Register een gratis account om van alle functies op het forum gebruik te kunnen maken.

Problemen met uw computer, of heeft u advies nodig? PC Web Plus helpt u graag verder.

Welkom op PC Web Plus, op dit computerforum kunt u terecht voor gratis hulp bij computerproblemen en allerhande vragen over software, hardware en computerbeveiliging.

Als gast kunt u alleen het forum bekijken en meelezen met de verschillende discussies. U kunt echter geen reacties of commentaar geven op bestaande discussies, of nieuwe onderwerpen op het forum starten met uw vraag of probleem.

Klik op de onderstaande link om geheel gratis een gebruikersaccount op ons forum te registreren. Vanaf dat moment kunt u deelnemen aan de diverse discussies op het forum.

Klik hier om een gratis account te registreren! - of lees onze Welkomstgids door voor meer informatie over het gebruik van het forum.

Forumoverzicht Malware en virusinfectie problemen Hulp bij malware en virusinfectie problemen (HijackThis / RSIT / DDS logs) Opgeloste problemen / logs

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.

Brief van Ziggo - Torpig

Berichtdoor makkink » di 14 mei, 2013 16:45:21

Ik heb sins kort ook dit virus op mijn computer staan zou iemand mij hier mee kunnen helpen om er af te halen ben niet echt goed met computers.
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » di 14 mei, 2013 16:57:00

Hallo en welkom op het forum,

Download TDSSKiller en plaats het op je bureaublad.
  • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.
  • Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).
  • Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
  • Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
  • Start nu TDSSkiller opnieuw.
  • Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
    Afbeelding
  • Klik op de knop "Start Scan" en volg de instructies.
    • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
    • Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
    • Voeg dit log-bestand als bijlage toe aan het volgende bericht.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » wo 15 mei, 2013 18:09:37

16:21:46.0006 72344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:21:46.0163 72344 ============================================================
16:21:46.0163 72344 Current date / time: 2013/05/15 16:21:46.0163
16:21:46.0163 72344 SystemInfo:
16:21:46.0163 72344
16:21:46.0163 72344 OS Version: 5.1.2600 ServicePack: 3.0
16:21:46.0163 72344 Product type: Workstation
16:21:46.0163 72344 ComputerName: PRIV-EE17703785
16:21:46.0163 72344 UserName: michel
16:21:46.0163 72344 Windows directory: C:\WINDOWS
16:21:46.0163 72344 System windows directory: C:\WINDOWS
16:21:46.0163 72344 Processor architecture: Intel x86
16:21:46.0163 72344 Number of processors: 2
16:21:46.0163 72344 Page size: 0x1000
16:21:46.0163 72344 Boot type: Normal boot
16:21:46.0163 72344 ============================================================
16:21:47.0178 72344 BG loaded
16:21:47.0381 72344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:21:47.0913 72344 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:21:47.0913 72344 ============================================================
16:21:47.0913 72344 \Device\Harddisk0\DR0:
16:21:47.0944 72344 MBR partitions:
16:21:47.0944 72344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:21:47.0944 72344 \Device\Harddisk1\DR2:
16:21:47.0944 72344 MBR partitions:
16:21:47.0944 72344 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
16:21:47.0944 72344 ============================================================
16:21:47.0975 72344 C: <-> \Device\Harddisk0\DR0\Partition1
16:21:47.0991 72344 E: <-> \Device\Harddisk1\DR2\Partition1
16:21:47.0991 72344 ============================================================
16:21:47.0991 72344 Initialize success
16:21:47.0991 72344 ============================================================
16:21:56.0710 9272 ============================================================
16:21:56.0710 9272 Scan started
16:21:56.0710 9272 Mode: Manual; SigCheck; TDLFS;
16:21:56.0710 9272 ============================================================
16:21:56.0850 9272 ================ Scan services =============================
16:21:56.0991 9272 [ 31637CF039DD52468238DE4A06630D90 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
16:21:57.0178 9272 6to4 - ok
16:21:57.0210 9272 Abiosdsk - ok
16:21:57.0225 9272 abp480n5 - ok
16:21:57.0272 9272 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:21:57.0397 9272 ACPI - ok
16:21:57.0413 9272 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:21:57.0538 9272 ACPIEC - ok
16:21:57.0616 9272 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:21:57.0631 9272 AdobeFlashPlayerUpdateSvc - ok
16:21:57.0647 9272 adpu160m - ok
16:21:57.0694 9272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:21:57.0835 9272 aec - ok
16:21:57.0866 9272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:21:57.0913 9272 AFD - ok
16:21:57.0928 9272 Aha154x - ok
16:21:57.0928 9272 aic78u2 - ok
16:21:57.0944 9272 aic78xx - ok
16:21:57.0960 9272 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:21:58.0085 9272 Alerter - ok
16:21:58.0116 9272 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe
16:21:58.0163 9272 ALG - ok
16:21:58.0163 9272 AliIde - ok
16:21:58.0210 9272 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:21:58.0256 9272 AmdPPM - ok
16:21:58.0256 9272 amsint - ok
16:21:58.0428 9272 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:21:58.0444 9272 Apple Mobile Device - ok
16:21:58.0444 9272 AppMgmt - ok
16:21:58.0460 9272 asc - ok
16:21:58.0460 9272 asc3350p - ok
16:21:58.0475 9272 asc3550 - ok
16:21:58.0631 9272 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:21:58.0647 9272 aspnet_state - ok
16:21:58.0694 9272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:21:58.0819 9272 AsyncMac - ok
16:21:58.0850 9272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:21:58.0975 9272 atapi - ok
16:21:58.0975 9272 Atdisk - ok
16:21:59.0022 9272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:21:59.0147 9272 Atmarpc - ok
16:21:59.0194 9272 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:21:59.0319 9272 AudioSrv - ok
16:21:59.0350 9272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:21:59.0491 9272 audstub - ok
16:21:59.0538 9272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:21:59.0663 9272 Beep - ok
16:21:59.0710 9272 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll
16:21:59.0850 9272 BITS - ok
16:21:59.0944 9272 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:21:59.0975 9272 Bonjour Service - ok
16:22:00.0022 9272 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll
16:22:00.0069 9272 Browser - ok
16:22:00.0288 9272 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
16:22:00.0397 9272 BrowserProtect - ok
16:22:00.0506 9272 catchme - ok
16:22:00.0538 9272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:22:00.0678 9272 cbidf2k - ok
16:22:00.0678 9272 cd20xrnt - ok
16:22:00.0710 9272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:22:00.0866 9272 Cdaudio - ok
16:22:00.0897 9272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:22:01.0022 9272 Cdfs - ok
16:22:01.0053 9272 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:22:01.0210 9272 Cdrom - ok
16:22:01.0225 9272 Changer - ok
16:22:01.0256 9272 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:22:01.0397 9272 CiSvc - ok
16:22:01.0397 9272 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:22:01.0538 9272 ClipSrv - ok
16:22:01.0569 9272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:01.0600 9272 clr_optimization_v2.0.50727_32 - ok
16:22:01.0600 9272 CmdIde - ok
16:22:01.0616 9272 COMSysApp - ok
16:22:01.0631 9272 Cpqarray - ok
16:22:01.0631 9272 cpuz134 - ok
16:22:01.0694 9272 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:22:01.0850 9272 CryptSvc - ok
16:22:01.0850 9272 dac2w2k - ok
16:22:01.0850 9272 dac960nt - ok
16:22:01.0897 9272 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:22:01.0944 9272 DcomLaunch - ok
16:22:01.0991 9272 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
16:22:02.0038 9272 dgderdrv - ok
16:22:02.0069 9272 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:22:02.0085 9272 dg_ssudbus - ok
16:22:02.0147 9272 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:22:02.0303 9272 Dhcp - ok
16:22:02.0350 9272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:22:02.0475 9272 Disk - ok
16:22:02.0475 9272 dmadmin - ok
16:22:02.0553 9272 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:22:02.0678 9272 dmboot - ok
16:22:02.0694 9272 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:22:02.0850 9272 dmio - ok
16:22:02.0897 9272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:22:03.0022 9272 dmload - ok
16:22:03.0053 9272 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:22:03.0194 9272 dmserver - ok
16:22:03.0241 9272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:22:03.0366 9272 DMusic - ok
16:22:03.0413 9272 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:22:03.0444 9272 Dnscache - ok
16:22:03.0475 9272 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:22:03.0600 9272 Dot3svc - ok
16:22:03.0616 9272 dpti2o - ok
16:22:03.0631 9272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:22:03.0756 9272 drmkaud - ok
16:22:03.0788 9272 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:22:03.0944 9272 EapHost - ok
16:22:03.0975 9272 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:22:04.0085 9272 ERSvc - ok
16:22:04.0131 9272 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe
16:22:04.0147 9272 Eventlog - ok
16:22:04.0194 9272 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll
16:22:04.0241 9272 EventSystem - ok
16:22:04.0288 9272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:22:04.0428 9272 Fastfat - ok
16:22:04.0475 9272 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:22:04.0491 9272 FastUserSwitchingCompatibility - ok
16:22:04.0538 9272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:22:04.0694 9272 Fdc - ok
16:22:04.0741 9272 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:22:04.0881 9272 Fips - ok
16:22:04.0928 9272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:22:05.0069 9272 Flpydisk - ok
16:22:05.0116 9272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:22:05.0241 9272 FltMgr - ok
16:22:05.0319 9272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:22:05.0350 9272 FontCache3.0.0.0 - ok
16:22:05.0366 9272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:22:05.0522 9272 Fs_Rec - ok
16:22:05.0538 9272 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:22:05.0694 9272 Ftdisk - ok
16:22:05.0694 9272 ftpjfu.sys - ok
16:22:05.0741 9272 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:22:05.0756 9272 GEARAspiWDM - ok
16:22:05.0772 9272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:22:05.0928 9272 Gpc - ok
16:22:05.0944 9272 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:22:06.0100 9272 HDAudBus - ok
16:22:06.0413 9272 [ 5327BAD9B35C33D2A64B64E4CF282ECD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:22:06.0553 9272 helpsvc - ok
16:22:06.0569 9272 HidServ - ok
16:22:06.0600 9272 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:22:06.0725 9272 hkmsvc - ok
16:22:06.0725 9272 hpn - ok
16:22:06.0772 9272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:22:06.0803 9272 HTTP - ok
16:22:06.0835 9272 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:22:06.0991 9272 HTTPFilter - ok
16:22:06.0991 9272 i2omgmt - ok
16:22:06.0991 9272 i2omp - ok
16:22:07.0038 9272 [ C43372D0682F8E32E4EC21117E089EC0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:22:07.0194 9272 i8042prt - ok
16:22:07.0288 9272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:22:07.0335 9272 idsvc - ok
16:22:07.0350 9272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:22:07.0491 9272 Imapi - ok
16:22:07.0538 9272 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:22:07.0678 9272 ImapiService - ok
16:22:07.0694 9272 ini910u - ok
16:22:07.0866 9272 [ 8CD7F3FB0B2418AF79914ADB1E265184 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:22:08.0069 9272 IntcAzAudAddService - ok
16:22:08.0085 9272 IntelIde - ok
16:22:08.0131 9272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:22:08.0256 9272 Ip6Fw - ok
16:22:08.0288 9272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:22:08.0444 9272 IpFilterDriver - ok
16:22:08.0475 9272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:22:08.0600 9272 IpInIp - ok
16:22:08.0663 9272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:22:08.0803 9272 IpNat - ok
16:22:08.0850 9272 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:22:08.0881 9272 iPod Service - ok
16:22:08.0913 9272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:22:09.0069 9272 IPSec - ok
16:22:09.0116 9272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:22:09.0210 9272 IRENUM - ok
16:22:09.0241 9272 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:22:09.0366 9272 isapnp - ok
16:22:09.0506 9272 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:22:09.0538 9272 JavaQuickStarterService - ok
16:22:09.0585 9272 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:22:09.0741 9272 Kbdclass - ok
16:22:09.0772 9272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:22:09.0897 9272 kmixer - ok
16:22:09.0944 9272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:22:09.0960 9272 KSecDD - ok
16:22:10.0147 9272 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
16:22:10.0178 9272 KSS - ok
16:22:10.0225 9272 [ C7955E7EDAEA462D04F1C4BE1D340372 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:22:10.0256 9272 LanmanServer - ok
16:22:10.0303 9272 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:22:10.0319 9272 lanmanworkstation - ok
16:22:10.0335 9272 lbrtfdc - ok
16:22:10.0366 9272 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:22:10.0538 9272 LmHosts - ok
16:22:10.0569 9272 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:22:10.0585 9272 MBAMProtector - ok
16:22:10.0647 9272 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:22:10.0678 9272 MBAMScheduler - ok
16:22:10.0710 9272 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:22:10.0741 9272 MBAMService - ok
16:22:10.0772 9272 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:22:10.0928 9272 Messenger - ok
16:22:10.0960 9272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:22:11.0100 9272 mnmdd - ok
16:22:11.0131 9272 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:22:11.0288 9272 mnmsrvc - ok
16:22:11.0303 9272 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:22:11.0444 9272 Modem - ok
16:22:11.0460 9272 [ 5023875A94B0766D98A62A72BC4CB055 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:22:11.0491 9272 motmodem - ok
16:22:11.0522 9272 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:22:11.0647 9272 Mouclass - ok
16:22:11.0678 9272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:22:11.0819 9272 MountMgr - ok
16:22:11.0850 9272 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:22:11.0881 9272 MpFilter - ok
16:22:12.0022 9272 [ A69630D039C38018689190234F866D77 ] MpKsl40f81608 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7A92015-61CD-4E0F-B75A-ABBA735D8336}\MpKsl40f81608.sys
16:22:12.0038 9272 MpKsl40f81608 - ok
16:22:12.0053 9272 mraid35x - ok
16:22:12.0053 9272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:22:12.0225 9272 MRxDAV - ok
16:22:12.0241 9272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:22:12.0256 9272 MRxSmb - ok
16:22:12.0319 9272 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:22:12.0475 9272 MSDTC - ok
16:22:12.0522 9272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:22:12.0647 9272 Msfs - ok
16:22:12.0647 9272 MSIServer - ok
16:22:12.0663 9272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:22:12.0788 9272 MSKSSRV - ok
16:22:12.0866 9272 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:22:12.0881 9272 MsMpSvc - ok
16:22:12.0928 9272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:22:13.0053 9272 MSPCLOCK - ok
16:22:13.0053 9272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:22:13.0210 9272 MSPQM - ok
16:22:13.0241 9272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:22:13.0366 9272 mssmbios - ok
16:22:13.0428 9272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:22:13.0444 9272 Mup - ok
16:22:13.0475 9272 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll
16:22:13.0631 9272 napagent - ok
16:22:13.0663 9272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:22:13.0772 9272 NDIS - ok
16:22:13.0819 9272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:22:13.0850 9272 NdisTapi - ok
16:22:13.0897 9272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:22:14.0038 9272 Ndisuio - ok
16:22:14.0053 9272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:22:14.0178 9272 NdisWan - ok
16:22:14.0210 9272 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:22:14.0241 9272 NDProxy - ok
16:22:14.0256 9272 Nero BackItUp Scheduler 4.0 - ok
16:22:14.0272 9272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:22:14.0413 9272 NetBIOS - ok
16:22:14.0444 9272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:22:14.0585 9272 NetBT - ok
16:22:14.0631 9272 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe
16:22:14.0756 9272 NetDDE - ok
16:22:14.0772 9272 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:22:14.0897 9272 NetDDEdsdm - ok
16:22:14.0928 9272 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:22:15.0116 9272 Netlogon - ok
16:22:15.0163 9272 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll
16:22:15.0319 9272 Netman - ok
16:22:15.0350 9272 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:22:15.0381 9272 NetTcpPortSharing - ok
16:22:15.0428 9272 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll
16:22:15.0460 9272 Nla - ok
16:22:15.0491 9272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:22:15.0647 9272 Npfs - ok
16:22:15.0694 9272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:22:15.0835 9272 Ntfs - ok
16:22:15.0866 9272 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:22:16.0006 9272 NtLmSsp - ok
16:22:16.0053 9272 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:22:16.0178 9272 NtmsSvc - ok
16:22:16.0210 9272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:22:16.0335 9272 Null - ok
16:22:16.0569 9272 [ 23B95A09677E62EC8D1641ECF39B9BFB ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:22:16.0819 9272 nv - ok
16:22:16.0835 9272 [ D314FE034D68C09D412727886E24F5FB ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:22:16.0866 9272 NVENETFD - ok
16:22:16.0897 9272 [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:22:16.0913 9272 nvnetbus - ok
16:22:16.0960 9272 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
16:22:16.0991 9272 nvsmu - ok
16:22:17.0038 9272 [ C501206816F35D20422B4C3F88D62860 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:22:17.0053 9272 NVSvc - ok
16:22:17.0100 9272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:22:17.0256 9272 NwlnkFlt - ok
16:22:17.0256 9272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:22:17.0397 9272 NwlnkFwd - ok
16:22:17.0428 9272 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:22:17.0553 9272 Parport - ok
16:22:17.0569 9272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:22:17.0725 9272 PartMgr - ok
16:22:17.0741 9272 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:22:17.0881 9272 ParVdm - ok
16:22:17.0881 9272 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:22:18.0022 9272 PCI - ok
16:22:18.0022 9272 PCIDump - ok
16:22:18.0053 9272 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:22:18.0210 9272 PCIIde - ok
16:22:18.0225 9272 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:22:18.0350 9272 Pcmcia - ok
16:22:18.0397 9272 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
16:22:18.0397 9272 pcouffin ( UnsignedFile.Multi.Generic ) - warning
16:22:18.0397 9272 pcouffin - detected UnsignedFile.Multi.Generic (1)
16:22:18.0397 9272 PDCOMP - ok
16:22:18.0413 9272 PDFRAME - ok
16:22:18.0413 9272 PDRELI - ok
16:22:18.0428 9272 PDRFRAME - ok
16:22:18.0428 9272 perc2 - ok
16:22:18.0444 9272 perc2hib - ok
16:22:18.0475 9272 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe
16:22:18.0491 9272 PlugPlay - ok
16:22:18.0506 9272 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:22:18.0663 9272 PolicyAgent - ok
16:22:18.0678 9272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:22:18.0819 9272 PptpMiniport - ok
16:22:18.0850 9272 [ 04F3971B70A7855F04D351AA4BEE7799 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
16:22:18.0850 9272 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
16:22:18.0850 9272 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
16:22:18.0897 9272 [ 82A17ECA34D801590A67C0A2244965ED ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:22:19.0038 9272 Processor - ok
16:22:19.0069 9272 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:22:19.0210 9272 ProtectedStorage - ok
16:22:19.0241 9272 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:22:19.0397 9272 PSched - ok
16:22:19.0397 9272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:22:19.0553 9272 Ptilink - ok
16:22:19.0569 9272 ql1080 - ok
16:22:19.0569 9272 Ql10wnt - ok
16:22:19.0585 9272 ql12160 - ok
16:22:19.0585 9272 ql1240 - ok
16:22:19.0600 9272 ql1280 - ok
16:22:19.0616 9272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:22:19.0756 9272 RasAcd - ok
16:22:19.0772 9272 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:22:19.0897 9272 RasAuto - ok
16:22:19.0928 9272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:22:20.0053 9272 Rasl2tp - ok
16:22:20.0085 9272 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll
16:22:20.0225 9272 RasMan - ok
16:22:20.0256 9272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:22:20.0381 9272 RasPppoe - ok
16:22:20.0397 9272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:22:20.0553 9272 Raspti - ok
16:22:20.0585 9272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:22:20.0710 9272 Rdbss - ok
16:22:20.0741 9272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:22:20.0881 9272 RDPCDD - ok
16:22:20.0913 9272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:22:20.0960 9272 RDPWD - ok
16:22:20.0991 9272 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:22:21.0131 9272 RDSessMgr - ok
16:22:21.0178 9272 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:22:21.0319 9272 redbook - ok
16:22:21.0366 9272 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:22:21.0491 9272 RemoteAccess - ok
16:22:21.0538 9272 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
16:22:21.0678 9272 ROOTMODEM - ok
16:22:21.0710 9272 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe
16:22:21.0850 9272 RpcLocator - ok
16:22:21.0897 9272 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:22:21.0913 9272 RpcSs - ok
16:22:21.0944 9272 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:22:22.0069 9272 RSVP - ok
16:22:22.0085 9272 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe
16:22:22.0241 9272 SamSs - ok
16:22:22.0272 9272 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:22:22.0413 9272 SCardSvr - ok
16:22:22.0460 9272 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:22:22.0616 9272 Schedule - ok
16:22:22.0631 9272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:22:22.0678 9272 Secdrv - ok
16:22:22.0725 9272 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll
16:22:22.0850 9272 seclogon - ok
16:22:22.0850 9272 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll
16:22:22.0991 9272 SENS - ok
16:22:23.0038 9272 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:22:23.0178 9272 serenum - ok
16:22:23.0210 9272 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:22:23.0319 9272 Serial - ok
16:22:23.0366 9272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:22:23.0506 9272 Sfloppy - ok
16:22:23.0553 9272 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:22:23.0678 9272 SharedAccess - ok
16:22:23.0710 9272 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:22:23.0741 9272 ShellHWDetection - ok
16:22:23.0741 9272 Simbad - ok
16:22:23.0756 9272 Sparrow - ok
16:22:23.0772 9272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:22:23.0897 9272 splitter - ok
16:22:23.0944 9272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:22:23.0975 9272 Spooler - ok
16:22:24.0022 9272 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:22:24.0085 9272 sr - ok
16:22:24.0116 9272 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll
16:22:24.0194 9272 srservice - ok
16:22:24.0225 9272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:22:24.0256 9272 Srv - ok
16:22:24.0303 9272 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:22:24.0381 9272 SSDPSRV - ok
16:22:24.0428 9272 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:22:24.0444 9272 ssudmdm - ok
16:22:24.0491 9272 [ BF8AA066BB0398DDCBC9573153D39B8C ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:22:24.0600 9272 StillCam - ok
16:22:24.0710 9272 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:22:24.0960 9272 stisvc - ok
16:22:24.0975 9272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:22:25.0131 9272 swenum - ok
16:22:25.0163 9272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:22:25.0288 9272 swmidi - ok
16:22:25.0303 9272 SwPrv - ok
16:22:25.0303 9272 symc810 - ok
16:22:25.0319 9272 symc8xx - ok
16:22:25.0319 9272 sym_hi - ok
16:22:25.0335 9272 sym_u3 - ok
16:22:25.0366 9272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:22:25.0491 9272 sysaudio - ok
16:22:25.0522 9272 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:22:25.0647 9272 SysmonLog - ok
16:22:25.0694 9272 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:22:25.0803 9272 TapiSrv - ok
16:22:25.0850 9272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:22:25.0881 9272 Tcpip - ok
16:22:25.0913 9272 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
16:22:25.0960 9272 Tcpip6 - ok
16:22:25.0991 9272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:22:26.0147 9272 TDPIPE - ok
16:22:26.0163 9272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:22:26.0319 9272 TDTCP - ok
16:22:26.0350 9272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:22:26.0506 9272 TermDD - ok
16:22:26.0553 9272 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll
16:22:26.0694 9272 TermService - ok
16:22:26.0725 9272 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:22:26.0741 9272 Themes - ok
16:22:26.0835 9272 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
16:22:26.0850 9272 TomTomHOMEService - ok
16:22:26.0850 9272 TosIde - ok
16:22:26.0881 9272 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:22:27.0038 9272 TrkWks - ok
16:22:27.0085 9272 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:22:27.0225 9272 tunmp - ok
16:22:27.0241 9272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:22:27.0366 9272 Udfs - ok
16:22:27.0381 9272 ultra - ok
16:22:27.0428 9272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:22:27.0569 9272 Update - ok
16:22:27.0600 9272 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll
16:22:27.0663 9272 upnphost - ok
16:22:27.0694 9272 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe
16:22:27.0819 9272 UPS - ok
16:22:27.0866 9272 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:22:27.0881 9272 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
16:22:27.0881 9272 USBAAPL - detected UnsignedFile.Multi.Generic (1)
16:22:27.0913 9272 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:22:28.0038 9272 usbccgp - ok
16:22:28.0069 9272 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:22:28.0210 9272 usbehci - ok
16:22:28.0241 9272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:22:28.0366 9272 usbhub - ok
16:22:28.0381 9272 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:22:28.0522 9272 usbohci - ok
16:22:28.0569 9272 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:22:28.0694 9272 usbprint - ok
16:22:28.0725 9272 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:22:28.0835 9272 usbscan - ok
16:22:28.0866 9272 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbsermptxp C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
16:22:28.0881 9272 usbsermptxp ( UnsignedFile.Multi.Generic ) - warning
16:22:28.0881 9272 usbsermptxp - detected UnsignedFile.Multi.Generic (1)
16:22:28.0913 9272 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:22:29.0053 9272 USBSTOR - ok
16:22:29.0069 9272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:22:29.0256 9272 VgaSave - ok
16:22:29.0256 9272 ViaIde - ok
16:22:29.0303 9272 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:22:29.0428 9272 VolSnap - ok
16:22:29.0475 9272 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe
16:22:29.0538 9272 VSS - ok
16:22:29.0585 9272 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll
16:22:29.0741 9272 W32Time - ok
16:22:29.0772 9272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:22:29.0913 9272 Wanarp - ok
16:22:29.0928 9272 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:22:29.0960 9272 Wdf01000 - ok
16:22:29.0975 9272 WDICA - ok
16:22:30.0006 9272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:22:30.0131 9272 wdmaud - ok
16:22:30.0147 9272 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:22:30.0303 9272 WebClient - ok
16:22:30.0381 9272 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:22:30.0522 9272 winmgmt - ok
16:22:30.0569 9272 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:22:30.0585 9272 WinUSB - ok
16:22:30.0616 9272 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:22:30.0631 9272 WmdmPmSN - ok
16:22:30.0663 9272 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:22:30.0819 9272 WmiAcpi - ok
16:22:30.0850 9272 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:22:30.0975 9272 WmiApSrv - ok
16:22:31.0053 9272 [ 79A01ACD485687EE602411A06B63A9A5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:22:31.0100 9272 WMPNetworkSvc - ok
16:22:31.0131 9272 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:22:31.0163 9272 WpdUsb - ok
16:22:31.0194 9272 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:22:31.0319 9272 WS2IFSL - ok
16:22:31.0350 9272 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:22:31.0475 9272 wscsvc - ok
16:22:31.0475 9272 WSearch - ok
16:22:31.0506 9272 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:22:31.0631 9272 wuauserv - ok
16:22:31.0663 9272 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:22:31.0710 9272 WudfPf - ok
16:22:31.0725 9272 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:22:31.0741 9272 WudfRd - ok
16:22:31.0772 9272 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:22:31.0803 9272 WudfSvc - ok
16:22:31.0866 9272 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:22:32.0038 9272 WZCSVC - ok
16:22:32.0038 9272 xcpip - ok
16:22:32.0069 9272 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:22:32.0225 9272 xmlprov - ok
16:22:32.0225 9272 xpsec - ok
16:22:32.0241 9272 Yontoo Desktop Updater - ok
16:22:32.0256 9272 ================ Scan global ===============================
16:22:32.0288 9272 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll
16:22:32.0350 9272 [ 6D43938F4980D62E091AE2F755FC259B ] C:\WINDOWS\system32\winsrv.dll
16:22:32.0366 9272 [ 6D43938F4980D62E091AE2F755FC259B ] C:\WINDOWS\system32\winsrv.dll
16:22:32.0381 9272 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe
16:22:32.0381 9272 [Global] - ok
16:22:32.0381 9272 ================ Scan MBR ==================================
16:22:32.0397 9272 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0
16:22:32.0631 9272 \Device\Harddisk0\DR0 - ok
16:22:33.0131 9272 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR2
16:22:33.0335 9272 \Device\Harddisk1\DR2 - ok
16:22:33.0335 9272 ================ Scan VBR ==================================
16:22:33.0335 9272 [ 24B2422EA2E10754502C33450357D88F ] \Device\Harddisk0\DR0\Partition1
16:22:33.0350 9272 \Device\Harddisk0\DR0\Partition1 - ok
16:22:33.0350 9272 [ F73B2D984F1B7E40D9F88F5F2371AF89 ] \Device\Harddisk1\DR2\Partition1
16:22:33.0350 9272 \Device\Harddisk1\DR2\Partition1 - ok
16:22:33.0350 9272 ============================================================
16:22:33.0350 9272 Scan finished
16:22:33.0350 9272 ============================================================
16:22:33.0460 72052 Detected object count: 4
16:22:33.0460 72052 Actual detected object count: 4
16:23:05.0085 72052 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:05.0085 72052 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:05.0085 72052 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:05.0085 72052 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:05.0085 72052 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:05.0085 72052 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:05.0100 72052 usbsermptxp ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:05.0100 72052 usbsermptxp ( UnsignedFile.Multi.Generic ) - User select action: Skip
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » do 16 mei, 2013 08:16:35

Hoi,

Dit ziet er alvast goed uit, maar laten we even verder kijken met MBAR (Malwarebytes Anti-Rootkit).

Download Malwarebytes Anti-Rootkit naar het bureaublad.
Klik hier voor de complete handleiding.
  • Pak het ZIP bestand (mbar-1.01.0.1009.zip) uit en dubbelklik hierna op "mbar.exe" om de tool te starten.
  • Let op! Malwarebytes Anti-Rootkit dient onder een account met administrator rechten te worden uitgevoerd.
  • Klik in het introductiescherm op "next" om door te gaan.
  • Klik in het volgende scherm op Update om Malwarebytes Anti-Rootkit van de laatste definities te voorzien.
  • Klik als de update gereed is op "Next" en klik hierna op "Scan".
  • Als de scan gereed is en er geen malware is gedetecteerd klik dan op "Exit"
  • Indien er malware wordt gedetecteerd zorg dat de items zijn aangevinkt en klik op "Cleanup" en herstart de computer.
  • Open na de herstart de map van MBAR en plaats de twee onderstaande log bestanden als bijlage in het volgende bericht
  • "mbar-log-2012-11-11 (10-36-04).txt" & "system-log.txt"
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » do 16 mei, 2013 20:56:52

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 1878110208, free: 254140416

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 1878110208, free: 292016128

------------ Kernel report ------------
05/16/2013 16:15:45
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\Ip6Fw.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PQNTDrv.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff887ba840
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff88a76868
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89b13ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\
Lower Device Object: 0xffffffff89b14940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.16.06
Downloaded database version: v2013.05.14.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89b13ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89b23e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89b13ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89a939e8, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89b14940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe17ac960, 0xffffffff89b13ab8, 0xffffffff879e1040
Lower DeviceData: 0xffffffffe2e492d0, 0xffffffff89b14940, 0xffffffff877994b0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18CD18CC

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff887ba840, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a34bf8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff887ba840, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88a76868, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f65938, 0xffffffff887ba840, 0xffffffff875b61d8
Lower DeviceData: 0xffffffffe3cac390, 0xffffffff88a76868, 0xffffffff877431d0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8900690

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\A12B9DBD-D0CC-CE83-F641-F9B67245F264.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DTS\.MAS-SAS\mas-sas_license.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.a4fa6781" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\vsosdk\F4BB3B3153920A2B3F78D7F62DB66169FE1DC9330481DABBBDC8B70670135F71.vsoact" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\default.rss" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\pcouffin.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Apple Computer\Preferences\com.apple.WindowsContactsSync.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\DeepBurner Pro\config.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Nero\OnlineServices\1registrationinfo.xml" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Common Files\System\ado\MDACReadme.htm" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Kanalen bekijken.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\WindowsSearchEngine_Uninst.mof" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Irremote.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\avisplitter.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\VekaRom.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Windows.Forms.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1043\ConfigShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1043\WizardsShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » do 16 mei, 2013 20:57:51

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 1878110208, free: 254140416

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 1878110208, free: 292016128

------------ Kernel report ------------
05/16/2013 16:15:45
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\Ip6Fw.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PQNTDrv.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff887ba840
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff88a76868
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89b13ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\
Lower Device Object: 0xffffffff89b14940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.16.06
Downloaded database version: v2013.05.14.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89b13ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89b23e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89b13ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89a939e8, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89b14940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe17ac960, 0xffffffff89b13ab8, 0xffffffff879e1040
Lower DeviceData: 0xffffffffe2e492d0, 0xffffffff89b14940, 0xffffffff877994b0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18CD18CC

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff887ba840, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a34bf8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff887ba840, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88a76868, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f65938, 0xffffffff887ba840, 0xffffffff875b61d8
Lower DeviceData: 0xffffffffe3cac390, 0xffffffff88a76868, 0xffffffff877431d0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8900690

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\A12B9DBD-D0CC-CE83-F641-F9B67245F264.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DTS\.MAS-SAS\mas-sas_license.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.a4fa6781" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\vsosdk\F4BB3B3153920A2B3F78D7F62DB66169FE1DC9330481DABBBDC8B70670135F71.vsoact" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\default.rss" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\pcouffin.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Apple Computer\Preferences\com.apple.WindowsContactsSync.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\DeepBurner Pro\config.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Application Data\Nero\OnlineServices\1registrationinfo.xml" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Common Files\System\ado\MDACReadme.htm" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Kanalen bekijken.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\WindowsSearchEngine_Uninst.mof" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Irremote.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\avisplitter.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\VekaRom.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Windows.Forms.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.5000.0_nl_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_nl_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1043\ConfigShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1043\WizardsShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\michel\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 1878110208, free: 1519505408

Removal queue found; removal started
Removal finished
=======================================
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » do 16 mei, 2013 21:01:33

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
michel :: PRIV-EE17703785 [administrator]

16-5-2013 16:44:13
mbar-log-2013-05-16 (16-44-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27273
Time elapsed: 27 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » vr 17 mei, 2013 09:02:04

Hoi,

Laten we nog even verder kijken.

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.


Afbeelding

DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.

Dubbelklik op DDS om de tool te starten.

Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
  • DDS.txt
  • Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)

Post het DDS logje in het volgende bericht als bijlage.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » vr 17 mei, 2013 16:29:10

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3-8-2009 15:06:53
System Uptime: 16-5-2013 21:04:17 (19 hours ago)
.
Motherboard: | | K10N78FullHD-hSLI..
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | CPUSocket | 2400/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 57,976 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 163,748 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_XCPIP_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_XCPIP_XX
Service: xcpip
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_XPSEC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_XPSEC_XX
Service: xpsec
.
==== System Restore Points ===================
.
RP1160: 17-2-2013 2:12:17 - Software Distribution Service 3.0
RP1161: 17-2-2013 3:30:33 - Software Distribution Service 3.0
RP1162: 18-2-2013 3:30:41 - Software Distribution Service 3.0
RP1163: 19-2-2013 3:31:21 - Software Distribution Service 3.0
RP1164: 20-2-2013 3:30:45 - Software Distribution Service 3.0
RP1165: 20-2-2013 13:53:36 - Removed Java(TM) 6 Update 34
RP1166: 20-2-2013 13:54:18 - Installed Java 7 Update 15
RP1167: 21-2-2013 3:31:18 - Software Distribution Service 3.0
RP1168: 22-2-2013 3:31:37 - Software Distribution Service 3.0
RP1169: 22-2-2013 16:15:42 - Software Distribution Service 3.0
RP1170: 23-2-2013 16:24:36 - Controlepunt van systeem
RP1171: 23-2-2013 16:41:50 - Software Distribution Service 3.0
RP1172: 24-2-2013 2:20:52 - Software Distribution Service 3.0
RP1173: 24-2-2013 16:41:42 - Software Distribution Service 3.0
RP1174: 25-2-2013 16:36:13 - Removed WinZip 15.5
RP1175: 25-2-2013 16:37:28 - Removed WinZip Courier
RP1176: 25-2-2013 16:38:36 - Installed WinZip 15.5
RP1177: 25-2-2013 16:42:44 - Software Distribution Service 3.0
RP1178: 26-2-2013 16:42:29 - Software Distribution Service 3.0
RP1179: 27-2-2013 16:41:58 - Software Distribution Service 3.0
RP1180: 28-2-2013 16:42:00 - Software Distribution Service 3.0
RP1181: 1-3-2013 16:42:03 - Software Distribution Service 3.0
RP1182: 2-3-2013 17:41:44 - Controlepunt van systeem
RP1183: 2-3-2013 19:40:00 - Software Distribution Service 3.0
RP1184: 3-3-2013 2:22:53 - Software Distribution Service 3.0
RP1185: 3-3-2013 19:37:17 - Software Distribution Service 3.0
RP1186: 4-3-2013 19:36:07 - Software Distribution Service 3.0
RP1187: 5-3-2013 19:37:26 - Software Distribution Service 3.0
RP1188: 6-3-2013 19:38:22 - Software Distribution Service 3.0
RP1189: 7-3-2013 19:36:26 - Software Distribution Service 3.0
RP1190: 8-3-2013 19:36:47 - Software Distribution Service 3.0
RP1191: 9-3-2013 19:37:01 - Software Distribution Service 3.0
RP1192: 10-3-2013 2:23:19 - Software Distribution Service 3.0
RP1193: 10-3-2013 19:36:40 - Software Distribution Service 3.0
RP1194: 11-3-2013 19:36:04 - Software Distribution Service 3.0
RP1195: 12-3-2013 20:00:17 - Controlepunt van systeem
RP1196: 13-3-2013 3:00:15 - Software Distribution Service 3.0
RP1197: 13-3-2013 3:32:57 - Software Distribution Service 3.0
RP1198: 14-3-2013 3:32:31 - Software Distribution Service 3.0
RP1199: 15-3-2013 3:51:36 - Controlepunt van systeem
RP1200: 15-3-2013 6:46:56 - Software Distribution Service 3.0
RP1201: 15-3-2013 10:26:01 - Software Distribution Service 3.0
RP1202: 16-3-2013 10:22:58 - Software Distribution Service 3.0
RP1203: 17-3-2013 1:53:47 - Software Distribution Service 3.0
RP1204: 17-3-2013 10:23:15 - Software Distribution Service 3.0
RP1205: 18-3-2013 10:23:57 - Software Distribution Service 3.0
RP1206: 19-3-2013 10:24:00 - Software Distribution Service 3.0
RP1207: 20-3-2013 10:23:40 - Software Distribution Service 3.0
RP1208: 21-3-2013 10:23:27 - Software Distribution Service 3.0
RP1209: 22-3-2013 10:23:35 - Software Distribution Service 3.0
RP1210: 23-3-2013 10:23:10 - Software Distribution Service 3.0
RP1211: 24-3-2013 1:54:09 - Software Distribution Service 3.0
RP1212: 24-3-2013 10:22:43 - Software Distribution Service 3.0
RP1213: 25-3-2013 10:22:56 - Software Distribution Service 3.0
RP1214: 26-3-2013 10:22:10 - Software Distribution Service 3.0
RP1215: 27-3-2013 0:44:04 - Removed Java 7 Update 15
RP1216: 27-3-2013 0:44:42 - Installed Java 7 Update 17
RP1217: 28-3-2013 0:48:50 - Software Distribution Service 3.0
RP1218: 29-3-2013 0:48:17 - Software Distribution Service 3.0
RP1219: 30-3-2013 0:48:26 - Software Distribution Service 3.0
RP1220: 31-3-2013 0:48:29 - Software Distribution Service 3.0
RP1221: 1-4-2013 1:48:43 - Software Distribution Service 3.0
RP1222: 2-4-2013 1:47:44 - Software Distribution Service 3.0
RP1223: 3-4-2013 1:48:15 - Software Distribution Service 3.0
RP1224: 4-4-2013 1:49:46 - Software Distribution Service 3.0
RP1225: 5-4-2013 1:48:47 - Software Distribution Service 3.0
RP1226: 6-4-2013 1:48:46 - Software Distribution Service 3.0
RP1227: 7-4-2013 1:48:29 - Software Distribution Service 3.0
RP1228: 8-4-2013 1:48:20 - Software Distribution Service 3.0
RP1229: 9-4-2013 1:48:02 - Software Distribution Service 3.0
RP1230: 10-4-2013 1:48:50 - Software Distribution Service 3.0
RP1231: 10-4-2013 16:11:30 - Software Distribution Service 3.0
RP1232: 11-4-2013 17:24:23 - Software Distribution Service 3.0
RP1233: 12-4-2013 17:14:34 - Software Distribution Service 3.0
RP1234: 13-4-2013 17:14:48 - Software Distribution Service 3.0
RP1235: 14-4-2013 1:44:31 - Software Distribution Service 3.0
RP1236: 14-4-2013 17:18:20 - Software Distribution Service 3.0
RP1237: 15-4-2013 17:14:33 - Software Distribution Service 3.0
RP1238: 16-4-2013 17:14:57 - Software Distribution Service 3.0
RP1239: 17-4-2013 17:14:55 - Software Distribution Service 3.0
RP1240: 18-4-2013 17:15:54 - Software Distribution Service 3.0
RP1241: 19-4-2013 6:06:24 - Installed Java 7 Update 21
RP1242: 19-4-2013 17:16:10 - Software Distribution Service 3.0
RP1243: 20-4-2013 17:14:49 - Software Distribution Service 3.0
RP1244: 21-4-2013 1:44:28 - Software Distribution Service 3.0
RP1245: 21-4-2013 17:15:00 - Software Distribution Service 3.0
RP1246: 22-4-2013 17:14:36 - Software Distribution Service 3.0
RP1247: 23-4-2013 17:15:33 - Software Distribution Service 3.0
RP1248: 24-4-2013 17:15:28 - Software Distribution Service 3.0
RP1249: 25-4-2013 17:15:03 - Software Distribution Service 3.0
RP1250: 26-4-2013 17:14:50 - Software Distribution Service 3.0
RP1251: 27-4-2013 17:18:15 - Software Distribution Service 3.0
RP1252: 28-4-2013 1:44:41 - Software Distribution Service 3.0
RP1253: 28-4-2013 17:17:17 - Software Distribution Service 3.0
RP1254: 29-4-2013 17:14:46 - Software Distribution Service 3.0
RP1255: 30-4-2013 3:00:22 - Software Distribution Service 3.0
RP1256: 30-4-2013 17:15:49 - Software Distribution Service 3.0
RP1257: 1-5-2013 17:14:26 - Software Distribution Service 3.0
RP1258: 2-5-2013 17:15:35 - Software Distribution Service 3.0
RP1259: 3-5-2013 17:14:58 - Software Distribution Service 3.0
RP1260: 4-5-2013 17:16:03 - Software Distribution Service 3.0
RP1261: 5-5-2013 1:44:08 - Software Distribution Service 3.0
RP1262: 5-5-2013 17:16:09 - Software Distribution Service 3.0
RP1263: 6-5-2013 18:38:36 - Software Distribution Service 3.0
RP1264: 7-5-2013 19:50:08 - Software Distribution Service 3.0
RP1265: 8-5-2013 22:57:00 - Software Distribution Service 3.0
RP1266: 9-5-2013 22:43:18 - Software Distribution Service 3.0
RP1267: 10-5-2013 22:59:38 - Software Distribution Service 3.0
RP1268: 11-5-2013 22:50:24 - Software Distribution Service 3.0
RP1269: 12-5-2013 22:43:55 - Software Distribution Service 3.0
RP1270: 13-5-2013 23:22:21 - Controlepunt van systeem
RP1271: 14-5-2013 17:17:05 - Software Distribution Service 3.0
RP1272: 15-5-2013 6:28:45 - Installed Kaspersky Security Scan.
RP1273: 15-5-2013 16:00:56 - Software Distribution Service 3.0
RP1274: 15-5-2013 17:16:08 - Software Distribution Service 3.0
RP1275: 16-5-2013 19:32:29 - Software Distribution Service 3.0
RP1276: 16-5-2013 20:44:40 - Malwarebytes Anti-Rootkit Restore Point
RP1277: 16-5-2013 21:20:11 - Removed SweetIM Toolbar for Internet Explorer 4.2
RP1278: 16-5-2013 21:26:12 - Removed WinZip 15.5
RP1279: 16-5-2013 21:27:46 - Removed WinZip Courier
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7) - Nederlands
Ahead Nero Burning ROM
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVS Update Manager 1.0
Basissoftware voor HP Deskjet 3050A J611 series
BearShare
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Microsoft Windows (KB2564958)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2829530)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2847204)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2296199)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2436673)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476490)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2503665)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2507938)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB2535512)
Beveiligingsupdate voor Windows XP (KB2536276-v2)
Beveiligingsupdate voor Windows XP (KB2536276)
Beveiligingsupdate voor Windows XP (KB2544893-v2)
Beveiligingsupdate voor Windows XP (KB2544893)
Beveiligingsupdate voor Windows XP (KB2555917)
Beveiligingsupdate voor Windows XP (KB2562937)
Beveiligingsupdate voor Windows XP (KB2566454)
Beveiligingsupdate voor Windows XP (KB2567053)
Beveiligingsupdate voor Windows XP (KB2567680)
Beveiligingsupdate voor Windows XP (KB2570222)
Beveiligingsupdate voor Windows XP (KB2570947)
Beveiligingsupdate voor Windows XP (KB2584146)
Beveiligingsupdate voor Windows XP (KB2585542)
Beveiligingsupdate voor Windows XP (KB2592799)
Beveiligingsupdate voor Windows XP (KB2598479)
Beveiligingsupdate voor Windows XP (KB2603381)
Beveiligingsupdate voor Windows XP (KB2618451)
Beveiligingsupdate voor Windows XP (KB2619339)
Beveiligingsupdate voor Windows XP (KB2620712)
Beveiligingsupdate voor Windows XP (KB2621440)
Beveiligingsupdate voor Windows XP (KB2624667)
Beveiligingsupdate voor Windows XP (KB2631813)
Beveiligingsupdate voor Windows XP (KB2633171)
Beveiligingsupdate voor Windows XP (KB2639417)
Beveiligingsupdate voor Windows XP (KB2641653)
Beveiligingsupdate voor Windows XP (KB2646524)
Beveiligingsupdate voor Windows XP (KB2647518)
Beveiligingsupdate voor Windows XP (KB2653956)
Beveiligingsupdate voor Windows XP (KB2655992)
Beveiligingsupdate voor Windows XP (KB2659262)
Beveiligingsupdate voor Windows XP (KB2660465)
Beveiligingsupdate voor Windows XP (KB2661637)
Beveiligingsupdate voor Windows XP (KB2676562)
Beveiligingsupdate voor Windows XP (KB2685939)
Beveiligingsupdate voor Windows XP (KB2686509)
Beveiligingsupdate voor Windows XP (KB2691442)
Beveiligingsupdate voor Windows XP (KB2695962)
Beveiligingsupdate voor Windows XP (KB2698365)
Beveiligingsupdate voor Windows XP (KB2705219)
Beveiligingsupdate voor Windows XP (KB2707511)
Beveiligingsupdate voor Windows XP (KB2709162)
Beveiligingsupdate voor Windows XP (KB2712808)
Beveiligingsupdate voor Windows XP (KB2718523)
Beveiligingsupdate voor Windows XP (KB2719985)
Beveiligingsupdate voor Windows XP (KB2723135)
Beveiligingsupdate voor Windows XP (KB2724197)
Beveiligingsupdate voor Windows XP (KB2727528)
Beveiligingsupdate voor Windows XP (KB2731847)
Beveiligingsupdate voor Windows XP (KB2753842-v2)
Beveiligingsupdate voor Windows XP (KB2753842)
Beveiligingsupdate voor Windows XP (KB2757638)
Beveiligingsupdate voor Windows XP (KB2758857)
Beveiligingsupdate voor Windows XP (KB2761226)
Beveiligingsupdate voor Windows XP (KB2770660)
Beveiligingsupdate voor Windows XP (KB2778344)
Beveiligingsupdate voor Windows XP (KB2779030)
Beveiligingsupdate voor Windows XP (KB2780091)
Beveiligingsupdate voor Windows XP (KB2799494)
Beveiligingsupdate voor Windows XP (KB2802968)
Beveiligingsupdate voor Windows XP (KB2807986)
Beveiligingsupdate voor Windows XP (KB2808735)
Beveiligingsupdate voor Windows XP (KB2813170)
Beveiligingsupdate voor Windows XP (KB2813345)
Beveiligingsupdate voor Windows XP (KB2820197)
Beveiligingsupdate voor Windows XP (KB2820917)
Beveiligingsupdate voor Windows XP (KB2829361)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972260)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
Bonjour
CCleaner
ConvertXtoDVD 2.1.8.193
ConvertXtoDVD 4.0.9.322
DVD Shrink 3.1.4
Easy FLV Player 2.0
Essentiële update voor Windows Media Player 11 (KB959772)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB2570791)
Hotfix voor Windows XP (KB2633952)
Hotfix voor Windows XP (KB2756822)
Hotfix voor Windows XP (KB2779562)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
HP Deskjet 3050A J611 series Haelp
HP Photo Creations
HP Update
HPDiagnosticAlert
ImagXpress
iPhone-configuratieprogramma
iTunes
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 21
Java Auto Updater
K-Lite Codec Pack 7.5.0 (Full)
Kaspersky Security Scan
KB971513: Update voor Microsoft Windows
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nero 9 Essentials
Nero Recode CE
neroxml
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Drivers
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
Portforward Static IP Address 1.0.47
Productverbeteringonderzoek HP Deskjet 3050A J611 series
QuickTime
Realtek High Definition Audio Driver
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Search 4 - KB963093
SopCast 3.8.2
SweetIM for Messenger 3.6
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Torpig Removal Tool [1]
Trojan Remover 6.8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB972636)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2467659)
Update voor Windows XP (KB2541763)
Update voor Windows XP (KB2607712)
Update voor Windows XP (KB2616676)
Update voor Windows XP (KB2641690)
Update voor Windows XP (KB2661254-v2)
Update voor Windows XP (KB2718704)
Update voor Windows XP (KB2736233)
Update voor Windows XP (KB2749655)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VTS V4.8.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
.
==== End Of File ===========================
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » vr 17 mei, 2013 16:29:50

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by michel at 16:23:54 on 2013-05-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1791.242 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN27G1GG0W05WK:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michel\menust~1\progra~1\opstar~1\inktwa~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 3673150640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 3677137312
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{55EE9763-AA2C-4257-BA16-99B12F01E96C} : DHCPNameServer = 212.54.40.25 212.54.35.25
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-7 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-7 701512]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-7 22856]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;"c:\program files\yontoo\y2desktop.updater.exe" "c:\documents and settings\michel\application data\yontoo\yontoodesktop.exe" --> c:\program files\yontoo\Y2Desktop.Updater.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\michel\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\michel\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-3-22 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-8-8 20032]
S3 ftpjfu.sys;ftpjfu.sys;\??\c:\windows\system32\drivers\ftpjfu.sys --> c:\windows\system32\drivers\ftpjfu.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-3-22 181344]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== File Associations ===============
.
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2013-05-16 19:30:21 -------- d-----w- c:\program files\SopCast
2013-05-16 19:29:53 -------- d-----w- C:\SopCast
2013-05-16 19:05:06 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4f7f5a0-4eb4-47d0-a81a-b0fb05d10bc3}\offreg.dll
2013-05-16 17:32:47 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4f7f5a0-4eb4-47d0-a81a-b0fb05d10bc3}\mpengine.dll
2013-05-15 15:16:53 7016152 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-15 04:28:46 -------- d-----w- c:\program files\Kaspersky Lab
2013-05-15 04:28:46 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2013-05-14 04:25:38 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-05-14 04:25:38 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-05-14 04:25:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2013-05-14 04:25:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2013-05-14 04:25:37 -------- d-----w- c:\program files\Torpig Removal Tool [1]
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-07 20:13:36 -------- d-----w- c:\documents and settings\michel\application data\Malwarebytes
2013-05-07 20:12:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-07 20:12:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 20:12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-07 19:59:23 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-05-07 19:58:49 -------- d-----w- c:\program files\trend micro
2013-05-07 19:39:42 -------- d-----w- c:\documents and settings\michel\application data\Simply Super Software
2013-05-07 19:39:28 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-05-07 19:39:28 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-05-07 19:39:28 75264 ----a-w- c:\windows\system32\unacev2.dll
2013-05-07 19:39:28 605968 ----a-w- c:\windows\system32\ztv7z.dll
2013-05-07 19:39:28 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2013-05-07 19:39:28 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-05-07 19:39:28 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2013-05-07 19:39:02 -------- d-----w- c:\program files\Trojan Remover
2013-05-07 19:39:02 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2013-05-07 17:51:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-07 14:24:09 -------- d-sha-r- C:\cmdcons
2013-05-07 14:22:10 208896 ----a-w- c:\windows\MBR.exe
2013-05-07 14:22:09 98816 ----a-w- c:\windows\sed.exe
2013-05-07 14:22:09 256000 ----a-w- c:\windows\PEV.exe
2013-05-07 14:15:47 -------- d--h--r- c:\documents and settings\michel\Onlangs geopend
2013-04-29 18:37:32 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-04-29 18:25:05 -------- d-----w- c:\program files\Microsoft
2013-04-29 18:24:05 -------- d-----w- c:\program files\HP Photo Creations
2013-04-29 18:24:05 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2013-04-29 18:22:48 -------- d-----w- c:\documents and settings\michel\application data\HpUpdate
2013-04-29 18:21:14 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2013-04-29 18:17:36 429928 ----a-r- c:\windows\system32\hpinkstsa011.dll
2013-04-29 18:17:36 270696 ----a-r- c:\windows\system32\hpinkstsa011LM.dll
2013-04-29 18:17:36 216424 ----a-r- c:\windows\system32\hpinkcoia011.dll
2013-04-29 18:12:18 -------- d-----w- c:\program files\HP
2013-04-29 18:09:04 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-04-29 18:08:45 1929576 ----a-r- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-04-29 18:07:45 488296 ----a-r- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-04-29 18:04:28 -------- d-----w- c:\documents and settings\michel\local settings\application data\HP
2013-04-19 04:07:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-05-14 23:46:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 23:46:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-03-26 23:44:49 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-26 23:44:49 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36:08 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56:51 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56:50 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:58:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-05 08:44:43 3581768 ----a-w- c:\program files\PFCSetup.exe
2010-03-13 21:53:09 27926896 ----a-w- c:\program files\wmp11-windowsxp-x64-enu.exe
2010-02-23 18:01:57 13243128 ----a-w- c:\program files\BearShareV8.exe
.
============= FINISH: 16:27:18,89 ===============
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » vr 17 mei, 2013 16:33:33

Hoi,

Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    Code: Selecteer alles
    {87775fdb-6972-41f9-ae51-8326e38cb206};c
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
    "SweetIM"=-;r
    Yontoo Desktop Updater;s
    c:\program files\yontoo;fs
    ftpjfu.sys;s
    c:\windows\system32\drivers\ftpjfu.sys;f
    startupall;
    chromelook;
    firefoxlook;
    filesrcm;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » vr 17 mei, 2013 18:39:48

Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by michel on vr 17-05-2013 at 18:32:26,31.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"40820:TCP"="40820:TCP:*:Enabled:utorrend"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Yontoo Desktop Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ftpjfu.sys deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ftpjfu.sys deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-

==== Deleting Files \ Folders ======================

"c:\program files\yontoo" not found

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2013-05-15 14:05:33 810BC8B511EF6CD760983138C0896C27 1374 ----a-w- C:\WINDOWS\imsins.BAK
2013-05-14 04:25:38 A9D56A34095AB80E85AD630B8405182A 81920 ----a-w- C:\WINDOWS\eSellerateControl350.dll
2013-05-14 04:25:38 02127FDD91FDA05FA8B201A4171CC0E2 356352 ----a-w- C:\WINDOWS\eSellerateEngine.dll
2013-05-07 14:22:10 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2013-05-07 14:22:09 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-05-07 14:22:09 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-05-07 14:22:09 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-05-07 14:22:09 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
====== C:\DOCUME~1\michel\LOCALS~1\Temp ====
2013-05-16 19:10:31 81019731EC6A3B72840FFF974C55EFB3 12880 ----a-w- C:\DOCUME~1\michel\LOCALS~1\Temp\busunint.exe
2013-05-16 19:10:25 F3A10836603E03A28CAF404B29328F92 394320 ----a-w- C:\DOCUME~1\michel\LOCALS~1\Temp\uninst1.exe
====== C:\WINDOWS\system32 =====
2013-05-14 04:25:38 D5405DD640E870B1DD4F5B4BD08865BB 1122304 ----a-w- C:\WINDOWS\System32\libeay32.dll
2013-05-14 04:25:38 8EAE03A0F0BF13AF27702E29460D7B47 274432 ----a-w- C:\WINDOWS\System32\ssleay32.dll
2013-05-07 20:08:07 9B7CDC10B700E3D4964A14838A37228A 4052 ----a-w- C:\WINDOWS\System32\.crusader
2013-05-07 19:39:28 DE02C4D04088B69E64ECC30A3D9E22E5 77312 ----a-w- C:\WINDOWS\System32\ztvunace26.dll
2013-05-07 19:39:28 C1A3D96012A38C29FF2CE75C85D48E6E 169744 ----a-w- C:\WINDOWS\System32\ztvunrar36.dll
2013-05-07 19:39:28 A115C5CD43ED72D1D5A33C4BDF9FD2FA 77072 ----a-w- C:\WINDOWS\System32\ztvcabinet.dll
2013-05-07 19:39:28 8AD8B5FA4E10B442EE22E51ACA3F646E 185616 ----a-w- C:\WINDOWS\System32\ztvunrar39.dll
2013-05-07 19:39:28 7FE66F3BD9CBB998D56EF60D511FF06F 75264 ----a-w- C:\WINDOWS\System32\unacev2.dll
2013-05-07 19:39:28 5A495E481BF7F5FEAFC8238DFF493AF5 153088 ----a-w- C:\WINDOWS\System32\UNRAR3.dll
2013-05-07 19:39:28 3F2F2DC338D3A32AD401A894F8BF7A50 605968 ----a-w- C:\WINDOWS\System32\ztv7z.dll
====== C:\WINDOWS\system32\drivers =====
2013-05-07 20:12:47 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-04-29 18:37:32 BF8AA066BB0398DDCBC9573153D39B8C 6912 ----a-w- C:\WINDOWS\System32\drivers\serscan.sys
2013-04-29 18:09:04 A717C8721046828520C9EDF31288FC00 25856 ----a-w- C:\WINDOWS\System32\drivers\usbprint.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-05-16 19:30:21 -------- d-----w- C:\Program Files\SopCast
2013-05-15 04:28:46 -------- d-----w- C:\Program Files\Kaspersky Lab
2013-05-14 04:25:37 -------- d-----w- C:\Program Files\Torpig Removal Tool [1]
2013-05-07 19:58:49 -------- d-----w- C:\Program Files\trend micro
2013-05-07 19:39:02 -------- d-----w- C:\Program Files\Trojan Remover
2013-04-29 18:25:30 -------- d-----w- C:\Program Files\Hewlett-Packard
2013-04-29 18:25:05 -------- d-----w- C:\Program Files\Microsoft
2013-04-29 18:24:05 -------- d-----w- C:\Program Files\HP Photo Creations
2013-04-29 18:12:18 -------- d-----w- C:\Program Files\HP
======= C: =====
2013-05-16 19:24:16 F0A4EEA8A559B0AD9B05074FF54BA791 5299586 ----a-w- C:\SopCast.zip
2013-05-14 14:21:59 1631763A1ED6057D73BA92A8A19C81FE 1822 ----a-w- C:\TDSSQ.txt
2013-05-07 14:24:23 17D7055859D99A0D606CFAF17AE38638 211 ----a-w- C:\Boot.bak
2013-05-07 14:24:19 271E9B6A3AEC7BCA63D9231A4B3575C0 261936 --sha-r- C:\cmldr
====== C:\Documents and Settings\michel\Application Data ======
2013-05-16 19:30:21 -------- d-----w- C:\Documents and Settings\michel\Menu Start\Programma's\SopCast
2013-05-15 04:28:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2013-05-14 04:25:39 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Torpig Removal Tool [1]
2013-05-07 19:59:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-05-07 19:41:25 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2013-05-07 19:39:42 -------- d-----w- C:\Documents and Settings\michel\Application Data\Simply Super Software
2013-05-07 19:39:30 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Trojan Remover
2013-05-07 19:39:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2013-04-29 18:24:14 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\HP\HP Photo Creations
2013-04-29 18:24:05 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
2013-04-29 18:22:48 -------- d-----w- C:\Documents and Settings\michel\Application Data\HpUpdate
2013-04-29 18:21:12 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\HP\HP Deskjet 3050A J611 series
2013-04-29 18:21:12 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\HP
2013-04-29 18:10:57 45358E0D615A7D178EB555AF63D0E472 57 ----a-w- C:\Documents and Settings\All Users\Application Data\Ament.ini
2013-04-29 18:08:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP
2013-04-29 18:04:28 -------- d-----w- C:\Documents and Settings\michel\Local Settings\Application Data\HP
====== C:\Documents and Settings\michel ======
2013-05-07 14:15:47 -------- d--h--r- C:\Documents and Settings\michel\Onlangs geopend

====== C: exe-files ==
2013-05-16 19:30:25 4033B2C077274B7BAF91609687ABA5C8 202446 ----a-w- C:\Program Files\SopCast\uninst.exe
2013-05-16 19:10:31 81019731EC6A3B72840FFF974C55EFB3 12880 ----a-w- C:\Documents and Settings\michel\Local Settings\temp\busunint.exe
2013-05-16 19:10:25 F3A10836603E03A28CAF404B29328F92 394320 ----a-w- C:\Documents and Settings\michel\Local Settings\temp\uninst1.exe
2013-05-16 14:12:35 946C69F7A83B6C1D2953CA918E03BDB2 749640 ----a-w- C:\Documents and Settings\michel\Bureaublad\mbar\Plugins\fixdamage.exe
2013-05-16 14:12:30 37470AE3C0825C4FA13BF4AF9B855BA8 1398856 ----a-w- C:\Documents and Settings\michel\Bureaublad\mbar\mbar.exe
2013-05-14 14:21:31 E75D7FCDCA541885091FAFF6D82A99ED 155648 ----a-w- C:\Documents and Settings\michel\Bureaublad\TDSSQlook.exe
2013-05-14 05:05:53 D9C8DC2D7EC28E3FF25C99EF17C8631A 2787280 ----a-w- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
2013-05-14 05:05:51 D9C8DC2D7EC28E3FF25C99EF17C8631A 2787280 ----a-w- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
2013-05-14 04:25:37 E9C2859346CD7720C6E79D4A69931446 5679032 ----a-w- C:\Program Files\Torpig Removal Tool [1]\TorpigRemovalTool[1].exe
2013-05-14 04:25:37 976094EB4D12A663CA7D304F0D86D65E 717985 ----a-w- C:\Program Files\Torpig Removal Tool [1]\unins000.exe
2013-05-13 14:50:47 F24E9DE15016717CE7B3F927D56C07F0 4955384 ----a-w- C:\Documents and Settings\michel\Application Data\Simply Super Software\Trojan Remover\xtp9.exe
=== C: other files ==
2013-05-16 19:24:16 F0A4EEA8A559B0AD9B05074FF54BA791 5299586 ----a-w- C:\SopCast.zip
2013-05-16 14:08:50 3FA82E33F33DA81A070A6ED5C284D04B 12917756 ----a-w- C:\Documents and Settings\michel\Bureaublad\mbar-1.05.0.1001.zip
2013-05-14 14:20:16 0A44894C644B3F5FE4E52711242FBE44 74106 ----a-w- C:\Documents and Settings\michel\Bureaublad\TDSSQlook.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe"
"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
"HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN27G1GG0W05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1"
"KSS"="C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe /autorun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe /boot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe"
"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
"HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN27G1GG0W05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1"
"KSS"="C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe /autorun"

==== Startup Folders ======================

2009-08-03 19:34:44 1791 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
2013-04-29 18:39:13 1693 ----a-w- C:\Documents and Settings\michel\Menu Start\Programma's\Opstarten\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series (netwerk).lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15-05-2013 01:46]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\At1.job --a------ C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [08-06-2011 18:06]
C:\WINDOWS\tasks\At2.job --a------ C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [08-06-2011 18:06]
C:\WINDOWS\tasks\At3.job --a------ C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [08-06-2011 18:06]
C:\WINDOWS\tasks\At4.job --a------ C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [08-06-2011 18:06]
C:\WINDOWS\tasks\HP Photo Creations Messager.job --a------ C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [15-02-2011 12:11]
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [27-01-2013 12:11]
C:\WINDOWS\tasks\WinMaximizer-michel-Startup.job --a------ C:\Program Files\WinMaximizer\WinMaximizer\WinMaximizer.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
- Bcool - %ProfilePath%\extensions\5018bbc3a39a0@5018bbc3a39d9.info
- Conduit Engine - %ProfilePath%\extensions\engine@conduit.com
- Babylon - %ProfilePath%\extensions\ffxtlbr@babylon.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- uTorrentBar_NL - %ProfilePath%\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[26-08-2012 18:16]
dlllpjkblkegaklpondemeanabheejog - C:\Documents and Settings\All Users\Application Data\Bcool\dlllpjkblkegaklpondemeanabheejog.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[26-08-2012 18:16]

YouTube - michel - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - michel - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Safe Search - michel - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Gmail - michel - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== EOF on vr 17-05-2013 at 18:37:37,76 ======================
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » vr 17 mei, 2013 19:00:32

Hoi,

Start Zoek.exe nogmaals met het volgende script.
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    Code: Selecteer alles
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List];r
    "3389:TCP"=-;r
    "65533:TCP"=-;r
    "52344:TCP"=-;r
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List];r
    "3389:TCP"=-;r
    "65533:TCP"=-;r
    "52344:TCP"=-;r
    "40820:TCP"=-;r
    C:\WINDOWS\tasks\WinMaximizer-michel-Startup.job;fs
    C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\5018bbc3a39a0@5018bbc3a39d9.info;fs
    C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\engine@conduit.com;fs
    ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\ffxtlbr@babylon.com;fs
    ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206};fs
    ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\torntv2@torntv.com.xpi;fs
    dlllpjkblkegaklpondemeanabheejog;chr
    nbmafkdmkkckhggblphicnnhlgljnoje;chr
    autoclean;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: Brief van Ziggo - Torpig

Berichtdoor makkink » vr 17 mei, 2013 20:05:43

Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by michel on vr 17-05-2013 at 19:53:20,84.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================
A
C:\zoek-results17-05-2013-1837.log 19111 bytes

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"40820:TCP"="40820:TCP:*:Enabled:utorrend"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{91A013F8-7E91-4575-8737-46161BBCF282} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D4A0D2F4-138B-474D-9782-5E1BA54397C6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default

---- Lines BabylonToolbar removed from prefs.js ----


---- Lines BabylonToolbar modified from prefs.js ----


---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "cc822aff00000000000000196670b375");
user_pref("extensions.BabylonToolbar_i.hardId", "cc822aff00000000000000196670b375");
user_pref("extensions.BabylonToolbar_i.instlDay", "15373");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:01:57");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----


---- Lines SweetIM removed from prefs.js ----

user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com");

---- Lines SweetIM modified from prefs.js ----


---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ----


---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

user_17-05-2013_1956_.backup
prefs_17-05-2013_1956_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"40820:TCP"=-

==== Deleting Files \ Folders ======================

"C:\user.js" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\searchplugins\sweetim.xml" deleted
"C:\WINDOWS\tasks\WinMaximizer-michel-Startup.job" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET4.tmp" deleted
"C:\WINDOWS\SET8.tmp" deleted
"C:\user.js" deleted
"C:\WINDOWS\system32\roboot.exe" deleted
"C:\WINDOWS\System32\CONFIG.TMP" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\bProtector_extensions.rdf" deleted
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgcommon.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgcommunication.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgconfig.dll" deleted
"C:\Program Files\SweetIM\Messenger\mghooking.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgsimcommon.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll" deleted
"C:\Program Files\SweetIM\Messenger\msvcp71.dll" deleted
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" not deleted
"C:\Program Files\SweetIM\Messenger\SweetIM.exe" deleted
"C:\Documents and Settings\michel\Application Data\Temp" deleted
"C:\Program Files\TornTV.com" deleted
"C:\Program Files\1ClickDownload" deleted
"C:\Program Files\Ask.com" deleted
"C:\Program Files\SweetIM" not deleted
"C:\Program Files\Conduit" deleted
"C:\Documents and Settings\michel\Application Data\Babylon" deleted
"C:\Documents and Settings\michel\Application Data\Systweak" deleted
"C:\Documents and Settings\All Users\Application Data\InstallMate" deleted
"C:\Documents and Settings\All Users\Application Data\Premium" deleted
"C:\Documents and Settings\All Users\Application Data\Tarma Installer" deleted
"C:\Documents and Settings\All Users\Application Data\SweetIM" deleted
"C:\Documents and Settings\michel\Menu Start\Programma's\TornTV.com" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\AskToolbar" deleted
"C:\Documents and Settings\All Users\Application Data\Babylon" deleted
"C:\Documents and Settings\All Users\Application Data\OptimizerPro" deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\CRE" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\uTorrentBar_NL" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\Conduit" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\CRE" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\engine@conduit.com" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted
"C:\Program Files\SweetIM\Messenger" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
- Bcool - %ProfilePath%\extensions\5018bbc3a39a0@5018bbc3a39d9.info
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector


==== Deleting Files \ Folders ======================

"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\5018bbc3a39a0@5018bbc3a39d9.info" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]
dlllpjkblkegaklpondemeanabheejog - C:\Documents and Settings\All Users\Application Data\Bcool\dlllpjkblkegaklpondemeanabheejog.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

YouTube - michel - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - michel - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Safe Search - michel - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Gmail - michel - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{91A013F8-7E91-4575-8737-46161BBCF282}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={FA3FC9A4-7D03-4E06-BF67-404961E29667}&mid=fe21f524130a47d6b4c0d15020945a86-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=AVG&pr=pr&d=2012-06-06"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlllpjkblkegaklpondemeanabheejog deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\michel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\michel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\SweetIM\Messenger\msvcr71.dll" not found
"C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\michel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\SweetIM" not found

==== EOF on vr 17-05-2013 at 20:01:25,71 ======================
makkink
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 18
Geregistreerd: di 14 mei, 2013 16:24:45

Re: Brief van Ziggo - Torpig

Berichtdoor Maxstar » za 18 mei, 2013 08:30:25

Hoi,

Start Zoek.exe nogmaals met het volgende script.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    Code: Selecteer alles
    C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206};fs
    C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\torntv2@torntv.com.xpi;f
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33913
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Volgende

Keer terug naar Opgeloste problemen / logs

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 2 gasten