ING Malware / gehackt / Mebroot

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#1

22 aug 2011 02:07

Beste Max,

Hier zojuist hetzelfde probleem. Er werd getracht 50K af te schrijven van een ING rekening.
Zou ook de Mebroot moeten hebben volgens de ing viruscleaner. Ik heb alle stappen gevolgd(tot de blauwe regels) echter kan ik hem ook niet verwijderd krijgen.
Zou je voor mij ook deze regels kunnen maken?
Alvast bedankt!
Maxstar schreef:Hoi,

Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


Filelook::
c:\windows\system32\drivers\lnyqnkcb.sys
c:\windows\system32\drivers\jnbchmtp.sys
c:\windows\system32\drivers\phsbielz.sys
c:\windows\system32\drivers\jfmeellj.sys
c:\windows\system32\drivers\pkmldjsy.sys
c:\windows\system32\drivers\ryoczdmr.sys
c:\windows\system32\drivers\botkelkk.sys
c:\windows\system32\drivers\kgybddzq.sys
c:\windows\system32\drivers\ldbmvfig.sys

File::
c:\windows\system32\drivers\cvrhokii.sys
c:\windows\system32\drivers\dpmwzuzx.sys
c:\windows\system32\drivers\fzzaqhfq.sys
c:\windows\system32\drivers\hvrpewxe.sys
c:\windows\system32\drivers\hwyavmbn.sys
c:\windows\system32\drivers\mekzeovf.sys
c:\windows\system32\drivers\psptzjjj.sys
c:\windows\system32\drivers\qssblwyv.sys
c:\windows\system32\drivers\syxrymdr.sys
c:\windows\system32\drivers\vcipkien.sys
c:\windows\system32\drivers\vqbscvch.sys
c:\windows\system32\drivers\vvgbkjux.sys
c:\windows\system32\drivers\ymeiitoe.sys

Driver::
cvrhokii
dpmwzuzx
fzzaqhfq
hvrpewxe
hwyavmbn
mekzeovf
psptzjjj
qssblwyv
syxrymdr
vcipkien
vqbscvch
vvgbkjux
ymeiitoe
jfmeellj


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Afbeelding

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord
Hierbij mijn combofix LOG.
http://www.daniel.vanmelzen.eu/uploads/ ... sh164c.txt" onclick="window.open(this.href);return false;

Verneem graag van je! Alvast bedankt!
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#2

22 aug 2011 09:44

Hoi en welkom op het forum,
vincentc schreef:Ik heb alle stappen gevolgd(tot de blauwe regels) echter kan ik hem ook niet verwijderd krijgen.
Zou je voor mij ook deze regels kunnen maken?
Ik heb het bericht even opgesplitst naar een eigen onderwerp, en de adviezen in het andere topic zijn alleen voor die computer geschikt.
Laten we dus even het volgende uitvoeren voordat we met ComboFix aan de slag gaan.

1. Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)
  • Het venster met de vraag of je de "Evaluatie wil starten" mag je in principe weigeren, deze kan je later ook nog inschakelen.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


2. Download TDSSKiller en plaats het op je bureaublad.
  • Pak de bestanden in tdsskiller.zip uit.
  • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
  • Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
  • Klik op de knop "Start Scan" en volg de instructies.
  • Wanneer de scan klaar is klik je op de knop "Report".
  • Er opent een kladblokbestand. Post de inhoud van dit bestand.

3. Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.


Afbeelding

DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt


Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.

Plaats het logje van MBAM, TDSSkiller en DDS in het volgende bericht.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#3

22 aug 2011 11:30

DDS: http://www.daniel.vanmelzen.eu/uploads/ ... UEF4Ei.txt" onclick="window.open(this.href);return false;
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Hans at 11:25:38 on 2011-08-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.288 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab" onclick="window.open(this.href);return false;
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab" onclick="window.open(this.href);return false;
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" onclick="window.open(this.href);return false;
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab" onclick="window.open(this.href);return false;
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab" onclick="window.open(this.href);return false;
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab" onclick="window.open(this.href);return false;
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab" onclick="window.open(this.href);return false;
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab" onclick="window.open(this.href);return false;
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab" onclick="window.open(this.href);return false;
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab" onclick="window.open(this.href);return false;
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab" onclick="window.open(this.href);return false;
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe" onclick="window.open(this.href);return false;
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab" onclick="window.open(this.href);return false;
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab" onclick="window.open(this.href);return false;
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{822C911B-D9B1-4729-BF35-B335B5A531A6} : DhcpNameServer = 192.168.1.254
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hans\application data\mozilla\firefox\profiles\t4bve2hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567693&SearchSource=3&q=" onclick="window.open(this.href);return false;{searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.nl" onclick="window.open(this.href);return false;
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-10-16 190416]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-11-23 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-11-23 5248]
R0 PrecSim;PrecSim;c:\windows\system32\drivers\precsim.sys [2002-5-22 69600]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-10-16 99792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-6 54752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-22 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-22 22712]
S2 avast! Firewall;avast! Firewall;"c:\program files\alwil software\avast5\afwserv.exe" --> c:\program files\alwil software\avast5\afwServ.exe [?]
S2 gupdate1c9a5886b1d03ee;Google Update Service (gupdate1c9a5886b1d03ee);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-2-21 151552]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [2005-1-21 69810]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-22 41272]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-5-5 714240]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2011-08-22 09:22:13 -------- d--h--r- c:\documents and settings\hans\Onlangs geopend
2011-08-21 23:32:35 -------- d-sha-r- C:\cmdcons
2011-08-21 23:30:28 98816 ----a-w- c:\windows\sed.exe
2011-08-21 23:30:28 518144 ----a-w- c:\windows\SWREG.exe
2011-08-21 23:30:28 256000 ----a-w- c:\windows\PEV.exe
2011-08-21 23:30:28 208896 ----a-w- c:\windows\MBR.exe
2011-08-21 22:48:37 -------- d-----w- c:\documents and settings\hans\application data\Malwarebytes
2011-08-21 22:48:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 22:48:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-21 22:47:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 22:47:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 22:35:24 -------- d-----w- c:\documents and settings\hans\local settings\application data\Threat Expert
2011-08-21 22:35:03 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-21 22:35:03 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-21 22:35:03 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-21 22:35:03 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-21 22:35:03 153088 ----a-w- c:\windows\system32\unrar3.dll
2011-08-21 22:08:59 -------- d-----w- c:\program files\PC Tools Security
2011-08-21 22:08:59 -------- d-----w- c:\program files\common files\PC Tools
2011-08-21 22:06:39 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-14 16:33:01 -------- d-----w- c:\program files\iPod
2011-08-14 16:32:41 -------- d-----w- c:\program files\iTunes
2011-08-14 16:23:08 -------- d-----w- c:\program files\Bonjour
2011-08-10 09:56:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 09:56:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 09:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 16:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-05 05:44:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:26:27,79 ===============

MBAM: http://www.daniel.vanmelzen.eu/uploads/ ... th9riK.txt" onclick="window.open(this.href);return false;
Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: 7529

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

22-8-2011 11:10:46
mbam-log-2011-08-22 (11-10-46).txt

Scantype: Volledige scan (C:\|D:\|E:\|)
Objecten gescand: 331399
Verstreken tijd: 1 uur/uren, 36 minuut/minuten, 11 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
d:\RECYCLER\s-1-5-21-854245398-220523388-839522115-1004\Dd1.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

TDS Killer: http://www.daniel.vanmelzen.eu/uploads/ ... kLtI9f.txt" onclick="window.open(this.href);return false;
(Trojan gevonden. Hierna opnieuw opgestaat en toen volgende log verkregen)
2011/08/22 11:18:56.0578 4484 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 11:18:56.0828 4484 ================================================================================
2011/08/22 11:18:56.0828 4484 SystemInfo:
2011/08/22 11:18:56.0828 4484
2011/08/22 11:18:56.0828 4484 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/22 11:18:56.0828 4484 Product type: Workstation
2011/08/22 11:18:56.0828 4484 ComputerName: SILENTIUM
2011/08/22 11:18:56.0828 4484 UserName: Hans
2011/08/22 11:18:56.0828 4484 Windows directory: C:\WINDOWS
2011/08/22 11:18:56.0828 4484 System windows directory: C:\WINDOWS
2011/08/22 11:18:56.0828 4484 Processor architecture: Intel x86
2011/08/22 11:18:56.0828 4484 Number of processors: 2
2011/08/22 11:18:56.0828 4484 Page size: 0x1000
2011/08/22 11:18:56.0828 4484 Boot type: Normal boot
2011/08/22 11:18:56.0828 4484 ================================================================================
2011/08/22 11:18:58.0562 4484 Initialize success
2011/08/22 11:19:01.0546 5920 ================================================================================
2011/08/22 11:19:01.0546 5920 Scan started
2011/08/22 11:19:01.0546 5920 Mode: Manual;
2011/08/22 11:19:01.0546 5920 ================================================================================
2011/08/22 11:19:03.0843 5920 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/22 11:19:03.0906 5920 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/22 11:19:03.0953 5920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/22 11:19:03.0984 5920 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/22 11:19:04.0015 5920 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/22 11:19:04.0218 5920 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/08/22 11:19:04.0250 5920 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\WINDOWS\system32\drivers\aswFW.sys
2011/08/22 11:19:04.0281 5920 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
2011/08/22 11:19:04.0312 5920 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\WINDOWS\system32\drivers\aswNdis2.sys
2011/08/22 11:19:04.0343 5920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/22 11:19:04.0359 5920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/22 11:19:04.0406 5920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/22 11:19:04.0437 5920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/22 11:19:04.0500 5920 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/22 11:19:04.0531 5920 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/22 11:19:04.0546 5920 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/22 11:19:04.0578 5920 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/22 11:19:04.0625 5920 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/22 11:19:04.0671 5920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/22 11:19:04.0734 5920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/22 11:19:04.0765 5920 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/22 11:19:04.0812 5920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/22 11:19:04.0859 5920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/22 11:19:04.0875 5920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/22 11:19:05.0015 5920 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2011/08/22 11:19:05.0031 5920 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2011/08/22 11:19:05.0093 5920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/22 11:19:05.0156 5920 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/22 11:19:05.0203 5920 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/22 11:19:05.0234 5920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/22 11:19:05.0265 5920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/22 11:19:05.0312 5920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/22 11:19:05.0390 5920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/22 11:19:05.0421 5920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/22 11:19:05.0453 5920 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/22 11:19:05.0484 5920 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/22 11:19:05.0515 5920 FLMCKUSB (7b854c3d489f38b5a031a5330d356ac3) C:\WINDOWS\system32\Drivers\FLMckUSB.sys
2011/08/22 11:19:05.0531 5920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/22 11:19:05.0562 5920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/22 11:19:05.0609 5920 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/22 11:19:05.0640 5920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/22 11:19:05.0671 5920 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/22 11:19:05.0703 5920 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/22 11:19:05.0734 5920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/22 11:19:05.0781 5920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/22 11:19:05.0812 5920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/22 11:19:05.0843 5920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/22 11:19:05.0890 5920 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/22 11:19:05.0906 5920 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/22 11:19:05.0953 5920 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/22 11:19:05.0984 5920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/22 11:19:06.0062 5920 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/22 11:19:06.0093 5920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/22 11:19:06.0234 5920 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/22 11:19:06.0421 5920 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/22 11:19:06.0453 5920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/22 11:19:06.0484 5920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/22 11:19:06.0515 5920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/22 11:19:06.0546 5920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/22 11:19:06.0578 5920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/22 11:19:06.0609 5920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/22 11:19:06.0640 5920 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/22 11:19:06.0656 5920 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/22 11:19:06.0671 5920 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/22 11:19:06.0718 5920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/22 11:19:06.0750 5920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/22 11:19:06.0781 5920 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/08/22 11:19:06.0812 5920 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/08/22 11:19:06.0859 5920 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/22 11:19:06.0890 5920 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/22 11:19:06.0921 5920 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/08/22 11:19:06.0968 5920 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/22 11:19:07.0000 5920 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/22 11:19:07.0031 5920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/22 11:19:07.0062 5920 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/22 11:19:07.0078 5920 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/22 11:19:07.0125 5920 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/22 11:19:07.0156 5920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/22 11:19:07.0187 5920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/22 11:19:07.0234 5920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/22 11:19:07.0296 5920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/22 11:19:07.0312 5920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/22 11:19:07.0328 5920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/22 11:19:07.0359 5920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/22 11:19:07.0390 5920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/22 11:19:07.0421 5920 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/22 11:19:07.0453 5920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/22 11:19:07.0500 5920 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/22 11:19:07.0593 5920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/22 11:19:07.0625 5920 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/22 11:19:07.0656 5920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/22 11:19:07.0671 5920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/22 11:19:07.0687 5920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/22 11:19:07.0734 5920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/22 11:19:07.0765 5920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/22 11:19:07.0796 5920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/22 11:19:07.0843 5920 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/22 11:19:07.0859 5920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/22 11:19:07.0890 5920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/22 11:19:07.0968 5920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/22 11:19:08.0203 5920 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/22 11:19:08.0515 5920 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
2011/08/22 11:19:08.0640 5920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/22 11:19:08.0656 5920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/22 11:19:08.0703 5920 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/22 11:19:08.0718 5920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/22 11:19:08.0750 5920 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/22 11:19:08.0796 5920 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/22 11:19:08.0875 5920 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/22 11:19:08.0890 5920 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/22 11:19:09.0078 5920 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/22 11:19:09.0140 5920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/22 11:19:09.0156 5920 PrecSim (c3127bfdab6200769b5a0184fab48573) C:\WINDOWS\system32\DRIVERS\precsim.sys
2011/08/22 11:19:09.0187 5920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/22 11:19:09.0218 5920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/22 11:19:09.0250 5920 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/22 11:19:09.0281 5920 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/08/22 11:19:09.0406 5920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/22 11:19:09.0437 5920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/22 11:19:09.0468 5920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/22 11:19:09.0484 5920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/22 11:19:09.0500 5920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/22 11:19:09.0531 5920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/22 11:19:09.0593 5920 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/22 11:19:09.0640 5920 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/22 11:19:09.0687 5920 S3GIGP (be0ea04c57e2b6bdc135deffe786b493) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
2011/08/22 11:19:09.0765 5920 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/22 11:19:09.0812 5920 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\WINDOWS\system32\DRIVERS\se58bus.sys
2011/08/22 11:19:09.0843 5920 se58mdfl (fa571b57feec39f219024f06f4f8aa15) C:\WINDOWS\system32\DRIVERS\se58mdfl.sys
2011/08/22 11:19:09.0875 5920 se58mdm (a4bcc7ef6527ebda1b27c371262b4d0d) C:\WINDOWS\system32\DRIVERS\se58mdm.sys
2011/08/22 11:19:09.0906 5920 se58mgmt (29efe7e788ea404344186a7c3a43d08e) C:\WINDOWS\system32\DRIVERS\se58mgmt.sys
2011/08/22 11:19:09.0937 5920 se58nd5 (2485cd76889251fc9bc7a0cb112e47f6) C:\WINDOWS\system32\DRIVERS\se58nd5.sys
2011/08/22 11:19:09.0968 5920 se58obex (4ab981718c6d34187764afd6da4b348b) C:\WINDOWS\system32\DRIVERS\se58obex.sys
2011/08/22 11:19:10.0000 5920 se58unic (f653642c39a7072bdce7f25404ec15ce) C:\WINDOWS\system32\DRIVERS\se58unic.sys
2011/08/22 11:19:10.0031 5920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/22 11:19:10.0078 5920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/22 11:19:10.0093 5920 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/22 11:19:10.0125 5920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/22 11:19:10.0171 5920 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/22 11:19:10.0203 5920 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/22 11:19:10.0234 5920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/22 11:19:10.0281 5920 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/22 11:19:10.0312 5920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/22 11:19:10.0343 5920 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/22 11:19:10.0375 5920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/22 11:19:10.0406 5920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/22 11:19:10.0500 5920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/22 11:19:10.0562 5920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/22 11:19:10.0578 5920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/22 11:19:10.0609 5920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/22 11:19:10.0640 5920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/22 11:19:10.0703 5920 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/08/22 11:19:10.0750 5920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/22 11:19:10.0984 5920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/22 11:19:11.0031 5920 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/22 11:19:11.0062 5920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/22 11:19:11.0078 5920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/22 11:19:11.0109 5920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/22 11:19:11.0140 5920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/22 11:19:11.0156 5920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/22 11:19:11.0187 5920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/22 11:19:11.0203 5920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/22 11:19:11.0234 5920 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/08/22 11:19:11.0265 5920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/22 11:19:11.0312 5920 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/22 11:19:11.0343 5920 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/22 11:19:11.0390 5920 w800bus (731ee7f3e635ee060ede1bb26c90d231) C:\WINDOWS\system32\DRIVERS\w800bus.sys
2011/08/22 11:19:11.0437 5920 w800mdfl (ea5fd1aa88ea436bc6218282507ef450) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys
2011/08/22 11:19:11.0453 5920 w800mdm (806eced80c80ee07dd32ff720ca9d8d6) C:\WINDOWS\system32\DRIVERS\w800mdm.sys
2011/08/22 11:19:11.0484 5920 w800mgmt (b420b0023f068cbf00e1b9591bed1437) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys
2011/08/22 11:19:11.0500 5920 w800obex (dcd2be4ebb36cfac0fe9094d5aa2c618) C:\WINDOWS\system32\DRIVERS\w800obex.sys
2011/08/22 11:19:11.0546 5920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/22 11:19:11.0578 5920 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/08/22 11:19:11.0625 5920 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/22 11:19:11.0703 5920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/22 11:19:11.0765 5920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/22 11:19:11.0812 5920 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/22 11:19:11.0843 5920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/22 11:19:11.0875 5920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/22 11:19:11.0953 5920 MBR (0x1B8) (33acd7f96c8c543021d4b4a4c6afbe8a) \Device\Harddisk0\DR0
2011/08/22 11:19:11.0953 5920 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/08/22 11:19:11.0968 5920 Boot (0x1200) (67a662d094c7af3174f551976669226f) \Device\Harddisk0\DR0\Partition0
2011/08/22 11:19:11.0984 5920 Boot (0x1200) (4715302630d9fbc8dd855c83574110f0) \Device\Harddisk0\DR0\Partition1
2011/08/22 11:19:12.0000 5920 Boot (0x1200) (a9f2e3a90961e6d54f2148ea78d06363) \Device\Harddisk0\DR0\Partition2
2011/08/22 11:19:12.0000 5920 ================================================================================
2011/08/22 11:19:12.0000 5920 Scan finished
2011/08/22 11:19:12.0000 5920 ================================================================================
2011/08/22 11:19:12.0015 5192 Detected object count: 1
2011/08/22 11:19:12.0015 5192 Actual detected object count: 1
2011/08/22 11:19:21.0890 5192 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/08/22 11:19:21.0890 5192 \Device\Harddisk0\DR0 - ok
2011/08/22 11:19:21.0890 5192 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/22 11:19:31.0343 4396 Deinitialize success

http://www.daniel.vanmelzen.eu/uploads/ ... iqZAAh.txt" onclick="window.open(this.href);return false;

Hiera ING Tool nogmaals gedraaid en virus nog steeds aanwezig:

[22-08-2011 11:23:27] FCleaner v1.5.0.0 Loading...
[22-08-2011 11:23:29] Mebroot Infection Found!
[22-08-2011 11:23:29] FCleaner has detected malware on your system!
[22-08-2011 11:23:29] Please press the "Clean" button to remove the malware
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#4

22 aug 2011 11:31

Alvast bedankt!
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#5

22 aug 2011 11:38

Hoi,

De logjes mag je gewoon op het forum plaatsen, deze hoef je niet te uploaden.
Herstart de computer en voer hierna aswMBR uit.

Download aswMBR.exe naar het bureaublad.
  • Dubbelklik op "aswMBR.exe" om de tool te starten.
  • Klik bij het volgende venster op "Nee"
    Afbeelding
  • Klik op de knop "scan"
  • Afbeelding
  • Als de scan gereed is klikt u op de knop "save log"
  • Afbeelding
  • Plaats dit log bestand in het volgende bericht.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#6

22 aug 2011 11:48

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-22 11:45:11
-----------------------------
11:45:11.093 OS Version: Windows 5.1.2600 Service Pack 3
11:45:11.093 Number of processors: 2 586 0x605
11:45:11.093 ComputerName: SILENTIUM UserName: Hans
11:45:14.343 Initialize success
11:45:35.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:45:35.015 Disk 0 Vendor: MAXTOR_STM3250820AS 3.AAE Size: 238475MB BusType: 3
11:45:35.015 Device \Driver\atapi -> DriverStartIo f7411864
11:45:35.015 Device \Driver\atapi -> MajorFunction 86c33428
11:45:37.109 Disk 0 MBR read successfully
11:45:37.109 Disk 0 MBR scan
11:45:37.109 Disk 0 unknown MBR code
11:45:37.281 Disk 0 scanning sectors +488376000
11:45:37.406 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
11:45:37.437 Disk 0 PE file @ sector 488376025 !
11:45:37.546 Disk 0 scanning C:\WINDOWS\system32\drivers
11:46:00.093 Service scanning
11:46:01.921 Modules scanning
11:46:26.281 Disk 0 trace - called modules:
11:46:26.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86c33428]<<
11:46:26.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86eccab8]
11:46:26.312 3 CLASSPNP.SYS[f7611fd7] -> nt!IofCallDriver -> \Device\00000082[0x86ed39e8]
11:46:26.312 5 ACPI.sys[f7481620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ed3d98]
11:46:26.328 \Driver\atapi[0x86f7f300] -> IRP_MJ_CREATE -> 0x86c33428
11:46:26.328 Scan finished successfully
11:46:54.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hans\Bureaublad\MBR.dat"
11:46:54.265 The log file has been saved successfully to "C:\Documents and Settings\Hans\Bureaublad\aswMBR.txt"



Dit krijg ik nu! Alvast bedankt!
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#7

22 aug 2011 11:49

Hoi,

Start aswMBR.exe opnieuw.
  • Klik bij het volgende venster op "Nee"
    Afbeelding
  • Klik op de knop "scan"
  • Afbeelding
  • Klik nu op de knop "Fix" of "FixMBR"
  • Afbeelding
  • Herstart hierna de computer en laat aswMBR nogmaals scannen en plaats hiervan het nieuwe logje.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#8

22 aug 2011 11:57

Als ik hem laat fixxen geeft hij aan dat het gelukt is en dat ik moet herstarten(zoals je zei).
Hierna opnieuw laten lopen:


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-22 11:54:27
-----------------------------
11:54:27.437 OS Version: Windows 5.1.2600 Service Pack 3
11:54:27.437 Number of processors: 2 586 0x605
11:54:27.437 ComputerName: SILENTIUM UserName: Hans
11:54:36.796 Initialize success
11:54:41.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:54:41.078 Disk 0 Vendor: MAXTOR_STM3250820AS 3.AAE Size: 238475MB BusType: 3
11:54:41.078 Device \Driver\atapi -> DriverStartIo f7411864
11:54:41.078 Device \Driver\atapi -> MajorFunction 86cabb40
11:54:43.140 Disk 0 MBR read successfully
11:54:43.140 Disk 0 MBR scan
11:54:43.140 Disk 0 unknown MBR code
11:54:43.156 Disk 0 scanning sectors +488376000
11:54:43.265 Disk 0 scanning C:\WINDOWS\system32\drivers
11:55:14.000 Service scanning
11:55:15.406 Modules scanning
11:55:31.046 Disk 0 trace - called modules:
11:55:31.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86cabb40]<<
11:55:31.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5dab8]
11:55:31.078 3 CLASSPNP.SYS[f7611fd7] -> nt!IofCallDriver -> \Device\00000082[0x86ec1f18]
11:55:31.078 5 ACPI.sys[f7481620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ec0d98]
11:55:31.078 \Driver\atapi[0x86f6b4c0] -> IRP_MJ_CREATE -> 0x86cabb40
11:55:31.078 Scan finished successfully
11:55:44.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hans\Bureaublad\MBR.dat"
11:55:44.796 The log file has been saved successfully to "C:\Documents and Settings\Hans\Bureaublad\aswMBR1.txt"


Volgens mij zit er nog iets in want ik krijg 2 rode regels...?
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#9

22 aug 2011 12:11

Hoi,

Die rode regels hebben niets met een malware infectie te maken.

Download MBRCheck.exe naar je bureaublad.
  • Dubbelklik op MBRCheck.exe om het programma te openen.
  • Zo'n soort venster zal geopend worden:

    Afbeelding
  • Als je (zoals hierboven in de afbeelding) een melding krijgt, typ dan op N en druk op Enter.
  • Druk nogmaals op Enter.
  • Een kladblokbestand genaamd MBRCheck_mm.dd.yy_hh.mm.ss zal op je bureaublad worden opgeslagen. Post de inhoud van dit bestand in je volgende bericht.
Laat hierna nogmaals de ING Cleaner draaien en plaats het logje hiervan samen met dat van MBR Check in het volgende bericht.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#10

22 aug 2011 12:13

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000002fd

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7AD1000 \WINDOWS\system32\KDCOM.DLL
0xF79E1000 \WINDOWS\system32\BOOTVID.dll
0xF74AA000 d347bus.sys
0xF747B000 ACPI.sys
0xF7AD3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF746A000 pci.sys
0xF75D1000 isapnp.sys
0xF7B99000 pciide.sys
0xF7851000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AD5000 viaide.sys
0xF75E1000 MountMgr.sys
0xF744B000 ftdisk.sys
0xF7859000 PartMgr.sys
0xF75F1000 VolSnap.sys
0xF743A000 precsim.sys
0xF7422000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF740A000
0xF7AD7000 d347prt.sys
0xF7601000 disk.sys
0xF7611000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73EA000 fltmgr.sys
0xF73D8000 sr.sys
0xF7621000 PxHelp20.sys
0xF73C1000 KSecDD.sys
0xF7334000 Ntfs.sys
0xF7307000 NDIS.sys
0xF72DA000 aswNdis2.sys
0xF7AD9000 aswNdis.sys
0xF7631000 uagp35.sys
0xF72C0000 Mup.sys
0xF7861000 avgrkx86.sys
0xF79E5000 AVGIDSEH.Sys
0xF7691000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5F40000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5F2C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF76A1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF727C000 \SystemRoot\system32\drivers\pfc.sys
0xF76B1000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF76C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5F09000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7991000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7999000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5EE5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79A1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76E1000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7270000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5ED1000 \SystemRoot\system32\DRIVERS\parport.sys
0xF726C000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7701000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
0xF5EBF000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xF79B9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79C1000 \SystemRoot\system32\DRIVERS\fetnd5.sys
0xF5E97000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7BED000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7711000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7268000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5E80000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7721000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7731000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5E6F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7741000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7751000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B09000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5E11000 \SystemRoot\system32\DRIVERS\update.sys
0xF725C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF59BB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF5997000 \SystemRoot\system32\drivers\portcls.sys
0xF7761000 \SystemRoot\system32\drivers\drmk.sys
0xF7771000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7791000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B0D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7871000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF77B1000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7B0F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C00000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B11000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78B9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78C1000 \SystemRoot\System32\drivers\vga.sys
0xF7B13000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B15000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF729C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF245C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2403000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF23EC000 \SystemRoot\System32\Drivers\aswFW.SYS
0xF239E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77C1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF2357000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF232F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF230D000 \SystemRoot\System32\drivers\afd.sys
0xF77D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77E1000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xF21F2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2182000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77F1000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2146000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF7AC1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7821000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7AC9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7ACD000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78E1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF78E9000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF78F1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF78F9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xF7831000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF207B000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF23E4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7901000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xF7841000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF23E0000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF6CAF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1FEB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2269000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7911000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CA9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF580000 \SystemRoot\System32\ATMFD.DLL
0xBA754000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBA6D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3C3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA386000 \SystemRoot\system32\drivers\wdmaud.sys
0xF22AD000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B37000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA4FC000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xB9F46000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9D6A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7931000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB9AB3000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB8C6D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF2116000 \??\C:\WINDOWS\nvoclock.sys
0xB97B3000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB89A5000 \??\C:\DOCUME~1\Hans\LOCALS~1\Temp\aswMBR.sys
0xB7CE2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
1196 C:\WINDOWS\system32\smss.exe
1244 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
1400 csrss.exe
1432 C:\WINDOWS\system32\winlogon.exe
1484 C:\WINDOWS\system32\services.exe
1496 C:\WINDOWS\system32\lsass.exe
1680 C:\WINDOWS\system32\svchost.exe
1772 svchost.exe
1964 C:\WINDOWS\system32\svchost.exe
176 svchost.exe
404 svchost.exe
612 C:\WINDOWS\system32\spoolsv.exe
1704 svchost.exe
1820 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
252 C:\WINDOWS\explorer.exe
292 C:\Program Files\AVG\AVG10\avgwdsvc.exe
332 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
364 C:\Program Files\Bonjour\mDNSResponder.exe
880 C:\Program Files\Java\jre6\bin\jqs.exe
1868 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
736 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
712 C:\WINDOWS\system32\nvsvc32.exe
832 C:\WINDOWS\system32\PnkBstrA.exe
888 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
772 C:\WINDOWS\system32\svchost.exe
2088 C:\WINDOWS\system32\VTTimer.exe
2144 C:\WINDOWS\RTHDCPL.exe
2232 C:\Program Files\AVG\AVG10\avgnsx.exe
2304 C:\WINDOWS\system32\rundll32.exe
2312 C:\Program Files\AVG\AVG10\avgemcx.exe
2460 C:\Program Files\HP\HP Software Update\hpwuSchd.exe
2496 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
2552 C:\Program Files\AVG\AVG10\avgtray.exe
2748 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2764 C:\Program Files\QuickTime\QTTask.exe
2900 C:\Program Files\iTunes\iTunesHelper.exe
2908 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2932 C:\Program Files\TomTom HOME 2\HOMERunner.exe
3180 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3272 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3352 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3372 C:\PROGRA~1\MICROS~4\rapimgr.exe
3428 C:\WINDOWS\system32\ctfmon.exe
3752 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3896 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2608 C:\Program Files\iPod\bin\iPodService.exe
3848 alg.exe
472 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2852 C:\WINDOWS\system32\hpzipm12.exe
3492 C:\Program Files\Internet Explorer\iexplore.exe
2740 C:\Program Files\Internet Explorer\iexplore.exe
3680 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
3224 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2384 C:\Program Files\Internet Explorer\iexplore.exe
3772 C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000023`3680a400 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3250820AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7CB1191167483873329D31660D961A387CD44CD7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!





----


[22-08-2011 12:12:44] FCleaner v1.5.0.0 Loading...
[22-08-2011 12:12:46] Mebroot Infection Found!
[22-08-2011 12:12:46] FCleaner has detected malware on your system!
[22-08-2011 12:12:46] Please press the "Clean" button to remove the malware
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#11

22 aug 2011 12:21

Hoi,

Download Mebroot ZeroAccess Remover naar je bureaublad.
  • * Dubbelklik op Antizeroaccess.exe om de tool te starten.
    * Vista en Windows 7 gebruikers: Rechtsklikken -> uitvoeren als Administrator.
    * Een CMD venster wordt geopend.
    * Typ Y om een system scan te starten en druk op enter.
Wacht tot de scan klaar is.
Volg de instructies op het scherm.

Om hierna het programma te sluiten druk je simpelweg gewoon op een willekeurige toets.
Als er een herstart nodig is, doe dit dan onmiddelijk.
Plaats de logfile die het programma aan heeft gemaakt.

Laat ook ING cleaner nu nog eens scannen na een reboot van de computer.
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#12

22 aug 2011 12:24

Niks gevonden...


Webroot AntiZeroAccess 0.8 Log File
Execution time: 22/08/2011 - 12:23
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:23:25 - CheckSystem - Begin to check system...
12:23:25 - OpenRootDrive - Opening system root volume and physical drive....
12:23:25 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x061A7927 sectors.
12:23:25 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:23:26 - InstallAndStartDriver - Main driver was installed and now is running.
12:23:26 - CheckSystem - Disk class driver state is OK.
12:23:31 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:23:31 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:23:31 - Execution Ended!


-----

[22-08-2011 12:23:55] FCleaner v1.5.0.0 Loading...
[22-08-2011 12:23:55] Mebroot Infection Found!
[22-08-2011 12:23:55] FCleaner has detected malware on your system!
[22-08-2011 12:23:55] Please press the "Clean" button to remove the malware
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 42049
Lid geworden op: 27 sep 2008 10:18
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Anti-Malware
Gegeven likes: 8
Ontvangen likes: 11
Contacteer:

#13

22 aug 2011 12:26

Hoi,

Heeft deze computer een recovery partitie waar een image van Windows XP aanwezig is.
Heb je ook een recovery cd of dvd van Windows XP?
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#14

22 aug 2011 12:29

Beste Max,

Die moet wel ergens zijn...
Combofix gebruiken zoals bij de andere man is geen optie? Hij kreeg bij die avastscanner dezelfde melding...
Grt
Gebruikersavatar
vincentc
PC Web Plus - Member
PC Web Plus - Member
Berichten: 16
Lid geworden op: 22 aug 2011 01:58
OS: XP SP3

#15

22 aug 2011 12:30

Ik weet alleen niet waar deze is. Is een PC van mijn vader.
Gesloten

Terug naar “Opgeloste problemen / logs”