Goedendag aan u allen,
Mijn Ing account is kennelijk gehackt, ik krijg ongevraagd sms of ik maar even een Tan-code in wil vullen voor een bedrag wat ik zelf niet overboek.
In 1e instantie heeft Mbam wel wat gevonden en verwijderd maar 't probleem is niet over.
Onderstaand de diverse logfiles, alvast bedankt voor de genomen moeite.
Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: 7484
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17-8-2011 10:39:21
mbam-log-2011-08-17 (10-39-21).txt
Scantype: Snelle scan
Objecten gescand: 170735
Verstreken tijd: 6 minuut/minuten, 30 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:15, on 17-8-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\RaboCommSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q=" onclick="window.open(this.href);return false;{searchTerms}&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&affID=17159
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PlusService] "C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB" onclick="window.open(this.href);return false;
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab" onclick="window.open(this.href);return false;
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab" onclick="window.open(this.href);return false;
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab" onclick="window.open(this.href);return false;
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7518264125" onclick="window.open(this.href);return false;
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3563729625" onclick="window.open(this.href);return false;
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8274 bytes
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by ***** at 10:42:54 on 2011-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.261 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\RaboCommSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uSearch Page = hxxp://www.google.com" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearch Bar = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q=" onclick="window.open(this.href);return false;{searchTerms}&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&affID=17159
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\roxio\cineplayer\DMXLauncher.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PlusService] "c:\program files\yuna software\messenger plus!\PlusService.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\belkin~1.lnk - c:\program files\belkin\f5d7050v5\Belkinwcui.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab" onclick="window.open(this.href);return false;
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB" onclick="window.open(this.href);return false;
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab" onclick="window.open(this.href);return false;
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab" onclick="window.open(this.href);return false;
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab" onclick="window.open(this.href);return false;
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab" onclick="window.open(this.href);return false;
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab" onclick="window.open(this.href);return false;
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177518264125" onclick="window.open(this.href);return false;
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 3563729625" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{8881FACD-8659-4E32-9DAC-4AFE98D67EB3} : DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\*****\application data\mozilla\firefox\profiles\n1hlp3z9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" onclick="window.open(this.href);return false;
FF - component: c:\documents and settings\*****\application data\mozilla\firefox\profiles\n1hlp3z9.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2007-4-25 64976]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKslf5a117a3;MpKslf5a117a3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1d99931-d914-4ae6-99e1-809e80161968}\MpKslf5a117a3.sys [2011-8-17 28752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-12-6 38144]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [2007-8-13 393216]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-12-6 238848]
R3 GISscd;GISscd;c:\windows\system32\drivers\GISscd.sys [2007-4-25 19037]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 botkelkk;botkelkk;c:\windows\system32\drivers\botkelkk.sys [2011-7-13 41680]
S1 cvrhokii;cvrhokii;\??\c:\windows\system32\drivers\cvrhokii.sys --> c:\windows\system32\drivers\cvrhokii.sys [?]
S1 dpmwzuzx;dpmwzuzx;\??\c:\windows\system32\drivers\dpmwzuzx.sys --> c:\windows\system32\drivers\dpmwzuzx.sys [?]
S1 fzzaqhfq;fzzaqhfq;\??\c:\windows\system32\drivers\fzzaqhfq.sys --> c:\windows\system32\drivers\fzzaqhfq.sys [?]
S1 hvrpewxe;hvrpewxe;\??\c:\windows\system32\drivers\hvrpewxe.sys --> c:\windows\system32\drivers\hvrpewxe.sys [?]
S1 hwyavmbn;hwyavmbn;\??\c:\windows\system32\drivers\hwyavmbn.sys --> c:\windows\system32\drivers\hwyavmbn.sys [?]
S1 mekzeovf;mekzeovf;\??\c:\windows\system32\drivers\mekzeovf.sys --> c:\windows\system32\drivers\mekzeovf.sys [?]
S1 psptzjjj;psptzjjj;\??\c:\windows\system32\drivers\psptzjjj.sys --> c:\windows\system32\drivers\psptzjjj.sys [?]
S1 qssblwyv;qssblwyv;\??\c:\windows\system32\drivers\qssblwyv.sys --> c:\windows\system32\drivers\qssblwyv.sys [?]
S1 syxrymdr;syxrymdr;\??\c:\windows\system32\drivers\syxrymdr.sys --> c:\windows\system32\drivers\syxrymdr.sys [?]
S1 vcipkien;vcipkien;\??\c:\windows\system32\drivers\vcipkien.sys --> c:\windows\system32\drivers\vcipkien.sys [?]
S1 vqbscvch;vqbscvch;\??\c:\windows\system32\drivers\vqbscvch.sys --> c:\windows\system32\drivers\vqbscvch.sys [?]
S1 vvgbkjux;vvgbkjux;\??\c:\windows\system32\drivers\vvgbkjux.sys --> c:\windows\system32\drivers\vvgbkjux.sys [?]
S1 ymeiitoe;ymeiitoe;\??\c:\windows\system32\drivers\ymeiitoe.sys --> c:\windows\system32\drivers\ymeiitoe.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2007-2-28 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
UnknownUnknown jfmeellj;jfmeellj; [x]
.
=============== Created Last 30 ================
.
2011-08-17 08:38:59 388096 ----a-r- c:\documents and settings\*****\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-17 07:15:54 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1d99931-d914-4ae6-99e1-809e80161968}\MpKslf5a117a3.sys
2011-08-17 07:15:37 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1d99931-d914-4ae6-99e1-809e80161968}\mpengine.dll
2011-08-11 00:01:43 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-08-10 00:28:42 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 00:28:16 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 21:06:47 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
.
==================== Find3M ====================
.
2011-08-11 14:18:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 23:34:42 41680 ----a-w- c:\windows\system32\drivers\lnyqnkcb.sys
2011-07-12 23:34:21 41680 ----a-w- c:\windows\system32\drivers\jnbchmtp.sys
2011-07-12 23:32:23 41680 ----a-w- c:\windows\system32\drivers\phsbielz.sys
2011-07-12 23:31:51 41680 ----a-w- c:\windows\system32\drivers\jfmeellj.sys
2011-07-12 23:31:13 41680 ----a-w- c:\windows\system32\drivers\pkmldjsy.sys
2011-07-12 22:49:16 41680 ----a-w- c:\windows\system32\drivers\ryoczdmr.sys
2011-07-12 22:45:57 41680 ----a-w- c:\windows\system32\drivers\botkelkk.sys
2011-07-12 22:45:35 41680 ----a-w- c:\windows\system32\drivers\kgybddzq.sys
2011-07-12 22:45:12 41680 ----a-w- c:\windows\system32\drivers\ldbmvfig.sys
2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:39 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:43:46,14 ===============
2
Administrator
Administrator
Hoi en welkom op het forum,
1. Download TDSSKiller en plaats het op je bureaublad.
2. Ga naar ING.nl/cleaner en druk op Virus verwijdertool.
Sla het bestand genaamd "FCleaner_tcmx-xxxxx" op je bureaublad op.
Voer het bestand uit (openen). Indien er iets gevonden wordt krijg je de mogelijkheid om op "Clean" te drukken. Doe dit ook.
Je zult een aftelscherm in beeld krijgen. Dit zorgt ervoor dat je systeem opnieuw opgestart wordt.
Na herstart zal een een logbestand op je bureaublad verschijnen genaamd FCleaner_<datum>_<tijd>.log.
Ga naar Daniel's Logupload (klik op de link).
Druk op "Bladeren..." en ga naar je bureaublad toe. Selecteer nu het bestand FCleaner_<datum>_<tijd>.log.
Druk nu op Toevoegen. Je zult een link terug krijgen, plaats deze in je volgende reactie samen met het logje van TDSSkiller.
1. Download TDSSKiller en plaats het op je bureaublad.
- Pak de bestanden in tdsskiller.zip uit.
- Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
- Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
- Klik op de knop "Start Scan" en volg de instructies.
- Wanneer de scan klaar is klik je op de knop "Report".
- Er opent een kladblokbestand. Post de inhoud van dit bestand.
2. Ga naar ING.nl/cleaner en druk op Virus verwijdertool.
Sla het bestand genaamd "FCleaner_tcmx-xxxxx" op je bureaublad op.
Voer het bestand uit (openen). Indien er iets gevonden wordt krijg je de mogelijkheid om op "Clean" te drukken. Doe dit ook.
Je zult een aftelscherm in beeld krijgen. Dit zorgt ervoor dat je systeem opnieuw opgestart wordt.
Na herstart zal een een logbestand op je bureaublad verschijnen genaamd FCleaner_<datum>_<tijd>.log.
Ga naar Daniel's Logupload (klik op de link).
Druk op "Bladeren..." en ga naar je bureaublad toe. Selecteer nu het bestand FCleaner_<datum>_<tijd>.log.
Druk nu op Toevoegen. Je zult een link terug krijgen, plaats deze in je volgende reactie samen met het logje van TDSSkiller.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
3
PC Web Plus - Member
PC Web Plus - Member
Beide gedaan, logs volgen hieronder, bij de ing verwijdertool kwam overigens na de "clean" instructie de melding dat 't niet gecleand kon worden en dat ik de hulp van experts in moest roepen .... bij deze ;-)
2011/08/17 11:54:54.0203 0540 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 11:54:54.0343 0540 ================================================================================
2011/08/17 11:54:54.0343 0540 SystemInfo:
2011/08/17 11:54:54.0343 0540
2011/08/17 11:54:54.0343 0540 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/17 11:54:54.0343 0540 Product type: Workstation
2011/08/17 11:54:54.0343 0540 ComputerName: *****
2011/08/17 11:54:54.0343 0540 UserName: *****
2011/08/17 11:54:54.0343 0540 Windows directory: C:\WINDOWS
2011/08/17 11:54:54.0343 0540 System windows directory: C:\WINDOWS
2011/08/17 11:54:54.0343 0540 Processor architecture: Intel x86
2011/08/17 11:54:54.0343 0540 Number of processors: 2
2011/08/17 11:54:54.0343 0540 Page size: 0x1000
2011/08/17 11:54:54.0343 0540 Boot type: Normal boot
2011/08/17 11:54:54.0343 0540 ================================================================================
2011/08/17 11:54:55.0500 0540 Initialize success
2011/08/17 11:55:31.0890 1588 ================================================================================
2011/08/17 11:55:31.0890 1588 Scan started
2011/08/17 11:55:31.0890 1588 Mode: Manual;
2011/08/17 11:55:31.0890 1588 ================================================================================
2011/08/17 11:55:32.0093 1588 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/17 11:55:32.0140 1588 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/17 11:55:32.0187 1588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/17 11:55:32.0234 1588 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/17 11:55:32.0296 1588 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/17 11:55:32.0437 1588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/17 11:55:32.0468 1588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/17 11:55:32.0515 1588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/17 11:55:32.0562 1588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/17 11:55:32.0609 1588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/17 11:55:32.0656 1588 BELKIN (218cf47c3c6fd72be1eae51b426ca99d) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/08/17 11:55:32.0703 1588 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/08/17 11:55:32.0765 1588 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/08/17 11:55:32.0828 1588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/17 11:55:32.0859 1588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/17 11:55:32.0921 1588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/17 11:55:32.0937 1588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/17 11:55:32.0968 1588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/17 11:55:33.0078 1588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/17 11:55:33.0125 1588 DLABMFSM (1a8e6b02dc4880c5edd89f7ac2adeee7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/08/17 11:55:33.0187 1588 DLABOIOM (f705a775810a615a00dab25074f8327f) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/17 11:55:33.0203 1588 DLACDBHM (7279c69056199904ad621104d976a4c1) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/17 11:55:33.0234 1588 DLADResM (a07e008be76021cecbe3993e0c00f1de) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/08/17 11:55:33.0281 1588 DLAIFS_M (f7a726fb7097d2ac0d5ba8dbbfbc285f) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/17 11:55:33.0343 1588 DLAOPIOM (528dabad21a113e70f726ddecedfa36d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/17 11:55:33.0375 1588 DLAPoolM (aadfacb452fe661b446c56b75781152c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/17 11:55:33.0390 1588 DLARTL_M (ff4dea7abd1e5b0040c7698998cf12cd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/08/17 11:55:33.0437 1588 DLAUDFAM (20b7c6f675c01899a2464690157c6dcd) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/17 11:55:33.0500 1588 DLAUDF_M (739dcd23ebaf70f44a110b996d155f6e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/17 11:55:33.0562 1588 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/17 11:55:33.0625 1588 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/17 11:55:33.0656 1588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/17 11:55:33.0671 1588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/17 11:55:33.0750 1588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/17 11:55:33.0750 1588 DRVMCDB (52b5b3b144e650d1ca4364dbede2f507) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/17 11:55:33.0812 1588 DRVNDDM (ba16a6b9f9624d1b9f7332743a4a6b34) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/17 11:55:34.0203 1588 EAPPkt (d82414ec520453efe2eba936f6a9115a) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/08/17 11:55:34.0281 1588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/17 11:55:34.0328 1588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/17 11:55:34.0343 1588 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/17 11:55:34.0375 1588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/17 11:55:34.0406 1588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/17 11:55:34.0421 1588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/17 11:55:34.0437 1588 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/17 11:55:34.0484 1588 GISscd (0946c53ef928ded24055fd98f71d3e0d) C:\WINDOWS\system32\Drivers\GISscd.sys
2011/08/17 11:55:34.0500 1588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/17 11:55:34.0531 1588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/17 11:55:34.0562 1588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/17 11:55:34.0625 1588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/17 11:55:34.0687 1588 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/17 11:55:34.0765 1588 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/17 11:55:34.0796 1588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/17 11:55:34.0953 1588 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/17 11:55:35.0093 1588 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/17 11:55:35.0125 1588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/17 11:55:35.0171 1588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/17 11:55:35.0203 1588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/17 11:55:35.0234 1588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/17 11:55:35.0250 1588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/17 11:55:35.0265 1588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/17 11:55:35.0296 1588 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/17 11:55:35.0312 1588 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/17 11:55:35.0343 1588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/17 11:55:35.0375 1588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/17 11:55:35.0437 1588 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/08/17 11:55:35.0500 1588 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/17 11:55:35.0531 1588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/17 11:55:35.0562 1588 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/17 11:55:35.0578 1588 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/17 11:55:35.0593 1588 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/17 11:55:35.0609 1588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/17 11:55:35.0656 1588 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/17 11:55:35.0765 1588 MpKsl40789ecc (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys
2011/08/17 11:55:35.0812 1588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/17 11:55:35.0859 1588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/17 11:55:35.0906 1588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/17 11:55:35.0937 1588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/17 11:55:35.0968 1588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/17 11:55:35.0984 1588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/17 11:55:36.0031 1588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/17 11:55:36.0046 1588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/17 11:55:36.0093 1588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/17 11:55:36.0109 1588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/17 11:55:36.0140 1588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/17 11:55:36.0156 1588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/17 11:55:36.0203 1588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/17 11:55:36.0218 1588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/17 11:55:36.0250 1588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/17 11:55:36.0281 1588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/17 11:55:36.0296 1588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/17 11:55:36.0312 1588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/17 11:55:36.0359 1588 nlem32nt (6bcab32b2c25b69ebbc97d7033637695) C:\WINDOWS\system32\drivers\nlem32nt.sys
2011/08/17 11:55:36.0421 1588 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/17 11:55:36.0453 1588 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/08/17 11:55:36.0484 1588 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/08/17 11:55:36.0515 1588 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/08/17 11:55:36.0531 1588 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/08/17 11:55:36.0578 1588 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/08/17 11:55:36.0593 1588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/17 11:55:36.0625 1588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/17 11:55:36.0671 1588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/17 11:55:36.0703 1588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/17 11:55:36.0734 1588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/17 11:55:36.0750 1588 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/17 11:55:36.0781 1588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/17 11:55:36.0812 1588 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/17 11:55:36.0828 1588 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/17 11:55:36.0890 1588 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/17 11:55:36.0921 1588 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/17 11:55:37.0031 1588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/17 11:55:37.0062 1588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/17 11:55:37.0093 1588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/17 11:55:37.0125 1588 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/17 11:55:37.0218 1588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/17 11:55:37.0250 1588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/17 11:55:37.0265 1588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/17 11:55:37.0281 1588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/17 11:55:37.0296 1588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/17 11:55:37.0343 1588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/17 11:55:37.0375 1588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/17 11:55:37.0421 1588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/17 11:55:37.0437 1588 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/17 11:55:37.0515 1588 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/08/17 11:55:37.0546 1588 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/17 11:55:37.0578 1588 RTLE8023xp (10854898b350483d6638c6ae17086d1b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/17 11:55:37.0671 1588 RxFilter (8e676929e3e14a9f18c3ec826e5e179b) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/08/17 11:55:37.0718 1588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/17 11:55:37.0734 1588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/17 11:55:37.0765 1588 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/17 11:55:37.0796 1588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/17 11:55:37.0843 1588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/17 11:55:37.0890 1588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/17 11:55:37.0906 1588 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/17 11:55:37.0953 1588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/17 11:55:37.0984 1588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/17 11:55:38.0000 1588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/17 11:55:38.0031 1588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/17 11:55:38.0109 1588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/17 11:55:38.0187 1588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/17 11:55:38.0203 1588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/17 11:55:38.0234 1588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/17 11:55:38.0265 1588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/17 11:55:38.0312 1588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/17 11:55:38.0375 1588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/17 11:55:38.0406 1588 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/17 11:55:38.0437 1588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/17 11:55:38.0468 1588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/17 11:55:38.0484 1588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/17 11:55:38.0500 1588 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/17 11:55:38.0515 1588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/17 11:55:38.0546 1588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/17 11:55:38.0578 1588 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/17 11:55:38.0656 1588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/17 11:55:38.0687 1588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/17 11:55:38.0750 1588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/17 11:55:38.0828 1588 MBR (0x1B8) (a44e93fa80841efb3b65ab921497d567) \Device\Harddisk0\DR0
2011/08/17 11:55:38.0859 1588 Boot (0x1200) (72a14712a3305d9dde61182ca610be04) \Device\Harddisk0\DR0\Partition0
2011/08/17 11:55:38.0875 1588 Boot (0x1200) (454682b813928c2b584185bfab26b6bb) \Device\Harddisk0\DR0\Partition1
2011/08/17 11:55:38.0875 1588 ================================================================================
2011/08/17 11:55:38.0875 1588 Scan finished
2011/08/17 11:55:38.0875 1588 ================================================================================
2011/08/17 11:55:38.0890 2448 Detected object count: 0
2011/08/17 11:55:38.0890 2448 Actual detected object count: 0
en de link http://www.daniel.vanmelzen.eu/uploads/ ... R5TvtX.log" onclick="window.open(this.href);return false;
2011/08/17 11:54:54.0203 0540 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 11:54:54.0343 0540 ================================================================================
2011/08/17 11:54:54.0343 0540 SystemInfo:
2011/08/17 11:54:54.0343 0540
2011/08/17 11:54:54.0343 0540 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/17 11:54:54.0343 0540 Product type: Workstation
2011/08/17 11:54:54.0343 0540 ComputerName: *****
2011/08/17 11:54:54.0343 0540 UserName: *****
2011/08/17 11:54:54.0343 0540 Windows directory: C:\WINDOWS
2011/08/17 11:54:54.0343 0540 System windows directory: C:\WINDOWS
2011/08/17 11:54:54.0343 0540 Processor architecture: Intel x86
2011/08/17 11:54:54.0343 0540 Number of processors: 2
2011/08/17 11:54:54.0343 0540 Page size: 0x1000
2011/08/17 11:54:54.0343 0540 Boot type: Normal boot
2011/08/17 11:54:54.0343 0540 ================================================================================
2011/08/17 11:54:55.0500 0540 Initialize success
2011/08/17 11:55:31.0890 1588 ================================================================================
2011/08/17 11:55:31.0890 1588 Scan started
2011/08/17 11:55:31.0890 1588 Mode: Manual;
2011/08/17 11:55:31.0890 1588 ================================================================================
2011/08/17 11:55:32.0093 1588 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/17 11:55:32.0140 1588 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/17 11:55:32.0187 1588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/17 11:55:32.0234 1588 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/17 11:55:32.0296 1588 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/17 11:55:32.0437 1588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/17 11:55:32.0468 1588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/17 11:55:32.0515 1588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/17 11:55:32.0562 1588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/17 11:55:32.0609 1588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/17 11:55:32.0656 1588 BELKIN (218cf47c3c6fd72be1eae51b426ca99d) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/08/17 11:55:32.0703 1588 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/08/17 11:55:32.0765 1588 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/08/17 11:55:32.0828 1588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/17 11:55:32.0859 1588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/17 11:55:32.0921 1588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/17 11:55:32.0937 1588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/17 11:55:32.0968 1588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/17 11:55:33.0078 1588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/17 11:55:33.0125 1588 DLABMFSM (1a8e6b02dc4880c5edd89f7ac2adeee7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/08/17 11:55:33.0187 1588 DLABOIOM (f705a775810a615a00dab25074f8327f) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/17 11:55:33.0203 1588 DLACDBHM (7279c69056199904ad621104d976a4c1) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/17 11:55:33.0234 1588 DLADResM (a07e008be76021cecbe3993e0c00f1de) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/08/17 11:55:33.0281 1588 DLAIFS_M (f7a726fb7097d2ac0d5ba8dbbfbc285f) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/17 11:55:33.0343 1588 DLAOPIOM (528dabad21a113e70f726ddecedfa36d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/17 11:55:33.0375 1588 DLAPoolM (aadfacb452fe661b446c56b75781152c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/17 11:55:33.0390 1588 DLARTL_M (ff4dea7abd1e5b0040c7698998cf12cd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/08/17 11:55:33.0437 1588 DLAUDFAM (20b7c6f675c01899a2464690157c6dcd) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/17 11:55:33.0500 1588 DLAUDF_M (739dcd23ebaf70f44a110b996d155f6e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/17 11:55:33.0562 1588 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/17 11:55:33.0625 1588 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/17 11:55:33.0656 1588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/17 11:55:33.0671 1588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/17 11:55:33.0750 1588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/17 11:55:33.0750 1588 DRVMCDB (52b5b3b144e650d1ca4364dbede2f507) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/17 11:55:33.0812 1588 DRVNDDM (ba16a6b9f9624d1b9f7332743a4a6b34) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/17 11:55:34.0203 1588 EAPPkt (d82414ec520453efe2eba936f6a9115a) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/08/17 11:55:34.0281 1588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/17 11:55:34.0328 1588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/17 11:55:34.0343 1588 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/17 11:55:34.0375 1588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/17 11:55:34.0406 1588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/17 11:55:34.0421 1588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/17 11:55:34.0437 1588 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/17 11:55:34.0484 1588 GISscd (0946c53ef928ded24055fd98f71d3e0d) C:\WINDOWS\system32\Drivers\GISscd.sys
2011/08/17 11:55:34.0500 1588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/17 11:55:34.0531 1588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/17 11:55:34.0562 1588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/17 11:55:34.0625 1588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/17 11:55:34.0687 1588 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/17 11:55:34.0765 1588 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/17 11:55:34.0796 1588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/17 11:55:34.0953 1588 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/17 11:55:35.0093 1588 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/17 11:55:35.0125 1588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/17 11:55:35.0171 1588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/17 11:55:35.0203 1588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/17 11:55:35.0234 1588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/17 11:55:35.0250 1588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/17 11:55:35.0265 1588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/17 11:55:35.0296 1588 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/17 11:55:35.0312 1588 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/17 11:55:35.0343 1588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/17 11:55:35.0375 1588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/17 11:55:35.0437 1588 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/08/17 11:55:35.0500 1588 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/17 11:55:35.0531 1588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/17 11:55:35.0562 1588 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/17 11:55:35.0578 1588 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/17 11:55:35.0593 1588 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/17 11:55:35.0609 1588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/17 11:55:35.0656 1588 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/17 11:55:35.0765 1588 MpKsl40789ecc (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys
2011/08/17 11:55:35.0812 1588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/17 11:55:35.0859 1588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/17 11:55:35.0906 1588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/17 11:55:35.0937 1588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/17 11:55:35.0968 1588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/17 11:55:35.0984 1588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/17 11:55:36.0031 1588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/17 11:55:36.0046 1588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/17 11:55:36.0093 1588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/17 11:55:36.0109 1588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/17 11:55:36.0140 1588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/17 11:55:36.0156 1588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/17 11:55:36.0203 1588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/17 11:55:36.0218 1588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/17 11:55:36.0250 1588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/17 11:55:36.0281 1588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/17 11:55:36.0296 1588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/17 11:55:36.0312 1588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/17 11:55:36.0359 1588 nlem32nt (6bcab32b2c25b69ebbc97d7033637695) C:\WINDOWS\system32\drivers\nlem32nt.sys
2011/08/17 11:55:36.0421 1588 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/17 11:55:36.0453 1588 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/08/17 11:55:36.0484 1588 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/08/17 11:55:36.0515 1588 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/08/17 11:55:36.0531 1588 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/08/17 11:55:36.0578 1588 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/08/17 11:55:36.0593 1588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/17 11:55:36.0625 1588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/17 11:55:36.0671 1588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/17 11:55:36.0703 1588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/17 11:55:36.0734 1588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/17 11:55:36.0750 1588 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/17 11:55:36.0781 1588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/17 11:55:36.0812 1588 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/17 11:55:36.0828 1588 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/17 11:55:36.0890 1588 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/17 11:55:36.0921 1588 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/17 11:55:37.0031 1588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/17 11:55:37.0062 1588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/17 11:55:37.0093 1588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/17 11:55:37.0125 1588 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/17 11:55:37.0218 1588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/17 11:55:37.0250 1588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/17 11:55:37.0265 1588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/17 11:55:37.0281 1588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/17 11:55:37.0296 1588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/17 11:55:37.0343 1588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/17 11:55:37.0375 1588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/17 11:55:37.0421 1588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/17 11:55:37.0437 1588 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/17 11:55:37.0515 1588 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/08/17 11:55:37.0546 1588 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/17 11:55:37.0578 1588 RTLE8023xp (10854898b350483d6638c6ae17086d1b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/17 11:55:37.0671 1588 RxFilter (8e676929e3e14a9f18c3ec826e5e179b) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/08/17 11:55:37.0718 1588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/17 11:55:37.0734 1588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/17 11:55:37.0765 1588 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/17 11:55:37.0796 1588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/17 11:55:37.0843 1588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/17 11:55:37.0890 1588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/17 11:55:37.0906 1588 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/17 11:55:37.0953 1588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/17 11:55:37.0984 1588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/17 11:55:38.0000 1588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/17 11:55:38.0031 1588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/17 11:55:38.0109 1588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/17 11:55:38.0187 1588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/17 11:55:38.0203 1588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/17 11:55:38.0234 1588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/17 11:55:38.0265 1588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/17 11:55:38.0312 1588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/17 11:55:38.0375 1588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/17 11:55:38.0406 1588 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/17 11:55:38.0437 1588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/17 11:55:38.0468 1588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/17 11:55:38.0484 1588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/17 11:55:38.0500 1588 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/17 11:55:38.0515 1588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/17 11:55:38.0546 1588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/17 11:55:38.0578 1588 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/17 11:55:38.0656 1588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/17 11:55:38.0687 1588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/17 11:55:38.0750 1588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/17 11:55:38.0828 1588 MBR (0x1B8) (a44e93fa80841efb3b65ab921497d567) \Device\Harddisk0\DR0
2011/08/17 11:55:38.0859 1588 Boot (0x1200) (72a14712a3305d9dde61182ca610be04) \Device\Harddisk0\DR0\Partition0
2011/08/17 11:55:38.0875 1588 Boot (0x1200) (454682b813928c2b584185bfab26b6bb) \Device\Harddisk0\DR0\Partition1
2011/08/17 11:55:38.0875 1588 ================================================================================
2011/08/17 11:55:38.0875 1588 Scan finished
2011/08/17 11:55:38.0875 1588 ================================================================================
2011/08/17 11:55:38.0890 2448 Detected object count: 0
2011/08/17 11:55:38.0890 2448 Actual detected object count: 0
en de link http://www.daniel.vanmelzen.eu/uploads/ ... R5TvtX.log" onclick="window.open(this.href);return false;
4
Administrator
Administrator
Hoi,
ING Cleaner geeft een 'Mebroot' infectie aan dus we gaan even verder kijken.
Download aswMBR.exe naar het bureaublad.
ING Cleaner geeft een 'Mebroot' infectie aan dus we gaan even verder kijken.
Download aswMBR.exe naar het bureaublad.
- Dubbelklik op "aswMBR.exe" om de tool te starten.
- Klik bij het volgende venster op "Nee"
- Klik op de knop "scan"
-
- Als de scan gereed is klikt u op de knop "save log"
-
- Plaats dit log bestand in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
5
PC Web Plus - Member
PC Web Plus - Member
en daar is de volgende log,
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:01:31
-----------------------------
12:01:31.531 OS Version: Windows 5.1.2600 Service Pack 3
12:01:31.531 Number of processors: 2 586 0xF06
12:01:31.531 ComputerName: ***** UserName: *****
12:01:31.781 Initialize success
12:01:43.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:43.687 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:01:45.703 Disk 0 MBR read successfully
12:01:45.703 Disk 0 MBR scan
12:01:45.703 Disk 0 unknown MBR code
12:01:45.703 Disk 0 scanning sectors +488392065
12:01:45.718 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
12:01:45.718 Disk 0 PE file @ sector 488392090 !
12:01:45.750 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:51.640 Service scanning
12:01:52.031 Service MpKsl40789ecc C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys **LOCKED** 32
12:01:52.718 Modules scanning
12:02:00.609 Disk 0 trace - called modules:
12:02:00.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:02:00.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
12:02:00.625 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d8bf18]
12:02:00.625 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d57940]
12:02:00.625 Scan finished successfully
12:02:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:02:30.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:01:31
-----------------------------
12:01:31.531 OS Version: Windows 5.1.2600 Service Pack 3
12:01:31.531 Number of processors: 2 586 0xF06
12:01:31.531 ComputerName: ***** UserName: *****
12:01:31.781 Initialize success
12:01:43.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:43.687 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:01:45.703 Disk 0 MBR read successfully
12:01:45.703 Disk 0 MBR scan
12:01:45.703 Disk 0 unknown MBR code
12:01:45.703 Disk 0 scanning sectors +488392065
12:01:45.718 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
12:01:45.718 Disk 0 PE file @ sector 488392090 !
12:01:45.750 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:51.640 Service scanning
12:01:52.031 Service MpKsl40789ecc C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys **LOCKED** 32
12:01:52.718 Modules scanning
12:02:00.609 Disk 0 trace - called modules:
12:02:00.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:02:00.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
12:02:00.625 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d8bf18]
12:02:00.625 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d57940]
12:02:00.625 Scan finished successfully
12:02:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:02:30.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
6
Administrator
Administrator
Hoi,
Start aswMBR.exe opnieuw.
Start aswMBR.exe opnieuw.
- Klik bij het volgende venster op "Nee"
- Klik op de knop "scan"
-
- Klik nu op de knop "Fix" of "FixMBR"
-
- Herstart hierna de computer en laat aswMBR nogmaals scannen en plaats hiervan het nieuwe logje.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
7
PC Web Plus - Member
PC Web Plus - Member
Instructies wederom opgevolgd en hier de nieuwe log,
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:01:31
-----------------------------
12:01:31.531 OS Version: Windows 5.1.2600 Service Pack 3
12:01:31.531 Number of processors: 2 586 0xF06
12:01:31.531 ComputerName: ***** UserName: *****
12:01:31.781 Initialize success
12:01:43.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:43.687 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:01:45.703 Disk 0 MBR read successfully
12:01:45.703 Disk 0 MBR scan
12:01:45.703 Disk 0 unknown MBR code
12:01:45.703 Disk 0 scanning sectors +488392065
12:01:45.718 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
12:01:45.718 Disk 0 PE file @ sector 488392090 !
12:01:45.750 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:51.640 Service scanning
12:01:52.031 Service MpKsl40789ecc C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys **LOCKED** 32
12:01:52.718 Modules scanning
12:02:00.609 Disk 0 trace - called modules:
12:02:00.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:02:00.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
12:02:00.625 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d8bf18]
12:02:00.625 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d57940]
12:02:00.625 Scan finished successfully
12:02:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:02:30.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:25:42
-----------------------------
12:25:42.593 OS Version: Windows 5.1.2600 Service Pack 3
12:25:42.593 Number of processors: 2 586 0xF06
12:25:42.593 ComputerName: ***** UserName: *****
12:25:42.828 Initialize success
12:25:50.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:25:50.281 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:25:52.296 Disk 0 MBR read successfully
12:25:52.296 Disk 0 MBR scan
12:25:52.296 Disk 0 unknown MBR code
12:25:52.296 Disk 0 scanning sectors +488392065
12:25:52.343 Disk 0 scanning C:\WINDOWS\system32\drivers
12:25:59.156 Service scanning
12:25:59.671 Service MpKsl6e4af93f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl6e4af93f.sys **LOCKED** 32
12:26:00.375 Modules scanning
12:26:03.750 Disk 0 trace - called modules:
12:26:03.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:26:03.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d3eab8]
12:26:03.765 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d56f18]
12:26:03.781 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d8d940]
12:26:03.781 Scan finished successfully
12:27:46.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:27:46.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:01:31
-----------------------------
12:01:31.531 OS Version: Windows 5.1.2600 Service Pack 3
12:01:31.531 Number of processors: 2 586 0xF06
12:01:31.531 ComputerName: ***** UserName: *****
12:01:31.781 Initialize success
12:01:43.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:43.687 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:01:45.703 Disk 0 MBR read successfully
12:01:45.703 Disk 0 MBR scan
12:01:45.703 Disk 0 unknown MBR code
12:01:45.703 Disk 0 scanning sectors +488392065
12:01:45.718 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
12:01:45.718 Disk 0 PE file @ sector 488392090 !
12:01:45.750 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:51.640 Service scanning
12:01:52.031 Service MpKsl40789ecc C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl40789ecc.sys **LOCKED** 32
12:01:52.718 Modules scanning
12:02:00.609 Disk 0 trace - called modules:
12:02:00.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:02:00.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
12:02:00.625 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d8bf18]
12:02:00.625 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d57940]
12:02:00.625 Scan finished successfully
12:02:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:02:30.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-17 12:25:42
-----------------------------
12:25:42.593 OS Version: Windows 5.1.2600 Service Pack 3
12:25:42.593 Number of processors: 2 586 0xF06
12:25:42.593 ComputerName: ***** UserName: *****
12:25:42.828 Initialize success
12:25:50.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:25:50.281 Disk 0 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238474MB BusType: 3
12:25:52.296 Disk 0 MBR read successfully
12:25:52.296 Disk 0 MBR scan
12:25:52.296 Disk 0 unknown MBR code
12:25:52.296 Disk 0 scanning sectors +488392065
12:25:52.343 Disk 0 scanning C:\WINDOWS\system32\drivers
12:25:59.156 Service scanning
12:25:59.671 Service MpKsl6e4af93f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl6e4af93f.sys **LOCKED** 32
12:26:00.375 Modules scanning
12:26:03.750 Disk 0 trace - called modules:
12:26:03.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:26:03.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d3eab8]
12:26:03.765 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x86d56f18]
12:26:03.781 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d8d940]
12:26:03.781 Scan finished successfully
12:27:46.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\MBR.dat"
12:27:46.359 The log file has been saved successfully to "C:\Documents and Settings\*****\Mijn documenten\aswMBR.txt"
8
Administrator
Administrator
Hoi,
Dat ziet er al beter uit, laat nu nogmaals ING Cleaner eens draaien en plaats opnieuw een linkje naar dat logje of plaats dit in het volgende bericht.
Dat ziet er al beter uit, laat nu nogmaals ING Cleaner eens draaien en plaats opnieuw een linkje naar dat logje of plaats dit in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
9
PC Web Plus - Member
PC Web Plus - Member
Grrrrrrrr, vlgs ing cleaner nog niet schoon!
[17-08-2011 12:41:31] FCleaner v1.5.0.0 Loading...
[17-08-2011 12:41:32] Mebroot Infection Found!
[17-08-2011 12:41:32] FCleaner has detected malware on your system!
[17-08-2011 12:41:32] Please press the "Clean" button to remove the malware
[17-08-2011 12:41:31] FCleaner v1.5.0.0 Loading...
[17-08-2011 12:41:32] Mebroot Infection Found!
[17-08-2011 12:41:32] FCleaner has detected malware on your system!
[17-08-2011 12:41:32] Please press the "Clean" button to remove the malware
10
Administrator
Administrator
Hmmm dan gaan we even verder kijken.
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)
Download ComboFix van één van deze locaties:
Link 1
Link 2
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)
- Dubbelklik op "ComboFix.exe en ga "Akkoord" met de 'Disclaimer'
- Als er een melding komt dat er "Een nieuwere versie van ComboFix" beschikbaar is klik dan op "Ja" om te updaten.
- Klik na het update nogmaals op "Akkoord" en ComboFix zal nu starten.
- Als de "Recovery Console" nog niet aanwezig is zal ComboFix deze installeren indien er een actieve internet verbinding nodig.
- Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok"
- Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
- Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bij bijvoorbeeld een aanwezige rootkit, dit is normaal.
- Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
11
PC Web Plus - Member
PC Web Plus - Member
En hier 't log van Combofix
ComboFix 11-08-16.05 - Ron Snijders 17-08-2011 12:59:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.376 [GMT 2:00]
Gestart vanuit: c:\documents and settings\*****\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0413.exe
c:\windows\system32\3431765401.dat
c:\windows\system32\Agent.OMZ.Fix.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-17 to 2011-08-17 ))))))))))))))))))))))))))))))
.
.
2011-08-17 10:39 . 2011-08-17 10:39 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl025d98c7.sys
2011-08-17 08:38 . 2011-08-17 08:39 388096 ----a-r- c:\documents and settings\*****\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-17 07:15 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\mpengine.dll
2011-08-11 00:01 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 00:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 00:28 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 21:06 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 14:18 . 2011-06-09 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2007-02-28 15:49 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\lnyqnkcb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\jnbchmtp.sys
2011-07-12 23:32 . 2011-07-12 23:32 41680 ----a-w- c:\windows\system32\drivers\phsbielz.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\jfmeellj.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\pkmldjsy.sys
2011-07-12 22:49 . 2011-07-12 22:49 41680 ----a-w- c:\windows\system32\drivers\ryoczdmr.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\botkelkk.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\kgybddzq.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\ldbmvfig.sys
2011-07-08 14:02 . 2007-02-28 15:49 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2008-12-31 00:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-31 00:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2007-02-28 16:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2007-02-28 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2007-02-28 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2007-02-28 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-02-28 15:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2007-02-28 15:49 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2007-02-28 15:49 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:49 . 2011-06-20 16:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2006-05-30 102400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-12-6 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-05-08 16:11 1089536 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-07-11 04:18 167936 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-05-25 13:14 35552 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc000\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc001\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc002\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc003\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc004\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc005\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc006\\boinc_cli.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SlimBrowser\\sbrowser.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Agics\\Agics Hashscan\\AHC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\AHC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [25-4-2007 18:18 64976]
R1 MpKsl025d98c7;MpKsl025d98c7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl025d98c7.sys [17-8-2011 12:39 28752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-12-2008 11:08 38144]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-8-2007 12:28 393216]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [6-12-2008 11:09 238848]
R3 GISscd;GISscd;c:\windows\system32\drivers\GISscd.sys [25-4-2007 18:14 19037]
S1 cvrhokii;cvrhokii;\??\c:\windows\system32\drivers\cvrhokii.sys --> c:\windows\system32\drivers\cvrhokii.sys [?]
S1 dpmwzuzx;dpmwzuzx;\??\c:\windows\system32\drivers\dpmwzuzx.sys --> c:\windows\system32\drivers\dpmwzuzx.sys [?]
S1 fzzaqhfq;fzzaqhfq;\??\c:\windows\system32\drivers\fzzaqhfq.sys --> c:\windows\system32\drivers\fzzaqhfq.sys [?]
S1 hvrpewxe;hvrpewxe;\??\c:\windows\system32\drivers\hvrpewxe.sys --> c:\windows\system32\drivers\hvrpewxe.sys [?]
S1 hwyavmbn;hwyavmbn;\??\c:\windows\system32\drivers\hwyavmbn.sys --> c:\windows\system32\drivers\hwyavmbn.sys [?]
S1 mekzeovf;mekzeovf;\??\c:\windows\system32\drivers\mekzeovf.sys --> c:\windows\system32\drivers\mekzeovf.sys [?]
S1 psptzjjj;psptzjjj;\??\c:\windows\system32\drivers\psptzjjj.sys --> c:\windows\system32\drivers\psptzjjj.sys [?]
S1 qssblwyv;qssblwyv;\??\c:\windows\system32\drivers\qssblwyv.sys --> c:\windows\system32\drivers\qssblwyv.sys [?]
S1 syxrymdr;syxrymdr;\??\c:\windows\system32\drivers\syxrymdr.sys --> c:\windows\system32\drivers\syxrymdr.sys [?]
S1 vcipkien;vcipkien;\??\c:\windows\system32\drivers\vcipkien.sys --> c:\windows\system32\drivers\vcipkien.sys [?]
S1 vqbscvch;vqbscvch;\??\c:\windows\system32\drivers\vqbscvch.sys --> c:\windows\system32\drivers\vqbscvch.sys [?]
S1 vvgbkjux;vvgbkjux;\??\c:\windows\system32\drivers\vvgbkjux.sys --> c:\windows\system32\drivers\vvgbkjux.sys [?]
S1 ymeiitoe;ymeiitoe;\??\c:\windows\system32\drivers\ymeiitoe.sys --> c:\windows\system32\drivers\ymeiitoe.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [28-2-2007 17:49 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2-8-2005 23:10 32512]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL025D98C7
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\documents and settings\*****\Application Data\Mozilla\Firefox\Profiles\n1hlp3z9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" onclick="window.open(this.href);return false;
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-17 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Voltooingstijd: 2011-08-17 13:05:52
ComboFix-quarantined-files.txt 2011-08-17 11:05
ComboFix2.txt 2008-12-31 20:55
.
Pre-Run: 6.099.984.384 bytes beschikbaar
Post-Run: 6.432.169.984 bytes beschikbaar
.
- - End Of File - - 2451C55E139AEF5F123E33451463FBF4
ComboFix 11-08-16.05 - Ron Snijders 17-08-2011 12:59:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.376 [GMT 2:00]
Gestart vanuit: c:\documents and settings\*****\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0413.exe
c:\windows\system32\3431765401.dat
c:\windows\system32\Agent.OMZ.Fix.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-17 to 2011-08-17 ))))))))))))))))))))))))))))))
.
.
2011-08-17 10:39 . 2011-08-17 10:39 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl025d98c7.sys
2011-08-17 08:38 . 2011-08-17 08:39 388096 ----a-r- c:\documents and settings\*****\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-17 07:15 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\mpengine.dll
2011-08-11 00:01 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 00:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 00:28 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 21:06 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 14:18 . 2011-06-09 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2007-02-28 15:49 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\lnyqnkcb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\jnbchmtp.sys
2011-07-12 23:32 . 2011-07-12 23:32 41680 ----a-w- c:\windows\system32\drivers\phsbielz.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\jfmeellj.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\pkmldjsy.sys
2011-07-12 22:49 . 2011-07-12 22:49 41680 ----a-w- c:\windows\system32\drivers\ryoczdmr.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\botkelkk.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\kgybddzq.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\ldbmvfig.sys
2011-07-08 14:02 . 2007-02-28 15:49 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2008-12-31 00:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-31 00:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2007-02-28 16:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2007-02-28 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2007-02-28 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2007-02-28 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-02-28 15:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2007-02-28 15:49 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2007-02-28 15:49 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:49 . 2011-06-20 16:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2006-05-30 102400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-12-6 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-05-08 16:11 1089536 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-07-11 04:18 167936 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-05-25 13:14 35552 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc000\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc001\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc002\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc003\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc004\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc005\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc006\\boinc_cli.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SlimBrowser\\sbrowser.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Agics\\Agics Hashscan\\AHC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\AHC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [25-4-2007 18:18 64976]
R1 MpKsl025d98c7;MpKsl025d98c7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D99931-D914-4AE6-99E1-809E80161968}\MpKsl025d98c7.sys [17-8-2011 12:39 28752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-12-2008 11:08 38144]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-8-2007 12:28 393216]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [6-12-2008 11:09 238848]
R3 GISscd;GISscd;c:\windows\system32\drivers\GISscd.sys [25-4-2007 18:14 19037]
S1 cvrhokii;cvrhokii;\??\c:\windows\system32\drivers\cvrhokii.sys --> c:\windows\system32\drivers\cvrhokii.sys [?]
S1 dpmwzuzx;dpmwzuzx;\??\c:\windows\system32\drivers\dpmwzuzx.sys --> c:\windows\system32\drivers\dpmwzuzx.sys [?]
S1 fzzaqhfq;fzzaqhfq;\??\c:\windows\system32\drivers\fzzaqhfq.sys --> c:\windows\system32\drivers\fzzaqhfq.sys [?]
S1 hvrpewxe;hvrpewxe;\??\c:\windows\system32\drivers\hvrpewxe.sys --> c:\windows\system32\drivers\hvrpewxe.sys [?]
S1 hwyavmbn;hwyavmbn;\??\c:\windows\system32\drivers\hwyavmbn.sys --> c:\windows\system32\drivers\hwyavmbn.sys [?]
S1 mekzeovf;mekzeovf;\??\c:\windows\system32\drivers\mekzeovf.sys --> c:\windows\system32\drivers\mekzeovf.sys [?]
S1 psptzjjj;psptzjjj;\??\c:\windows\system32\drivers\psptzjjj.sys --> c:\windows\system32\drivers\psptzjjj.sys [?]
S1 qssblwyv;qssblwyv;\??\c:\windows\system32\drivers\qssblwyv.sys --> c:\windows\system32\drivers\qssblwyv.sys [?]
S1 syxrymdr;syxrymdr;\??\c:\windows\system32\drivers\syxrymdr.sys --> c:\windows\system32\drivers\syxrymdr.sys [?]
S1 vcipkien;vcipkien;\??\c:\windows\system32\drivers\vcipkien.sys --> c:\windows\system32\drivers\vcipkien.sys [?]
S1 vqbscvch;vqbscvch;\??\c:\windows\system32\drivers\vqbscvch.sys --> c:\windows\system32\drivers\vqbscvch.sys [?]
S1 vvgbkjux;vvgbkjux;\??\c:\windows\system32\drivers\vvgbkjux.sys --> c:\windows\system32\drivers\vvgbkjux.sys [?]
S1 ymeiitoe;ymeiitoe;\??\c:\windows\system32\drivers\ymeiitoe.sys --> c:\windows\system32\drivers\ymeiitoe.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [28-2-2007 17:49 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2-8-2005 23:10 32512]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL025D98C7
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\documents and settings\*****\Application Data\Mozilla\Firefox\Profiles\n1hlp3z9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" onclick="window.open(this.href);return false;
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-17 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Voltooingstijd: 2011-08-17 13:05:52
ComboFix-quarantined-files.txt 2011-08-17 11:05
ComboFix2.txt 2008-12-31 20:55
.
Pre-Run: 6.099.984.384 bytes beschikbaar
Post-Run: 6.432.169.984 bytes beschikbaar
.
- - End Of File - - 2451C55E139AEF5F123E33451463FBF4
12
Administrator
Administrator
Hoi,
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Filelook::
c:\windows\system32\drivers\lnyqnkcb.sys
c:\windows\system32\drivers\jnbchmtp.sys
c:\windows\system32\drivers\phsbielz.sys
c:\windows\system32\drivers\jfmeellj.sys
c:\windows\system32\drivers\pkmldjsy.sys
c:\windows\system32\drivers\ryoczdmr.sys
c:\windows\system32\drivers\botkelkk.sys
c:\windows\system32\drivers\kgybddzq.sys
c:\windows\system32\drivers\ldbmvfig.sys
File::
c:\windows\system32\drivers\cvrhokii.sys
c:\windows\system32\drivers\dpmwzuzx.sys
c:\windows\system32\drivers\fzzaqhfq.sys
c:\windows\system32\drivers\hvrpewxe.sys
c:\windows\system32\drivers\hwyavmbn.sys
c:\windows\system32\drivers\mekzeovf.sys
c:\windows\system32\drivers\psptzjjj.sys
c:\windows\system32\drivers\qssblwyv.sys
c:\windows\system32\drivers\syxrymdr.sys
c:\windows\system32\drivers\vcipkien.sys
c:\windows\system32\drivers\vqbscvch.sys
c:\windows\system32\drivers\vvgbkjux.sys
c:\windows\system32\drivers\ymeiitoe.sys
Driver::
cvrhokii
dpmwzuzx
fzzaqhfq
hvrpewxe
hwyavmbn
mekzeovf
psptzjjj
qssblwyv
syxrymdr
vcipkien
vqbscvch
vvgbkjux
ymeiitoe
jfmeellj
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Filelook::
c:\windows\system32\drivers\lnyqnkcb.sys
c:\windows\system32\drivers\jnbchmtp.sys
c:\windows\system32\drivers\phsbielz.sys
c:\windows\system32\drivers\jfmeellj.sys
c:\windows\system32\drivers\pkmldjsy.sys
c:\windows\system32\drivers\ryoczdmr.sys
c:\windows\system32\drivers\botkelkk.sys
c:\windows\system32\drivers\kgybddzq.sys
c:\windows\system32\drivers\ldbmvfig.sys
File::
c:\windows\system32\drivers\cvrhokii.sys
c:\windows\system32\drivers\dpmwzuzx.sys
c:\windows\system32\drivers\fzzaqhfq.sys
c:\windows\system32\drivers\hvrpewxe.sys
c:\windows\system32\drivers\hwyavmbn.sys
c:\windows\system32\drivers\mekzeovf.sys
c:\windows\system32\drivers\psptzjjj.sys
c:\windows\system32\drivers\qssblwyv.sys
c:\windows\system32\drivers\syxrymdr.sys
c:\windows\system32\drivers\vcipkien.sys
c:\windows\system32\drivers\vqbscvch.sys
c:\windows\system32\drivers\vvgbkjux.sys
c:\windows\system32\drivers\ymeiitoe.sys
Driver::
cvrhokii
dpmwzuzx
fzzaqhfq
hvrpewxe
hwyavmbn
mekzeovf
psptzjjj
qssblwyv
syxrymdr
vcipkien
vqbscvch
vvgbkjux
ymeiitoe
jfmeellj
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten.Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
13
PC Web Plus - Member
PC Web Plus - Member
En wederom een nieuw log van Combofix,
ComboFix 11-08-16.05 - Ron Snijders 17-08-2011 13:37:28.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.441 [GMT 2:00]
Gestart vanuit: c:\documents and settings\*****\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Ron Snijders\Bureaublad\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\cvrhokii.sys"
"c:\windows\system32\drivers\dpmwzuzx.sys"
"c:\windows\system32\drivers\fzzaqhfq.sys"
"c:\windows\system32\drivers\hvrpewxe.sys"
"c:\windows\system32\drivers\hwyavmbn.sys"
"c:\windows\system32\drivers\mekzeovf.sys"
"c:\windows\system32\drivers\psptzjjj.sys"
"c:\windows\system32\drivers\qssblwyv.sys"
"c:\windows\system32\drivers\syxrymdr.sys"
"c:\windows\system32\drivers\vcipkien.sys"
"c:\windows\system32\drivers\vqbscvch.sys"
"c:\windows\system32\drivers\vvgbkjux.sys"
"c:\windows\system32\drivers\ymeiitoe.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cvrhokii
-------\Service_dpmwzuzx
-------\Service_fzzaqhfq
-------\Service_hvrpewxe
-------\Service_hwyavmbn
-------\Service_mekzeovf
-------\Service_psptzjjj
-------\Service_qssblwyv
-------\Service_syxrymdr
-------\Service_vcipkien
-------\Service_vqbscvch
-------\Service_vvgbkjux
-------\Service_ymeiitoe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-17 to 2011-08-17 ))))))))))))))))))))))))))))))
.
.
2011-08-17 11:12 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\mpengine.dll
2011-08-17 08:38 . 2011-08-17 08:39 388096 ----a-r- c:\documents and settings\*****\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 00:01 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 00:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 00:28 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 21:06 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 14:18 . 2011-06-09 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2007-02-28 15:49 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\lnyqnkcb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\jnbchmtp.sys
2011-07-12 23:32 . 2011-07-12 23:32 41680 ----a-w- c:\windows\system32\drivers\phsbielz.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\jfmeellj.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\pkmldjsy.sys
2011-07-12 22:49 . 2011-07-12 22:49 41680 ----a-w- c:\windows\system32\drivers\ryoczdmr.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\botkelkk.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\kgybddzq.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\ldbmvfig.sys
2011-07-08 14:02 . 2007-02-28 15:49 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2008-12-31 00:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-31 00:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2007-02-28 16:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2007-02-28 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2007-02-28 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2007-02-28 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-02-28 15:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2007-02-28 15:49 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2007-02-28 15:49 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:49 . 2011-06-20 16:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\botkelkk.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\jfmeellj.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:31
Modified time: 2011-07-12 23:31
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\jnbchmtp.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:34
Modified time: 2011-07-12 23:34
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\kgybddzq.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\ldbmvfig.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\lnyqnkcb.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:34
Modified time: 2011-07-12 23:34
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\phsbielz.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:32
Modified time: 2011-07-12 23:32
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\pkmldjsy.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:31
Modified time: 2011-07-12 23:31
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\ryoczdmr.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:49
Modified time: 2011-07-12 22:49
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2006-05-30 102400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-12-6 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-05-08 16:11 1089536 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-07-11 04:18 167936 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-05-25 13:14 35552 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc000\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc001\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc002\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc003\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc004\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc005\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc006\\boinc_cli.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SlimBrowser\\sbrowser.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Agics\\Agics Hashscan\\AHC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\AHC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [25-4-2007 18:18 64976]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-12-2008 11:08 38144]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-8-2007 12:28 393216]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [6-12-2008 11:09 238848]
R3 GISscd;GISscd;c:\windows\system32\drivers\GISscd.sys [25-4-2007 18:14 19037]
S1 MpKslc33a14be;MpKslc33a14be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\MpKslc33a14be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\MpKslc33a14be.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [28-2-2007 17:49 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2-8-2005 23:10 32512]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\documents and settings\*****\Application Data\Mozilla\Firefox\Profiles\n1hlp3z9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" onclick="window.open(this.href);return false;
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-17 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-17 13:47:36 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-17 11:47
ComboFix2.txt 2011-08-17 11:05
ComboFix3.txt 2008-12-31 20:55
.
Pre-Run: 6.404.001.792 bytes beschikbaar
Post-Run: 6.332.628.992 bytes beschikbaar
.
- - End Of File - - E218B512827D7493B1FC8C599334B2DD
ComboFix 11-08-16.05 - Ron Snijders 17-08-2011 13:37:28.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.441 [GMT 2:00]
Gestart vanuit: c:\documents and settings\*****\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Ron Snijders\Bureaublad\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\cvrhokii.sys"
"c:\windows\system32\drivers\dpmwzuzx.sys"
"c:\windows\system32\drivers\fzzaqhfq.sys"
"c:\windows\system32\drivers\hvrpewxe.sys"
"c:\windows\system32\drivers\hwyavmbn.sys"
"c:\windows\system32\drivers\mekzeovf.sys"
"c:\windows\system32\drivers\psptzjjj.sys"
"c:\windows\system32\drivers\qssblwyv.sys"
"c:\windows\system32\drivers\syxrymdr.sys"
"c:\windows\system32\drivers\vcipkien.sys"
"c:\windows\system32\drivers\vqbscvch.sys"
"c:\windows\system32\drivers\vvgbkjux.sys"
"c:\windows\system32\drivers\ymeiitoe.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cvrhokii
-------\Service_dpmwzuzx
-------\Service_fzzaqhfq
-------\Service_hvrpewxe
-------\Service_hwyavmbn
-------\Service_mekzeovf
-------\Service_psptzjjj
-------\Service_qssblwyv
-------\Service_syxrymdr
-------\Service_vcipkien
-------\Service_vqbscvch
-------\Service_vvgbkjux
-------\Service_ymeiitoe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-17 to 2011-08-17 ))))))))))))))))))))))))))))))
.
.
2011-08-17 11:12 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\mpengine.dll
2011-08-17 08:38 . 2011-08-17 08:39 388096 ----a-r- c:\documents and settings\*****\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 00:01 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 00:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 00:28 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 21:06 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 14:18 . 2011-06-09 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2007-02-28 15:49 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\lnyqnkcb.sys
2011-07-12 23:34 . 2011-07-12 23:34 41680 ----a-w- c:\windows\system32\drivers\jnbchmtp.sys
2011-07-12 23:32 . 2011-07-12 23:32 41680 ----a-w- c:\windows\system32\drivers\phsbielz.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\jfmeellj.sys
2011-07-12 23:31 . 2011-07-12 23:31 41680 ----a-w- c:\windows\system32\drivers\pkmldjsy.sys
2011-07-12 22:49 . 2011-07-12 22:49 41680 ----a-w- c:\windows\system32\drivers\ryoczdmr.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\botkelkk.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\kgybddzq.sys
2011-07-12 22:45 . 2011-07-12 22:45 41680 ----a-w- c:\windows\system32\drivers\ldbmvfig.sys
2011-07-08 14:02 . 2007-02-28 15:49 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2008-12-31 00:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-31 00:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2007-02-28 16:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2007-02-28 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2007-02-28 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2007-02-28 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2007-02-28 15:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2007-02-28 15:49 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2007-02-28 15:49 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:49 . 2011-06-20 16:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\botkelkk.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\jfmeellj.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:31
Modified time: 2011-07-12 23:31
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\jnbchmtp.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:34
Modified time: 2011-07-12 23:34
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\kgybddzq.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\ldbmvfig.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:45
Modified time: 2011-07-12 22:45
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\lnyqnkcb.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:34
Modified time: 2011-07-12 23:34
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\phsbielz.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:32
Modified time: 2011-07-12 23:32
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\pkmldjsy.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 23:31
Modified time: 2011-07-12 23:31
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
--- c:\windows\system32\drivers\ryoczdmr.sys ---
Company: Microsoft Corporation
File Description: Boot Time Removal Tool
File Version: 1.1.1012.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: BTR.sys
File size: 41680
Created time: 2011-07-12 22:49
Modified time: 2011-07-12 22:49
MD5: 58E61EF6103ADAAE6CEF20EF28FE5A42
SHA1: 9A3D727C131308F59BC4E804FE1B79D907684B61
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2006-05-30 102400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-12-6 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-05-08 16:11 1089536 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-07-11 04:18 167936 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-05-25 13:14 35552 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc000\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc001\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc002\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc003\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc004\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc005\\boinc_cli.exe"=
"\\\\assem_server\\xp-opktools\\BOINC\\boinc006\\boinc_cli.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SlimBrowser\\sbrowser.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 8\\RoxUpnpServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Agics\\Agics Hashscan\\AHC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"=
"c:\\Program Files\\Agics\\Agics systemscan\\AHC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [25-4-2007 18:18 64976]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-12-2008 11:08 38144]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [13-8-2007 12:28 393216]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [6-12-2008 11:09 238848]
R3 GISscd;GISscd;c:\windows\system32\drivers\GISscd.sys [25-4-2007 18:14 19037]
S1 MpKslc33a14be;MpKslc33a14be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\MpKslc33a14be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E92AE5F-1C5B-484B-983B-F9B4FACF2D26}\MpKslc33a14be.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [28-2-2007 17:49 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2-8-2005 23:10 32512]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\documents and settings\*****\Application Data\Mozilla\Firefox\Profiles\n1hlp3z9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cc8c9599000000000000001cdf371f6e&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" onclick="window.open(this.href);return false;
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-17 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1058964630-24410828-2935464127-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (S-1-5-21-1058964630-24410828-2935464127-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-17 13:47:36 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-17 11:47
ComboFix2.txt 2011-08-17 11:05
ComboFix3.txt 2008-12-31 20:55
.
Pre-Run: 6.404.001.792 bytes beschikbaar
Post-Run: 6.332.628.992 bytes beschikbaar
.
- - End Of File - - E218B512827D7493B1FC8C599334B2DD
14
Administrator
Administrator
Hoi,
Laat nu nogmaals eens ING Cleaner draaien en plaats de inhoud van het nieuwe logje.
Laat nu nogmaals eens ING Cleaner draaien en plaats de inhoud van het nieuwe logje.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
15
PC Web Plus - Member
PC Web Plus - Member
------------------------------------------------------------------------------------------------------------------------
[17-08-2011 13:57:27] FCleaner v1.5.0.0 Loading...
[17-08-2011 13:57:27] No malware was found on your system!
Zou 't gelukt zijn?
[17-08-2011 13:57:27] FCleaner v1.5.0.0 Loading...
[17-08-2011 13:57:27] No malware was found on your system!
Zou 't gelukt zijn?