakelijk dat die PC ook op internet aangesloten dient te zijn.
    Want via USB-stick kan je bestanden en logs ook overzetten.

    Die trojandownloaders, welke MBAM heeft verwijderd, duiden waarschijnlijk op met keygens geactiveerde software en mogelijk het gegeven dat deze PC door derden was overgenomen.

    Anderzijds is het een goed ding nu, indien jij jouw PC ook laat onderzoeken!

    We gaan door: [b:19a67577f7]doe de ESET online scan (Klik).[/b:19a67577f7]
    [list:19a67577f7]
    [*:19a67577f7]Klik op de knop [b:19a67577f7]ESET Online Scanner[/b:19a67577f7]
    [*:19a67577f7]Zet een vinkje bij [b:19a67577f7]YES, I accept the Terms of Use[/b:19a67577f7]
    [*:19a67577f7]Klik op [b:19a67577f7]Start[/b:19a67577f7]
    [*:19a67577f7]Sta het ActiveX control toe om te installeren.
    [*:19a67577f7]Zet een vinkje bij de volgende opties:
    [list:19a67577f7][*:19a67577f7][b:19a67577f7]Remove found threats[/b:19a67577f7]
    [*:19a67577f7][b:19a67577f7]Scan archives[/b:19a67577f7][/list:u:19a67577f7]
    [*:19a67577f7]Klik vervolgens op [b:19a67577f7]
  • Hoi Abraham,

    Met de Eset scanner en de aangegeven instellingen werd niets gevonden op de PC in kwestie.

    Het viel me wel op dat Internet Explorer op die machine onwaarschijnlijk traag was; na klikken op het icoon duurde het ca. 4 minuten voordat ik het Googlevenster voor me had. Maar goed, dat kan ook nog aan andere dingen liggen, want ik heb even later de router moeten resetten omdat ik met mijn eigen machine ook niet meer het internet op kwam. Nu weer wel dus, maar ik blijf toch een onbehaaglijk gevoel bij dit alles houden.

    Is de PC nu schoon denk je, of moet er nog meer gescand worden?
  • Hallo Joep, je mag het volgende ondernemen:

  • Hoi Abraham,

    Bij deze het log van LopSD:


    ——————–\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor 3000+ )
    BIOS : BIOS Date: 04/20/06 19:53:24 Ver: 08.00.09
    USER : Martin ( Administrator )
    BOOT : Normal boot
    Antivirus : McAfeeAntivirus en antispyware (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:38 Go (Free:15 Go)
    D:\ (Local Disk) - FAT32 - Total:28 Go (Free:27 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB) - FAT32 - Total:1007 Mo (Free:0 Go)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( do 19-01-2012|18:15 )





    ——————–\\ Beschrijving van mappen in APPLIC~1

    [16-01-2012|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [31-10-2011|02:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [16-01-2012|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [31-10-2011|02:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
    [6|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar

    [18-08-2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [08-11-2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [16-01-2012|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Secure Search
    [16-01-2012|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG2012
    [30-08-2011|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canneverbe Limited
    [16-01-2012|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Common Files
    [18-08-2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [30-12-2011|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [30-12-2011|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hema Album Software Advanced
    [10-05-2009|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hps
    [18-08-2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [16-01-2012|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [16-01-2012|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [18-01-2012|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MFAData
    [16-01-2012|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [16-01-2012|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
    [20-08-2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [11-08-2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [17-01-2009|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [30-12-2011|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [11-08-2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [02-10-2008|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
    [24|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

    [10-08-2008|15:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

    [07-10-2008|17:34] C:\DOCUME~1\Jan\APPLIC~1\Adobe
    [31-10-2011|02:46] C:\DOCUME~1\Jan\APPLIC~1\Belastingdienst
    [10-03-2011|16:03] C:\DOCUME~1\Jan\APPLIC~1\Boevca
    [19-10-2011|21:17] C:\DOCUME~1\Jan\APPLIC~1\Canneverbe Limited
    [31-10-2011|02:03] C:\DOCUME~1\Jan\APPLIC~1\Epoldo
    [11-03-2011|10:37] C:\DOCUME~1\Jan\APPLIC~1\Eshi
    [11-03-2011|11:51] C:\DOCUME~1\Jan\APPLIC~1\Ezsy
    [24-09-2009|09:56] C:\DOCUME~1\Jan\APPLIC~1\Google
    [07-02-2009|23:34] C:\DOCUME~1\Jan\APPLIC~1\Help
    [10-08-2008|16:04] C:\DOCUME~1\Jan\APPLIC~1\Identities
    [07-03-2011|20:07] C:\DOCUME~1\Jan\APPLIC~1\Ihid
    [10-03-2011|16:03] C:\DOCUME~1\Jan\APPLIC~1\Ipwoe
    [02-10-2008|18:56] C:\DOCUME~1\Jan\APPLIC~1\Macromedia
    [22-08-2010|00:12] C:\DOCUME~1\Jan\APPLIC~1\Microsoft
    [17-01-2009|20:54] C:\DOCUME~1\Jan\APPLIC~1\OLYMPUS
    [30-12-2011|22:39] C:\DOCUME~1\Jan\APPLIC~1\Skype
    [21-08-2011|00:27] C:\DOCUME~1\Jan\APPLIC~1\skypePM
    [14-01-2012|23:37] C:\DOCUME~1\Jan\APPLIC~1\vlc
    [07-01-2012|12:19] C:\DOCUME~1\Jan\APPLIC~1\Wymuo
    [10-03-2011|15:12] C:\DOCUME~1\Jan\APPLIC~1\Zeba
    [0|bestand(en)] C:\DOCUME~1\Jan\APPLIC~1\bytes
    [22|map(pen)] C:\DOCUME~1\Jan\APPLIC~1\bytes beschikbaar

    [10-08-2008|16:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

    [18-08-2008|20:45] C:\DOCUME~1\Martin\APPLIC~1\Adobe
    [16-01-2012|20:26] C:\DOCUME~1\Martin\APPLIC~1\AVG Secure Search
    [16-01-2012|20:28] C:\DOCUME~1\Martin\APPLIC~1\AVG2012
    [30-08-2011|18:40] C:\DOCUME~1\Martin\APPLIC~1\Canneverbe Limited
    [09-01-2012|21:17] C:\DOCUME~1\Martin\APPLIC~1\GetRightToGo
    [30-09-2009|16:49] C:\DOCUME~1\Martin\APPLIC~1\Google
    [10-08-2008|16:39] C:\DOCUME~1\Martin\APPLIC~1\Identities
    [30-08-2011|19:23] C:\DOCUME~1\Martin\APPLIC~1\InfraRecorder
    [20-10-2008|21:23] C:\DOCUME~1\Martin\APPLIC~1\Macromedia
    [16-01-2012|21:09] C:\DOCUME~1\Martin\APPLIC~1\Malwarebytes
    [16-01-2012|20:29] C:\DOCUME~1\Martin\APPLIC~1\Microsoft
    [30-08-2011|19:51] C:\DOCUME~1\Martin\APPLIC~1\OpenCandy
    [16-01-2012|13:59] C:\DOCUME~1\Martin\APPLIC~1\QuickScan
    [30-08-2011|18:51] C:\DOCUME~1\Martin\APPLIC~1\vlc
    [0|bestand(en)] C:\DOCUME~1\Martin\APPLIC~1\bytes
    [16|map(pen)] C:\DOCUME~1\Martin\APPLIC~1\bytes beschikbaar

    [10-08-2008|16:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

    ——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

    [18-01-2012 18:30][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-527237240-682003330-1004UA.job
    [16-01-2012 10:30][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-527237240-682003330-1004Core.job
    [19-01-2012 18:10][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [19-01-2012 18:10][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [29-12-2011 20:39][–a——] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [19-01-2012 18:08][–ah—–] C:\WINDOWS\tasks\SA.DAT
    [07-09-2001 13:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini

    ——————–\\ Beschrijving van mappen in C:\Program Files

    [21-07-2009|18:31] C:\Program Files\Adobe
    [10-10-2011|21:30] C:\Program Files\Ahead
    [18-08-2008|19:47] C:\Program Files\Analog Devices
    [08-11-2008|22:23] C:\Program Files\Apple Software Update
    [16-01-2012|20:20] C:\Program Files\AVG
    [16-01-2012|20:26] C:\Program Files\AVG Secure Search
    [22-05-2011|10:40] C:\Program Files\Belastingdienst
    [10-10-2011|19:57] C:\Program Files\CCleaner
    [30-08-2011|19:51] C:\Program Files\CDBurnerXP
    [17-01-2012|20:34] C:\Program Files\Common Files
    [10-08-2008|15:50] C:\Program Files\ComPlus Applications
    [18-08-2008|19:36] C:\Program Files\CyberLink
    [31-10-2011|01:58] C:\Program Files\EasyCleaner
    [18-01-2012|17:01] C:\Program Files\ESET
    [10-10-2011|21:33] C:\Program Files\Fotoservice
    [30-12-2011|22:43] C:\Program Files\Google
    [18-08-2008|17:54] C:\Program Files\Hewlett-Packard
    [17-01-2009|20:54] C:\Program Files\InstallShield Installation Information
    [30-12-2011|21:52] C:\Program Files\Internet Explorer
    [18-08-2008|20:13] C:\Program Files\Lavasoft
    [25-10-2010|00:41] C:\Program Files\Lugert Europe
    [16-01-2012|21:09] C:\Program Files\Malwarebytes' Anti-Malware
    [16-01-2012|18:54] C:\Program Files\McAfee
    [12-08-2008|20:33] C:\Program Files\Messenger
    [16-01-2012|13:49] C:\Program Files\Microsoft
    [10-08-2008|15:56] C:\Program Files\microsoft frontpage
    [31-10-2011|02:20] C:\Program Files\Microsoft Office
    [20-08-2008|20:10] C:\Program Files\Microsoft Plus!
    [13-10-2011|20:34] C:\Program Files\Microsoft Silverlight
    [15-09-2009|21:41] C:\Program Files\Microsoft Sync Framework
    [30-08-2011|18:24] C:\Program Files\Microsoft.NET
    [13-08-2010|09:47] C:\Program Files\Movie Maker
    [10-08-2008|15:49] C:\Program Files\MSN Gaming Zone
    [11-08-2008|19:58] C:\Program Files\MSXML 4.0
    [23-09-2010|21:58] C:\Program Files\NetMeeting
    [20-08-2008|19:59] C:\Program Files\NOS
    [17-01-2009|20:52] C:\Program Files\OLYMPUS
    [10-08-2008|15:53] C:\Program Files\Online Services
    [20-12-2010|10:14] C:\Program Files\Outlook Express
    [17-01-2009|20:51] C:\Program Files\PIXELA
    [18-08-2008|19:36] C:\Program Files\PowerDVD
    [17-01-2009|20:49] C:\Program Files\QuickTime
    [31-10-2011|02:03] C:\Program Files\totalcmd
    [16-01-2012|20:29] C:\Program Files\Trend Micro
    [10-08-2008|16:04] C:\Program Files\Uninstall Information
    [18-08-2008|19:53] C:\Program Files\VIA
    [01-02-2011|15:04] C:\Program Files\Windows Live
    [02-10-2008|19:06] C:\Program Files\Windows Live Favorites
    [15-09-2009|21:38] C:\Program Files\Windows Live SkyDrive
    [20-08-2011|23:18] C:\Program Files\Windows Live Toolbar
    [10-08-2008|16:26] C:\Program Files\Windows Media Player
    [10-08-2008|16:22] C:\Program Files\Windows NT
    [10-08-2008|15:53] C:\Program Files\WindowsUpdate
    [18-08-2008|17:47] C:\Program Files\WinRAR
    [10-08-2008|15:56] C:\Program Files\xerox
    [0|bestand(en)] C:\Program Files\bytes
    [57|map(pen)] C:\Program Files\bytes beschikbaar

    ——————–\\ Beschrijving van mappen in C:\Program Files\Common Files

    [18-08-2008|20:43] C:\Program Files\Common Files\Adobe
    [16-01-2012|20:26] C:\Program Files\Common Files\AVG Secure Search
    [11-08-2008|19:52] C:\Program Files\Common Files\Cisco Systems
    [11-08-2008|19:31] C:\Program Files\Common Files\DESIGNER
    [18-08-2008|19:47] C:\Program Files\Common Files\InstallShield
    [16-01-2012|18:53] C:\Program Files\Common Files\McAfee
    [20-06-2011|07:30] C:\Program Files\Common Files\Microsoft Shared
    [10-08-2008|15:51] C:\Program Files\Common Files\MSSoap
    [21-07-2009|18:40] C:\Program Files\Common Files\Network Associates
    [10-08-2008|17:22] C:\Program Files\Common Files\ODBC
    [10-08-2008|15:51] C:\Program Files\Common Files\Services
    [10-08-2008|17:22] C:\Program Files\Common Files\SpeechEngines
    [10-08-2008|16:21] C:\Program Files\Common Files\System
    [15-09-2009|21:34] C:\Program Files\Common Files\Windows Live
    [18-08-2008|20:12] C:\Program Files\Common Files\Wise Installation Wizard
    [0|bestand(en)] C:\Program Files\Common Files\bytes
    [17|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

    ——————–\\ Process

    ( 29 Processes )

    … OK !

    ——————–\\ Zoeken met S_Lop

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken naar Lop Bestanden - Mappen

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken doorheen het Register

    ….. OK !

    ——————–\\ Nazicht van het Hosts bestand

    Hosts bestand IN ORDE


    ——————–\\ Zoeken naar verborgen bestanden met Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-19 18:17:33
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes …
    scanning hidden files …
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    ——————–\\ Zoeken naar andere infecties


    Geen andere infecties gevonden !

    [F:2][D:0]-> C:\DOCUME~1\Martin\LOCALS~1\Temp
    [F:53][D:0]-> C:\DOCUME~1\Martin\Cookies
    [F:454][D:4]-> C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - do 19-01-2012|18:21 - Option : [2]

    ——————–\\ Scan voltooid om 18:21:56
  • Hallo Joep, laat mij weten hoe Windows nu draait.
  • Hoi Abraham,

    Het starten van de PC gaat ongeveer zoals je van een relatief oude machine mag verwachten, wellicht nog iets trager. Maar als je vervolgens het bureaublad voor je hebt en bijvoorbeeld rechts-klikt op Deze computer om vervolgens voor Eigenschappen te kiezen, dan duurt het zo'n kleine 5 minuten voordat je dat tabblad daadwerkelijk te zien krijgt. Klik ik vervolgens door naar Apparaatbeheer, dan ziet alles er goed uit, geen gele vraagtekens.

    En wat me nu opviel: als ik in het configuratiescherm klik op Hardware, dan krijg ik de melding dat er maar één apparaat tegelijk aangesloten kan worden (of in elk geval een melding met die strekking). Dat lijkt erop alsof Windows dus op dat moment druk is met te proberen een stukje hardware te installeren. Maar wat, ik weet het niet.

    Wanneer ik ná die eerste moeizame minuten nogmaals rechtsklik op Deze Computer en vervolgens Eigenschappen kies, dan gaat alles vlotjes, en ook Apparaatbeheer is dan weer gewoon beschikbaar. Zou er dan (naast alles virussen) toch ook iets met de hardware zijn? En hoe kom ik daar achter als in Apparaatbeheer alles in orde lijkt te zijn?
  • Hallo Joep, indien jij Taakbeheer opstart, hoeveel processen zijn er dan en wat is het CPU-gebruik?

    En laten we de HD eens onderzoeken:

    [b:6b881bef14]Welk programma[/b:6b881bef14]: CrystalDiskInfo
    [b:6b881bef14]Waarvoor/waarom[/b:6b881bef14]: controle van van SMART-gegevens van de harddisk(s)
    [b:6b881bef14]Moeilijkheidsgraad[/b:6b881bef14]: geen.
    [b:6b881bef14]Download CrystalDiskInfo[/b:6b881bef14] [b:6b881bef14]hier[/b:6b881bef14]


    [img:6b881bef14]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:6b881bef14]


    Installeer het tool en start vervolgens CrystalDiskInfo

    Het tool leest daarop de SMART-gegevens van de aangesloten harddisks.
    Is de kleur Blauw - dan volledig gezond.
    Is de kleur Geel - dan zijn er problemen.
    Is de kleur Rood - dan de HD z.s.m. vervangen.

    Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
  • Hoi Abraham,

    Als ik Taakbeheer start zijn er 36 processen actief, en het CPU gebruik is 0%. Af en toe gaat de teller naar 37 processen, en dan gaat het CPU gebruik sterk variëren tussen ca. 5% en 90%. Vervolgens weer terug naar 36 of 35 processen met 0% gebruik. Grootste gedeelte van de tijd dat ik nu zit te kijken is het CPU gebruik 0%.

    CrystalDiskInfo wist te vertellen dat de C-schijf prima voor elkaar is (alles blauw) en de D-schijf (is fysiek ook een andere schijf) had een gele waarschuwing (Reallocated Sectors Count). Zou dat wellicht een oorzaak van het "vertraagd uit de startblokken komen" kunnen zijn?

    En wellicht een heel onbenullige vraag: kan ik er, na de diverse scans die we uitgevoerd hebben, nu vanuit gaan dat dit "bakkie" in elk geval virusvrij is?
  • Hoi Joep, die D-schijf zit nu in het alleerste begin van het afstervingsproces.

    Staan daar programma's op die met Windows dienen op te starten?

    Verder zijn we klaar met d fix zelf en gaan we opruimen.
    Wanneer dit alles gedaan is gaan we kijken of er meer tempo uit Windows te halen is.


    Maar eerst dit:
    hou MBAM en de Eset Onlinescanner in jouw Windows erbij.
    Navigeer naar [b:3ee1523607]C:\Program Files\ESET\ESET Online Scanner[/b:3ee1523607] en klik met rechts op en kies dan voor Snelkoppeling op het bureaublad plaatsen.

    Gebruik MBAM 1x wekelijks - na upaten kies je voor snelle scan.
    Gebruik OnlineScannerApp.exe ix maandelijks.
    Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten.
    En nog een tip: hier - http://www.jawwi.nl/artikelen/cookies.html - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren.


  • Hoi Abraham,

    Als eerste het resultaat van de security check:

    Results of screen317's Security Check version 0.99.30
    Windows XP Service Pack 3 x86
    Internet Explorer 7
  • Als de computer bij het opstarten piepen gaat, dan is er een hardwareprobleem!

    Alleen wat er aan de hand weet ik niet.
    Enig idee hoe oud die PC inmiddels is?
  • Na nog een keer proberen zie ik dat ik iets overdreven heb; hij piept geen 2 seconden maar ca. 1 seconde. Er zit een AMI-bios in, en als je daar op Googled vind je geen bijzonderheden bij een pieptoon van 1 seconde.

    De PC is ca. 6 jaar oud.

    Ik heb ondertussen Adobe Reader 8 vervangen door Adobe Reader 10, en IE7 vervangen door Chrome. Bij een 'koude' start is Chrome ook supertraag in het opstarten: één keer kreeg ik daarbij de melding dat er een probleem was met mijn profiel. Maar goed, da's een melding waar ik in elk geval niets mee kan. Jij wel?
  • Nee, ik ken dat niet.
    Chrome - ondanks zijn goede werking - komt niet in mijn Windows, net zomin als andere Google programma's.

    Maak de kast eens los en kontroleer of alle aansluitingen nog goed aangedrukt zitten.
    Zorg er wel voor dat de stroom van de kast weg is!
  • Ik had de kast zojuist al open gemaakt, alles aangedrukt, geheugenmodules gewisseld e.d. Maakt allemaal niets uit. Maar op de een of andere manier heb ik het idee dat die piep bij het opstarten niet zo van belang is.

    Ik begrijp dat je niet graag met Google-producten werkt; je goed recht natuurlijk. Zelf heb ik er niet zo'n probleem mee. Maar opvallend is dat Chrome dus exact hetzelfde gedrag vertoont als IE7; na opstarten van de PC was IE7 ongeveer 5 minuten niet 'aanspreekbaar', en bij Chrome doet zich exact hetzelfde fenomeen voor, weliswaar dan nog vergezeld van een melding waar we niets mee kunnen.
    Een en ander geeft me wel het idee dat er toch nog wat anders aan de hand is. Ik ga denk ik maar eens op zoek ga naar een programmaatje dat ik van 'vroeger' ken, genaamd StartupCop. Eens zien (als het nog bestaat) of dat wellicht meer inzicht geeft in wat er die eerste 5 minuten na opstarten gebeurt. Wordt vervolgd, dus.
  • Post maar eerst een nieuw HJT-log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.