Hallo,
Ik ben ook slachtoffer geworden van het ING virus en las dat andere mensen hier al prima waren geholpen dus wil ik bij deze ook om hulp vragen.
FCleaner_1108_tcm7-83068 kon ik niet uitvoeren want toen kreeg ik een .NET Framework Initialization Error.
Malwarebytes en aswmbr heb ik wel kunnen doen en dit zijn de logjes.
Bij voorbaat alvast hartelijk dank.


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-23 12:16:30
-----------------------------
12:16:30.526 OS Version: Windows 5.1.2600 Service Pack 2
12:16:30.526 Number of processors: 1 586 0x80A
12:16:30.566 ComputerName: MEDION UserName:
12:16:40.850 Initialize success
12:16:54.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:16:54.470 Disk 0 Vendor: HITACHI_DK23CA-20 00H1A0A3 Size: 19077MB BusType: 3
12:16:54.520 Disk 0 MBR read successfully
12:16:54.530 Disk 0 MBR scan
12:16:54.530 Disk 0 Windows XP default MBR code
12:16:54.550 Disk 0 scanning sectors +39054015
12:16:54.740 Disk 0 scanning C:\WINDOWS\system32\drivers
12:17:29.160 Service scanning
12:17:34.117 Modules scanning
12:18:09.868 Disk 0 trace - called modules:
12:18:09.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:18:09.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236aab8]
12:18:09.939 3 CLASSPNP.SYS[f85a305b] -> nt!IofCallDriver -> \Device\00000077[0x8236c438]
12:18:09.949 5 ACPI.sys[f84f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8236c030]
12:18:10.529 Scan finished successfully
12:18:20.113 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat"
12:18:20.123 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR.txt"


Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: 7543

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23-8-2011 12:57:41
mbam-log-2011-08-23 (12-57-41).txt

Scantype: Snelle scan
Objecten gescand: 159713
Verstreken tijd: 36 minuut/minuten, 27 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 3

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0V3DUA4JXE8DZX7XXCWOSWXEKZUOVDI (Trojan.FakeJava) -> Value: 0V3DUA4JXE8DZX7XXCWOSWXEKZUOVDI -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
c:\alogn0.bin (Trojan.Spyeyes) -> Delete on reboot.

Bestanden geïnfecteerd:
c:\cleansweep\d232f5b6428.exe (Trojan.FakeJava) -> Quarantined and deleted successfully.
c:\alogn0.bin\alogn0.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\alogn0.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Hoi en welkom op het forum,

Wat betreft de error van de ING cleaner komt dit doordat .NET Framwork 2.0 niet is geïnstalleerd.
Download .NET Framework 2.0 en installer deze.

Voer nu nogmaals de ING cleaner uit en daarna de volgende twee tools.

Download TDSSKiller en plaats het op je bureaublad.

• Pak de bestanden in tdsskiller.zip uit.
• Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
• Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
• Klik op de knop "Start Scan" en volg de instructies.
• Wanneer de scan klaar is klik je op de knop "Report".
• Er opent een kladblokbestand. Post de inhoud van dit bestand.

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt

Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.

Plaats het logje van ING cleaner, TDSSkiller en DDS in het volgende bericht.

Fcleaner werkte nu wel en hier het logje plus die andere twee .


------------------------------------------------------------------------------------------------------------------------
[23-08-2011 14:24:09] FCleaner v1.5.0.0 Loading...
[23-08-2011 14:24:11] No malware was found on your system!



2011/08/23 14:07:50.0423 0268 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 14:07:50.0763 0268 ================================================================================
2011/08/23 14:07:50.0763 0268 SystemInfo:
2011/08/23 14:07:50.0763 0268
2011/08/23 14:07:50.0763 0268 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/23 14:07:50.0763 0268 Product type: Workstation
2011/08/23 14:07:50.0763 0268 ComputerName: MEDION
2011/08/23 14:07:50.0773 0268 UserName: Administrator
2011/08/23 14:07:50.0773 0268 Windows directory: C:\WINDOWS
2011/08/23 14:07:50.0773 0268 System windows directory: C:\WINDOWS
2011/08/23 14:07:50.0773 0268 Processor architecture: Intel x86
2011/08/23 14:07:50.0773 0268 Number of processors: 1
2011/08/23 14:07:50.0773 0268 Page size: 0x1000
2011/08/23 14:07:50.0773 0268 Boot type: Normal boot
2011/08/23 14:07:50.0773 0268 ================================================================================
2011/08/23 14:07:53.0417 0268 Initialize success
2011/08/23 14:07:56.0041 3644 ================================================================================
2011/08/23 14:07:56.0041 3644 Scan started
2011/08/23 14:07:56.0041 3644 Mode: Manual;
2011/08/23 14:07:56.0041 3644 ================================================================================
2011/08/23 14:08:00.0157 3644 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 14:08:00.0628 3644 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/23 14:08:01.0379 3644 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 14:08:01.0889 3644 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 14:08:03.0922 3644 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 14:08:05.0434 3644 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 14:08:05.0815 3644 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 14:08:06.0576 3644 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 14:08:07.0047 3644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 14:08:07.0487 3644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 14:08:07.0928 3644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 14:08:08.0579 3644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 14:08:08.0970 3644 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 14:08:09.0430 3644 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 14:08:10.0231 3644 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 14:08:10.0912 3644 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 14:08:12.0455 3644 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 14:08:13.0336 3644 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 14:08:14.0167 3644 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/23 14:08:14.0558 3644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 14:08:15.0048 3644 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 14:08:15.0689 3644 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 14:08:16.0550 3644 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 14:08:17.0131 3644 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/23 14:08:17.0462 3644 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 14:08:17.0922 3644 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/23 14:08:18.0293 3644 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/23 14:08:18.0734 3644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 14:08:19.0184 3644 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 14:08:19.0645 3644 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 14:08:20.0396 3644 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 14:08:21.0197 3644 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 14:08:22.0259 3644 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 14:08:22.0619 3644 Imapi (839e3c21fcd536a8560090903761dde8) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 14:08:22.0629 3644 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 839e3c21fcd536a8560090903761dde8, Fake md5: f8aa320c6a0409c0380e5d8a99d76ec6
2011/08/23 14:08:22.0719 3644 Imapi - detected Rootkit.Win32.ZAccess.c (0)
2011/08/23 14:08:23.0811 3644 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/23 14:08:24.0141 3644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 14:08:24.0582 3644 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 14:08:24.0983 3644 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 14:08:25.0453 3644 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 14:08:25.0854 3644 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/23 14:08:26.0264 3644 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 14:08:26.0645 3644 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/23 14:08:27.0066 3644 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 14:08:27.0456 3644 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 14:08:27.0837 3644 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/23 14:08:28.0287 3644 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 14:08:28.0718 3644 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 14:08:29.0639 3644 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/23 14:08:30.0080 3644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 14:08:30.0470 3644 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 14:08:30.0881 3644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/23 14:08:31.0242 3644 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 14:08:31.0632 3644 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 14:08:32.0033 3644 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 14:08:32.0804 3644 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 14:08:33.0465 3644 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 14:08:34.0046 3644 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 14:08:34.0506 3644 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 14:08:34.0857 3644 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 14:08:35.0197 3644 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 14:08:35.0568 3644 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 14:08:36.0018 3644 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/23 14:08:37.0120 3644 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/23 14:08:38.0222 3644 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 14:08:38.0782 3644 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 14:08:39.0263 3644 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 14:08:39.0654 3644 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 14:08:40.0054 3644 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 14:08:40.0415 3644 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 14:08:40.0845 3644 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 14:08:41.0246 3644 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 14:08:41.0897 3644 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 14:08:42.0428 3644 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 14:08:42.0748 3644 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/23 14:08:43.0459 3644 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 14:08:44.0310 3644 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/23 14:08:44.0811 3644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 14:08:45.0172 3644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 14:08:45.0472 3644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 14:08:45.0843 3644 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/23 14:08:46.0243 3644 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/23 14:08:46.0664 3644 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/23 14:08:47.0084 3644 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 14:08:47.0465 3644 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/23 14:08:47.0845 3644 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/23 14:08:48.0246 3644 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 14:08:48.0587 3644 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 14:08:48.0967 3644 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 14:08:49.0638 3644 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 14:08:50.0019 3644 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/23 14:08:52.0382 3644 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 14:08:52.0843 3644 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 14:08:53.0303 3644 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/23 14:08:53.0834 3644 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/23 14:08:54.0375 3644 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/23 14:08:54.0916 3644 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/23 14:08:55.0366 3644 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/23 14:08:55.0807 3644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 14:08:57.0569 3644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 14:08:57.0930 3644 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/23 14:08:58.0280 3644 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 14:08:58.0681 3644 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 14:08:59.0011 3644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 14:08:59.0442 3644 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 14:08:59.0793 3644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 14:09:00.0233 3644 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 14:09:00.0714 3644 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 14:09:01.0105 3644 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/23 14:09:01.0425 3644 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/23 14:09:01.0926 3644 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/23 14:09:02.0396 3644 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 14:09:02.0787 3644 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/23 14:09:03.0117 3644 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/23 14:09:03.0418 3644 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 14:09:04.0059 3644 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/23 14:09:04.0459 3644 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/23 14:09:05.0040 3644 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/23 14:09:05.0521 3644 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/23 14:09:05.0901 3644 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/23 14:09:06.0432 3644 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/23 14:09:07.0103 3644 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/23 14:09:07.0474 3644 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/23 14:09:08.0115 3644 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 14:09:08.0585 3644 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 14:09:09.0146 3644 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 14:09:09.0737 3644 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 14:09:10.0107 3644 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 14:09:11.0830 3644 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 14:09:12.0541 3644 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 14:09:13.0042 3644 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 14:09:13.0402 3644 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 14:09:13.0783 3644 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 14:09:14.0684 3644 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 14:09:15.0475 3644 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 14:09:16.0016 3644 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 14:09:16.0396 3644 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/23 14:09:16.0747 3644 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 14:09:17.0158 3644 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 14:09:17.0879 3644 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 14:09:18.0459 3644 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 14:09:19.0130 3644 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 14:09:20.0212 3644 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/08/23 14:09:20.0753 3644 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/23 14:09:20.0803 3644 ================================================================================
2011/08/23 14:09:20.0803 3644 Scan finished
2011/08/23 14:09:20.0803 3644 ================================================================================
2011/08/23 14:09:20.0953 3652 Detected object count: 1
2011/08/23 14:09:20.0963 3652 Actual detected object count: 1
2011/08/23 14:09:24.0578 3652 Imapi (839e3c21fcd536a8560090903761dde8) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 14:09:24.0578 3652 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 839e3c21fcd536a8560090903761dde8, Fake md5: f8aa320c6a0409c0380e5d8a99d76ec6
2011/08/23 14:09:25.0429 3652 Backup copy found, using it..
2011/08/23 14:09:25.0520 3652 C:\WINDOWS\system32\DRIVERS\imapi.sys - will be cured after reboot
2011/08/23 14:09:25.0520 3652 Rootkit.Win32.ZAccess.c(Imapi) - User select action: Cure
2011/08/23 14:09:33.0090 1352 Deinitialize success



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Administrator at 14:26:27 on 2011-08-23
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.503.304 [GMT 2:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com" onclick="window.open(this.href);return false;
uSearch Bar = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0" onclick="window.open(this.href);return false;
mDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
mSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [9DDD2762DB490EDF] c:\alogn0.bin\alogn0.bin.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
mRun: [SiS Tray] c:\windows\system32\sistray.EXE
mRun: [SiS KHooker] c:\windows\system32\khooker.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\raconf~1.lnk - c:\windows\system32\RaConfig2500.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hmm3k0pv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?ei=utf-8&fr=panda&type=PCAFSI1190&p=" onclick="window.open(this.href);return false;
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hmm3k0pv.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
R3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [2009-5-29 109312]
S0 exnyheio;exnyheio;c:\windows\system32\drivers\nbkmj.sys --> c:\windows\system32\drivers\nbkmj.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-24 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-24 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-13 41272]
.
=============== Created Last 30 ================
.
2011-08-23 12:09:25 94768 ----a-w- c:\windows\system32\drivers\92434480.sys
2011-08-22 09:55:43 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 10:12:43 143752 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
.
============= FINISH: 14:28:47,93 ===============

Hoi,

TDSSkiller heeft in ieder geval de rootkit verwijderd maar laat ter controle TDSSkiller nogmaals scannen.

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op, maar start deze nog niet.

Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


DDS::
uRun: [9DDD2762DB490EDF]

File::
c:\alogn0.bin\alogn0.bin.exe
c:\windows\system32\drivers\nbkmj.sys

Filelook::
c:\windows\system32\drivers\92434480.sys

Driver::
exnyheio

Firefox::
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hmm3k0pv.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type -


Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix laten starten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord samen met het logje van TDSSkiller.

ComboFix 11-08-24.01 - Administrator 24-08-2011 11:48:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.503.329 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\cfscript.txt
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
FILE ::
"c:\alogn0.bin\alogn0.bin.exe"
"c:\windows\system32\drivers\nbkmj.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Besmet exemplaar van c:\windows\system32\slserv.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\system volume information\_restore{AF630CEF-E359-4F5E-8A07-F2FE347F8707}\RP13\A0009768.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_exnyheio
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-24 to 2011-08-24 ))))))))))))))))))))))))))))))
.
.
2011-08-23 15:43 . 2011-08-23 15:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:37 . 2002-12-31 12:00 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-07-06 17:52 . 2010-07-13 11:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-07-13 11:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 10:12 . 2011-07-05 10:12 143752 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-12-31 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-23 39408]
"0V3DUA4JXE8DZX7XXCWOSWXEKZUOVDI"="c:\cleansweep\D232F5B6428.exe" [2011-08-24 153600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2001-08-13 266240]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2001-09-02 294912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
RaConfig2500.lnk - c:\windows\system32\RaConfig2500.exe [2009-5-29 425984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2011-05-17 14:25 231592 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain]
2011-04-28 12:01 439616 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Bureaublad\\aswMBR.exe"=
"c:\\Documents and Settings\\Administrator\\Bureaublad\\TDSSKiller.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 129992]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-07-05 143752]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 97096]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111688]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112456]
S3 SiS630;SiS630;c:\windows\system32\DRIVERS\sis630p.sys [2001-10-19 109312]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 09:24]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 09:24]
.
.
------- Bijkomende Scan -------
.
uSearch Page = hxxp://www.google.com" onclick="window.open(this.href);return false;
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0" onclick="window.open(this.href);return false;
uSearch Bar = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
mDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
mSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: mswsock.dll
TCP: Interfaces\{9ACF79CA-8D0A-41FA-8B4D-D2B706B2545E}: NameServer = 212.54.40.25,212.54.35.25
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmm3k0pv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-41007192.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-24 12:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\sfc_os.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\mswsock.dll
mswsock.dll 719d0000 262144 \\?\globalroot\systemroot\system32\mswsock.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\slserv.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\ROUTE.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-24 12:59:55 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-24 10:59
.
Pre-Run: 15.190.298.624 bytes beschikbaar
Post-Run: 15.497.912.320 bytes beschikbaar
.
- - End Of File - - D4294DAC903CC1BEEDA5E3A96D40DAE7


2011/08/24 13:07:23.0876 2716 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 13:07:24.0066 2716 ================================================================================
2011/08/24 13:07:24.0066 2716 SystemInfo:
2011/08/24 13:07:24.0066 2716
2011/08/24 13:07:24.0066 2716 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/24 13:07:24.0066 2716 Product type: Workstation
2011/08/24 13:07:24.0066 2716 ComputerName: MEDION
2011/08/24 13:07:24.0066 2716 UserName: Administrator
2011/08/24 13:07:24.0066 2716 Windows directory: C:\WINDOWS
2011/08/24 13:07:24.0066 2716 System windows directory: C:\WINDOWS
2011/08/24 13:07:24.0066 2716 Processor architecture: Intel x86
2011/08/24 13:07:24.0066 2716 Number of processors: 1
2011/08/24 13:07:24.0066 2716 Page size: 0x1000
2011/08/24 13:07:24.0066 2716 Boot type: Normal boot
2011/08/24 13:07:24.0066 2716 ================================================================================
2011/08/24 13:07:26.0740 2716 Initialize success
2011/08/24 13:07:28.0433 3344 ================================================================================
2011/08/24 13:07:28.0433 3344 Scan started
2011/08/24 13:07:28.0433 3344 Mode: Manual;
2011/08/24 13:07:28.0433 3344 ================================================================================
2011/08/24 13:07:32.0819 3344 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 13:07:33.0310 3344 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/24 13:07:34.0201 3344 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 13:07:34.0642 3344 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 13:07:37.0185 3344 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 13:07:39.0288 3344 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 13:07:39.0719 3344 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 13:07:40.0610 3344 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 13:07:40.0981 3344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 13:07:41.0482 3344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 13:07:41.0992 3344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 13:07:42.0853 3344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 13:07:43.0254 3344 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 13:07:43.0805 3344 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 13:07:44.0746 3344 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/24 13:07:45.0427 3344 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/24 13:07:47.0190 3344 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 13:07:48.0121 3344 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 13:07:48.0992 3344 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 13:07:49.0443 3344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 13:07:50.0014 3344 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 13:07:50.0915 3344 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 13:07:51.0426 3344 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 13:07:51.0997 3344 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 13:07:52.0347 3344 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 13:07:52.0688 3344 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 13:07:53.0208 3344 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 13:07:53.0609 3344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 13:07:54.0130 3344 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 13:07:54.0550 3344 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 13:07:55.0191 3344 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 13:07:56.0143 3344 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 13:07:57.0424 3344 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 13:07:57.0815 3344 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 13:07:59.0297 3344 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 13:07:59.0648 3344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 13:08:00.0018 3344 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 13:08:00.0589 3344 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 13:08:01.0010 3344 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 13:08:01.0610 3344 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/24 13:08:02.0011 3344 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 13:08:02.0572 3344 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/24 13:08:02.0972 3344 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 13:08:03.0543 3344 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 13:08:03.0904 3344 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 13:08:04.0475 3344 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 13:08:04.0965 3344 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 13:08:06.0007 3344 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 13:08:06.0598 3344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 13:08:07.0008 3344 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 13:08:07.0589 3344 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/24 13:08:07.0960 3344 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 13:08:08.0560 3344 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 13:08:08.0931 3344 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 13:08:09.0832 3344 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 13:08:10.0393 3344 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 13:08:11.0094 3344 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 13:08:11.0645 3344 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 13:08:12.0015 3344 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 13:08:12.0406 3344 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 13:08:12.0927 3344 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 13:08:13.0337 3344 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/24 13:08:14.0359 3344 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/24 13:08:15.0310 3344 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 13:08:15.0821 3344 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 13:08:16.0392 3344 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 13:08:16.0742 3344 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 13:08:17.0373 3344 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 13:08:17.0774 3344 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 13:08:18.0304 3344 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 13:08:18.0785 3344 NetBT (f87cb6cdd1195466bd9958d367941f57) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 13:08:18.0895 3344 NetBT - detected Rootkit.Win32.ZAccess.c (0)
2011/08/24 13:08:19.0536 3344 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 13:08:19.0967 3344 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 13:08:20.0448 3344 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/24 13:08:21.0028 3344 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 13:08:21.0769 3344 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/24 13:08:22.0180 3344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 13:08:22.0661 3344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 13:08:23.0041 3344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 13:08:23.0572 3344 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/24 13:08:23.0983 3344 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/24 13:08:24.0543 3344 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/24 13:08:24.0914 3344 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 13:08:25.0375 3344 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/24 13:08:25.0865 3344 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 13:08:26.0246 3344 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 13:08:26.0707 3344 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 13:08:27.0097 3344 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 13:08:27.0998 3344 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 13:08:28.0519 3344 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/24 13:08:31.0293 3344 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 13:08:31.0874 3344 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 13:08:32.0285 3344 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/24 13:08:32.0956 3344 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/24 13:08:33.0426 3344 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/24 13:08:34.0007 3344 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/24 13:08:34.0468 3344 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/24 13:08:35.0029 3344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 13:08:37.0382 3344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 13:08:37.0913 3344 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/24 13:08:38.0333 3344 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 13:08:38.0954 3344 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 13:08:39.0315 3344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 13:08:39.0875 3344 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 13:08:40.0266 3344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 13:08:40.0817 3344 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 13:08:41.0308 3344 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 13:08:41.0908 3344 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/24 13:08:42.0309 3344 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 13:08:42.0990 3344 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/24 13:08:43.0471 3344 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 13:08:43.0901 3344 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 13:08:44.0492 3344 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 13:08:44.0853 3344 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 13:08:45.0814 3344 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/24 13:08:46.0385 3344 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/24 13:08:46.0886 3344 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/24 13:08:47.0506 3344 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 13:08:47.0867 3344 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/24 13:08:48.0518 3344 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/24 13:08:49.0059 3344 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/24 13:08:49.0640 3344 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/24 13:08:50.0521 3344 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 13:08:50.0951 3344 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 13:08:51.0592 3344 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 13:08:52.0153 3344 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 13:08:52.0484 3344 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 13:08:54.0597 3344 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 13:08:55.0268 3344 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 13:08:55.0608 3344 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 13:08:56.0159 3344 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 13:08:56.0539 3344 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 13:08:57.0541 3344 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 13:08:58.0492 3344 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 13:08:59.0203 3344 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 13:08:59.0594 3344 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/24 13:09:00.0165 3344 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 13:09:00.0545 3344 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 13:09:01.0346 3344 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 13:09:01.0827 3344 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 13:09:02.0678 3344 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 13:09:03.0359 3344 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/08/24 13:09:03.0770 3344 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR2
2011/08/24 13:09:03.0850 3344 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/24 13:09:03.0940 3344 Boot (0x1200) (2d8b0cab5538c7d9a6e90f9a5bddf086) \Device\Harddisk1\DR2\Partition0
2011/08/24 13:09:04.0000 3344 ================================================================================
2011/08/24 13:09:04.0000 3344 Scan finished
2011/08/24 13:09:04.0000 3344 ================================================================================
2011/08/24 13:09:04.0090 3028 Detected object count: 1
2011/08/24 13:09:04.0090 3028 Actual detected object count: 1
2011/08/24 13:09:10.0500 3028 NetBT (f87cb6cdd1195466bd9958d367941f57) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 13:09:10.0530 3028 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
2011/08/24 13:09:12.0412 3028 Backup copy found, using it..
2011/08/24 13:09:12.0522 3028 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/08/24 13:09:12.0522 3028 Rootkit.Win32.ZAccess.c(NetBT) - User select action: Cure

Hoi,

Laat TDSSkiller nu nogmaals scannen en plaats dit logje samen met een nieuw logje van aswMBR in het volgende bericht.

2011/08/24 14:52:58.0867 2612 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 14:52:59.0067 2612 ================================================================================
2011/08/24 14:52:59.0067 2612 SystemInfo:
2011/08/24 14:52:59.0067 2612
2011/08/24 14:52:59.0067 2612 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/24 14:52:59.0067 2612 Product type: Workstation
2011/08/24 14:52:59.0067 2612 ComputerName: MEDION
2011/08/24 14:52:59.0067 2612 UserName: Administrator
2011/08/24 14:52:59.0067 2612 Windows directory: C:\WINDOWS
2011/08/24 14:52:59.0067 2612 System windows directory: C:\WINDOWS
2011/08/24 14:52:59.0067 2612 Processor architecture: Intel x86
2011/08/24 14:52:59.0067 2612 Number of processors: 1
2011/08/24 14:52:59.0067 2612 Page size: 0x1000
2011/08/24 14:52:59.0067 2612 Boot type: Normal boot
2011/08/24 14:52:59.0067 2612 ================================================================================
2011/08/24 14:53:01.0661 2612 Initialize success
2011/08/24 14:53:02.0912 2736 ================================================================================
2011/08/24 14:53:02.0922 2736 Scan started
2011/08/24 14:53:02.0922 2736 Mode: Manual;
2011/08/24 14:53:02.0922 2736 ================================================================================
2011/08/24 14:53:05.0316 2736 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 14:53:05.0606 2736 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/24 14:53:06.0107 2736 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 14:53:06.0508 2736 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 14:53:08.0150 2736 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 14:53:09.0101 2736 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 14:53:09.0412 2736 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 14:53:09.0912 2736 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 14:53:10.0173 2736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 14:53:10.0433 2736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 14:53:10.0834 2736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 14:53:11.0264 2736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 14:53:11.0575 2736 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 14:53:11.0945 2736 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 14:53:12.0506 2736 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/24 14:53:12.0957 2736 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/24 14:53:14.0119 2736 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 14:53:14.0609 2736 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 14:53:15.0210 2736 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 14:53:15.0480 2736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 14:53:15.0831 2736 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 14:53:16.0332 2736 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 14:53:16.0682 2736 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 14:53:16.0943 2736 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 14:53:17.0253 2736 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 14:53:17.0553 2736 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 14:53:17.0844 2736 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 14:53:18.0214 2736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 14:53:18.0435 2736 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 14:53:18.0725 2736 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 14:53:19.0226 2736 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 14:53:19.0737 2736 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 14:53:20.0518 2736 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 14:53:20.0818 2736 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 14:53:21.0579 2736 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 14:53:21.0830 2736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 14:53:22.0150 2736 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 14:53:22.0420 2736 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 14:53:22.0741 2736 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 14:53:23.0121 2736 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/24 14:53:23.0422 2736 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 14:53:23.0672 2736 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/24 14:53:23.0973 2736 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 14:53:24.0233 2736 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 14:53:24.0533 2736 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 14:53:24.0834 2736 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 14:53:25.0234 2736 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 14:53:25.0845 2736 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 14:53:26.0086 2736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 14:53:26.0386 2736 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 14:53:26.0637 2736 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/24 14:53:26.0957 2736 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 14:53:27.0207 2736 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 14:53:27.0508 2736 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 14:53:27.0978 2736 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 14:53:28.0419 2736 MRxSmb (3215cc47c7c287b5109893aa0cae48bf) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 14:53:28.0429 2736 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 3215cc47c7c287b5109893aa0cae48bf, Fake md5: 1fd607fc67f7f7c633c3da65bfc53d18
2011/08/24 14:53:28.0489 2736 MRxSmb - detected Rootkit.Win32.ZAccess.c (0)
2011/08/24 14:53:28.0760 2736 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 14:53:29.0030 2736 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 14:53:29.0290 2736 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 14:53:29.0511 2736 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 14:53:29.0781 2736 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 14:53:30.0101 2736 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/24 14:53:30.0802 2736 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/24 14:53:31.0694 2736 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 14:53:32.0084 2736 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 14:53:32.0445 2736 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 14:53:32.0715 2736 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 14:53:33.0026 2736 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 14:53:33.0286 2736 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 14:53:33.0597 2736 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 14:53:33.0857 2736 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 14:53:34.0328 2736 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 14:53:34.0718 2736 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 14:53:34.0989 2736 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/24 14:53:35.0539 2736 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 14:53:36.0130 2736 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/24 14:53:36.0431 2736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 14:53:36.0681 2736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 14:53:36.0931 2736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 14:53:37.0212 2736 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/24 14:53:37.0462 2736 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/24 14:53:37.0722 2736 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/24 14:53:37.0983 2736 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 14:53:38.0343 2736 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/24 14:53:38.0584 2736 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 14:53:38.0894 2736 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 14:53:39.0114 2736 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 14:53:39.0335 2736 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 14:53:39.0835 2736 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 14:53:40.0136 2736 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/24 14:53:41.0888 2736 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 14:53:42.0209 2736 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 14:53:42.0519 2736 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/24 14:53:42.0840 2736 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/24 14:53:43.0200 2736 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/24 14:53:43.0571 2736 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/24 14:53:43.0941 2736 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/24 14:53:44.0342 2736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 14:53:45.0654 2736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 14:53:45.0944 2736 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/24 14:53:46.0275 2736 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 14:53:46.0595 2736 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 14:53:46.0886 2736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 14:53:47.0166 2736 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 14:53:47.0517 2736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 14:53:47.0857 2736 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 14:53:48.0238 2736 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 14:53:48.0618 2736 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/24 14:53:48.0848 2736 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 14:53:49.0389 2736 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/24 14:53:49.0800 2736 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 14:53:50.0100 2736 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 14:53:50.0411 2736 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 14:53:50.0691 2736 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 14:53:51.0262 2736 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/24 14:53:51.0602 2736 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/24 14:53:52.0023 2736 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/24 14:53:52.0414 2736 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 14:53:52.0614 2736 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/24 14:53:53.0024 2736 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/24 14:53:53.0475 2736 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/24 14:53:53.0856 2736 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/24 14:53:54.0326 2736 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 14:53:54.0647 2736 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 14:53:55.0037 2736 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 14:53:55.0458 2736 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 14:53:55.0738 2736 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 14:53:56.0860 2736 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 14:53:57.0281 2736 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 14:53:57.0661 2736 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 14:53:57.0891 2736 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 14:53:58.0122 2736 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 14:53:58.0743 2736 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 14:53:59.0253 2736 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 14:53:59.0784 2736 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 14:54:00.0045 2736 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/24 14:54:00.0325 2736 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 14:54:00.0615 2736 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 14:54:01.0066 2736 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 14:54:01.0457 2736 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 14:54:01.0937 2736 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 14:54:02.0568 2736 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/08/24 14:54:02.0919 2736 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/24 14:54:02.0979 2736 ================================================================================
2011/08/24 14:54:02.0979 2736 Scan finished
2011/08/24 14:54:02.0979 2736 ================================================================================
2011/08/24 14:54:03.0069 2692 Detected object count: 1
2011/08/24 14:54:03.0069 2692 Actual detected object count: 1
2011/08/24 14:55:55.0400 2692 MRxSmb (3215cc47c7c287b5109893aa0cae48bf) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 14:55:55.0410 2692 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 3215cc47c7c287b5109893aa0cae48bf, Fake md5: 1fd607fc67f7f7c633c3da65bfc53d18
2011/08/24 14:55:58.0735 2692 Backup copy found, using it..
2011/08/24 14:55:59.0026 2692 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured after reboot
2011/08/24 14:55:59.0026 2692 Rootkit.Win32.ZAccess.c(MRxSmb) - User select action: Cure


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 15:10:26
-----------------------------
15:10:26.071 OS Version: Windows 5.1.2600 Service Pack 2
15:10:26.071 Number of processors: 1 586 0x80A
15:10:26.071 ComputerName: MEDION UserName:
15:10:27.613 Initialize success
15:10:34.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:10:34.332 Disk 0 Vendor: HITACHI_DK23CA-20 00H1A0A3 Size: 19077MB BusType: 3
15:10:34.353 Disk 0 MBR read successfully
15:10:34.363 Disk 0 MBR scan
15:10:34.363 Disk 0 Windows XP default MBR code
15:10:34.373 Disk 0 scanning sectors +39054015
15:10:34.533 Disk 0 scanning C:\WINDOWS\system32\drivers
15:10:38.518 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
15:10:50.556 Service scanning
15:10:52.729 Modules scanning
15:10:59.839 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
15:11:04.656 Disk 0 trace - called modules:
15:11:04.666 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf112d134]<<
15:11:04.676 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82383030]
15:11:05.037 3 CLASSPNP.SYS[f85a305b] -> nt!IofCallDriver -> [0x82129900]
15:11:05.047 \Driver\Disk[0x82098ae8] -> IRP_MJ_CREATE -> 0xf112d134
15:11:05.057 Scan finished successfully
15:11:33.097 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat"
15:11:33.107 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR2.txt"

Hoi,

Start aswMBR.exe opnieuw.

• Klik bij het volgende venster op "Nee"
• Klik op de knop "scan"
• 
• Klik nu op de knop "Fix" of "FixMBR"
• 
• Herstart hierna de computer en laat aswMBR nogmaals scannen en plaats hiervan het nieuwe logje.

Plaats dit logje samen met een nieuw logje van TDSSkiller in het volgende bericht.

Doe ik het eigenijk wel goed die bestanden zien er elke keer hetzelfde uit.

2011/08/24 15:55:36.0760 2256 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 15:55:36.0900 2256 ================================================================================
2011/08/24 15:55:36.0900 2256 SystemInfo:
2011/08/24 15:55:36.0900 2256
2011/08/24 15:55:36.0900 2256 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/24 15:55:36.0900 2256 Product type: Workstation
2011/08/24 15:55:36.0900 2256 ComputerName: MEDION
2011/08/24 15:55:36.0900 2256 UserName: Administrator
2011/08/24 15:55:36.0900 2256 Windows directory: C:\WINDOWS
2011/08/24 15:55:36.0900 2256 System windows directory: C:\WINDOWS
2011/08/24 15:55:36.0900 2256 Processor architecture: Intel x86
2011/08/24 15:55:36.0900 2256 Number of processors: 1
2011/08/24 15:55:36.0900 2256 Page size: 0x1000
2011/08/24 15:55:36.0900 2256 Boot type: Normal boot
2011/08/24 15:55:36.0900 2256 ================================================================================
2011/08/24 15:55:40.0345 2256 Initialize success
2011/08/24 15:55:48.0006 2752 ================================================================================
2011/08/24 15:55:48.0006 2752 Scan started
2011/08/24 15:55:48.0006 2752 Mode: Manual;
2011/08/24 15:55:48.0006 2752 ================================================================================
2011/08/24 15:55:51.0101 2752 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 15:55:51.0451 2752 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/24 15:55:52.0402 2752 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 15:55:52.0943 2752 AFD (d8ec7cf3fb23a608d9130f33d8371c8c) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 15:55:52.0953 2752 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d8ec7cf3fb23a608d9130f33d8371c8c, Fake md5: 5ac495f4cb807b2b98ad2ad591e6d92e
2011/08/24 15:55:53.0013 2752 AFD - detected Rootkit.Win32.ZAccess.c (0)
2011/08/24 15:55:55.0076 2752 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 15:55:56.0478 2752 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 15:55:56.0829 2752 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 15:55:57.0480 2752 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 15:55:57.0850 2752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 15:55:58.0351 2752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 15:55:59.0062 2752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 15:55:59.0793 2752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 15:56:00.0334 2752 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 15:56:00.0754 2752 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 15:56:01.0686 2752 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/24 15:56:02.0397 2752 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/24 15:56:03.0919 2752 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 15:56:04.0740 2752 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 15:56:05.0531 2752 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 15:56:05.0942 2752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 15:56:06.0403 2752 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 15:56:07.0144 2752 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 15:56:07.0915 2752 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 15:56:08.0265 2752 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 15:56:08.0836 2752 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 15:56:09.0076 2752 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 15:56:09.0637 2752 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 15:56:09.0968 2752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 15:56:10.0278 2752 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 15:56:10.0829 2752 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 15:56:11.0390 2752 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 15:56:12.0221 2752 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 15:56:13.0333 2752 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 15:56:13.0893 2752 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 15:56:14.0985 2752 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 15:56:15.0385 2752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 15:56:15.0876 2752 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 15:56:16.0327 2752 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 15:56:16.0848 2752 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 15:56:17.0228 2752 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/24 15:56:17.0669 2752 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 15:56:18.0190 2752 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/24 15:56:18.0610 2752 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 15:56:19.0091 2752 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 15:56:19.0471 2752 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 15:56:19.0942 2752 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 15:56:20.0343 2752 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 15:56:21.0314 2752 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 15:56:21.0715 2752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 15:56:22.0225 2752 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 15:56:22.0576 2752 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/24 15:56:23.0077 2752 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 15:56:23.0467 2752 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 15:56:23.0818 2752 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 15:56:24.0559 2752 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 15:56:25.0290 2752 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 15:56:25.0831 2752 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 15:56:26.0271 2752 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 15:56:26.0582 2752 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 15:56:26.0812 2752 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 15:56:27.0202 2752 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 15:56:27.0924 2752 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/24 15:56:29.0005 2752 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/24 15:56:30.0047 2752 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 15:56:30.0627 2752 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 15:56:30.0968 2752 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 15:56:31.0509 2752 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 15:56:31.0889 2752 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 15:56:32.0370 2752 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 15:56:32.0760 2752 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 15:56:33.0211 2752 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 15:56:33.0812 2752 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 15:56:34.0273 2752 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 15:56:34.0763 2752 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/24 15:56:35.0334 2752 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 15:56:36.0205 2752 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/24 15:56:36.0766 2752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 15:56:37.0097 2752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 15:56:37.0477 2752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 15:56:38.0048 2752 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/24 15:56:38.0509 2752 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/24 15:56:39.0050 2752 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/24 15:56:39.0510 2752 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 15:56:40.0061 2752 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/24 15:56:40.0462 2752 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 15:56:40.0992 2752 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 15:56:41.0253 2752 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 15:56:41.0543 2752 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 15:56:42.0324 2752 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 15:56:42.0875 2752 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/24 15:56:45.0288 2752 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 15:56:45.0699 2752 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 15:56:46.0320 2752 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/24 15:56:46.0761 2752 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/24 15:56:47.0381 2752 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/24 15:56:47.0812 2752 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/24 15:56:48.0393 2752 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/24 15:56:48.0864 2752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 15:56:50.0706 2752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 15:56:51.0197 2752 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/24 15:56:51.0568 2752 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 15:56:51.0978 2752 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 15:56:52.0379 2752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 15:56:52.0779 2752 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 15:56:53.0190 2752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 15:56:53.0681 2752 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 15:56:54.0201 2752 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 15:56:54.0742 2752 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/24 15:56:55.0022 2752 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 15:56:55.0864 2752 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/24 15:56:56.0485 2752 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 15:56:56.0915 2752 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 15:56:57.0256 2752 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 15:56:57.0726 2752 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 15:56:58.0548 2752 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/24 15:56:59.0008 2752 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/24 15:56:59.0609 2752 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/24 15:57:00.0110 2752 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 15:57:00.0480 2752 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/24 15:57:01.0091 2752 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/24 15:57:01.0562 2752 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/24 15:57:02.0153 2752 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/24 15:57:02.0844 2752 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 15:57:03.0304 2752 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 15:57:03.0945 2752 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 15:57:04.0466 2752 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 15:57:04.0927 2752 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 15:57:06.0579 2752 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 15:57:07.0410 2752 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 15:57:08.0051 2752 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 15:57:08.0442 2752 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 15:57:08.0812 2752 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 15:57:09.0644 2752 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 15:57:10.0545 2752 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 15:57:10.0925 2752 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 15:57:11.0386 2752 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/24 15:57:11.0706 2752 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 15:57:12.0097 2752 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 15:57:12.0928 2752 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 15:57:13.0539 2752 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 15:57:14.0110 2752 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 15:57:15.0081 2752 MBR (0x1B8) (4ccb74c282d395db6e40adbf52abfbb6) \Device\Harddisk0\DR0
2011/08/24 15:57:16.0884 2752 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/24 15:57:16.0964 2752 ================================================================================
2011/08/24 15:57:16.0964 2752 Scan finished
2011/08/24 15:57:16.0964 2752 ================================================================================
2011/08/24 15:57:17.0104 2744 Detected object count: 1
2011/08/24 15:57:17.0104 2744 Actual detected object count: 1
2011/08/24 15:57:23.0844 2744 AFD (d8ec7cf3fb23a608d9130f33d8371c8c) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 15:57:23.0844 2744 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d8ec7cf3fb23a608d9130f33d8371c8c, Fake md5: 5ac495f4cb807b2b98ad2ad591e6d92e
2011/08/24 15:57:30.0483 2744 Backup copy found, using it..
2011/08/24 15:57:30.0794 2744 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/08/24 15:57:30.0794 2744 Rootkit.Win32.ZAccess.c(AFD) - User select action: Cure


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 15:57:52
-----------------------------
15:57:52.505 OS Version: Windows 5.1.2600 Service Pack 2
15:57:52.505 Number of processors: 1 586 0x80A
15:57:52.515 ComputerName: MEDION UserName:
15:57:53.937 Initialize success
15:58:03.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:58:03.221 Disk 0 Vendor: HITACHI_DK23CA-20 00H1A0A3 Size: 19077MB BusType: 3
15:58:05.273 Disk 0 MBR read successfully
15:58:05.273 Disk 0 MBR scan
15:58:05.273 Disk 0 Windows XP default MBR code
15:58:05.334 Disk 0 scanning sectors +39054015
15:58:05.454 Disk 0 scanning C:\WINDOWS\system32\drivers
15:58:09.460 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
15:58:25.122 Service scanning
15:58:26.744 Service AFD C:\WINDOWS\system32\drivers\tsk4.tmp **LOCKED** 32
15:58:28.347 Modules scanning
15:58:37.770 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
15:58:46.573 Disk 0 trace - called modules:
15:58:46.603 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81e29508]<<
15:58:46.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236aab8]
15:58:47.004 Scan finished successfully
15:58:53.994 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat"
15:58:53.994 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR3.txt"

Hoi,

R&B schreef:Doe ik het eigenijk wel goed die bestanden zien er elke keer hetzelfde uit.

Ja hoor je doet het goed alleen is dit een behoorlijk hardnekkige rootkit.

Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


File::
C:\WINDOWS\system32\drivers\afd.sys
C:\WINDOWS\system32\drivers\tsk4.tmp

Rootkit::
C:\WINDOWS\system32\drivers\afd.sys
C:\WINDOWS\system32\drivers\tsk4.tmp


Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Dit ging niet goed ik kreeg nu zelfs een blauw scherm nadat ComboFix dit liet zien.

2011/08/24 16:38:23.0649 1692 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 16:38:23.0970 1692 ================================================================================
2011/08/24 16:38:23.0970 1692 SystemInfo:
2011/08/24 16:38:23.0970 1692
2011/08/24 16:38:23.0970 1692 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/24 16:38:23.0970 1692 Product type: Workstation
2011/08/24 16:38:23.0970 1692 ComputerName: MEDION
2011/08/24 16:38:23.0980 1692 UserName: Administrator
2011/08/24 16:38:23.0980 1692 Windows directory: C:\WINDOWS
2011/08/24 16:38:23.0980 1692 System windows directory: C:\WINDOWS
2011/08/24 16:38:23.0980 1692 Processor architecture: Intel x86
2011/08/24 16:38:23.0980 1692 Number of processors: 1
2011/08/24 16:38:23.0980 1692 Page size: 0x1000
2011/08/24 16:38:23.0980 1692 Boot type: Normal boot
2011/08/24 16:38:23.0980 1692 ================================================================================
2011/08/24 16:38:27.0445 1692 Initialize success
2011/08/24 16:38:29.0367 0232 ================================================================================
2011/08/24 16:38:29.0367 0232 Scan started
2011/08/24 16:38:29.0367 0232 Mode: Manual;
2011/08/24 16:38:29.0367 0232 ================================================================================
2011/08/24 16:38:32.0101 0232 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 16:38:32.0532 0232 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/24 16:38:33.0013 0232 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 16:38:33.0914 0232 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 16:38:36.0177 0232 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 16:38:37.0329 0232 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 16:38:37.0639 0232 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 16:38:38.0180 0232 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 16:38:38.0601 0232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 16:38:38.0911 0232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 16:38:39.0392 0232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 16:38:39.0893 0232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 16:38:40.0363 0232 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 16:38:40.0614 0232 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 16:38:41.0255 0232 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/24 16:38:41.0855 0232 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/24 16:38:43.0027 0232 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 16:38:43.0628 0232 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 16:38:44.0209 0232 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 16:38:44.0479 0232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 16:38:44.0800 0232 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 16:38:45.0370 0232 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 16:38:45.0721 0232 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 16:38:45.0971 0232 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 16:38:46.0232 0232 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 16:38:46.0522 0232 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 16:38:46.0773 0232 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 16:38:47.0754 0232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 16:38:48.0445 0232 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 16:38:48.0785 0232 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 16:38:49.0286 0232 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 16:38:50.0137 0232 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 16:38:51.0189 0232 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 16:38:51.0589 0232 Imapi (29be253ebada58ff1d5b11c29c56d3ee) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 16:38:51.0589 0232 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 29be253ebada58ff1d5b11c29c56d3ee, Fake md5: f8aa320c6a0409c0380e5d8a99d76ec6
2011/08/24 16:38:51.0660 0232 Imapi - detected Rootkit.Win32.ZAccess.c (0)
2011/08/24 16:38:52.0481 0232 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 16:38:52.0841 0232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 16:38:53.0272 0232 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 16:38:53.0652 0232 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 16:38:54.0003 0232 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 16:38:54.0393 0232 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/24 16:38:54.0664 0232 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 16:38:54.0924 0232 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/24 16:38:55.0385 0232 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 16:38:55.0645 0232 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 16:38:56.0046 0232 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 16:38:56.0376 0232 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 16:38:57.0067 0232 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 16:38:58.0149 0232 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 16:38:58.0750 0232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 16:38:59.0170 0232 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 16:38:59.0521 0232 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/24 16:38:59.0871 0232 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 16:39:00.0122 0232 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 16:39:00.0542 0232 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 16:39:01.0143 0232 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 16:39:01.0694 0232 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 16:39:02.0155 0232 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 16:39:02.0575 0232 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 16:39:02.0886 0232 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 16:39:03.0116 0232 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 16:39:03.0587 0232 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 16:39:04.0418 0232 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/24 16:39:05.0309 0232 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/24 16:39:06.0281 0232 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 16:39:06.0781 0232 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 16:39:07.0322 0232 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 16:39:07.0612 0232 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 16:39:08.0023 0232 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 16:39:08.0484 0232 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 16:39:08.0804 0232 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 16:39:09.0205 0232 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 16:39:09.0836 0232 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 16:39:10.0406 0232 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 16:39:10.0747 0232 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/24 16:39:11.0428 0232 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 16:39:12.0049 0232 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/24 16:39:12.0429 0232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 16:39:12.0710 0232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 16:39:13.0060 0232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 16:39:13.0381 0232 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/24 16:39:13.0771 0232 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/24 16:39:14.0152 0232 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/24 16:39:14.0542 0232 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 16:39:14.0953 0232 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/24 16:39:15.0203 0232 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 16:39:15.0654 0232 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 16:39:16.0335 0232 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 16:39:16.0746 0232 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 16:39:17.0346 0232 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 16:39:17.0647 0232 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/24 16:39:19.0760 0232 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 16:39:20.0221 0232 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 16:39:20.0741 0232 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/24 16:39:21.0172 0232 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/24 16:39:21.0623 0232 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/24 16:39:21.0993 0232 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/24 16:39:22.0494 0232 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/24 16:39:22.0824 0232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 16:39:24.0306 0232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 16:39:24.0687 0232 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/24 16:39:25.0108 0232 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 16:39:25.0458 0232 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 16:39:25.0759 0232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 16:39:26.0079 0232 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 16:39:26.0510 0232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 16:39:26.0950 0232 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 16:39:27.0481 0232 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 16:39:27.0962 0232 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/24 16:39:28.0292 0232 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 16:39:28.0873 0232 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/24 16:39:29.0344 0232 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 16:39:29.0844 0232 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 16:39:30.0205 0232 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 16:39:30.0646 0232 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 16:39:31.0407 0232 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/24 16:39:31.0837 0232 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/24 16:39:32.0308 0232 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/24 16:39:32.0789 0232 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 16:39:33.0189 0232 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/24 16:39:34.0040 0232 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/24 16:39:34.0611 0232 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/24 16:39:35.0032 0232 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/24 16:39:35.0623 0232 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 16:39:36.0043 0232 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 16:39:36.0544 0232 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 16:39:37.0095 0232 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 16:39:37.0505 0232 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 16:39:38.0867 0232 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 16:39:39.0458 0232 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 16:39:39.0899 0232 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 16:39:40.0239 0232 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 16:39:40.0530 0232 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 16:39:41.0361 0232 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 16:39:42.0032 0232 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 16:39:42.0483 0232 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 16:39:42.0793 0232 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/24 16:39:43.0164 0232 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 16:39:43.0544 0232 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 16:39:44.0155 0232 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 16:39:44.0696 0232 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 16:39:45.0337 0232 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 16:39:46.0198 0232 MBR (0x1B8) (4ccb74c282d395db6e40adbf52abfbb6) \Device\Harddisk0\DR0
2011/08/24 16:39:47.0670 0232 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/24 16:39:47.0710 0232 ================================================================================
2011/08/24 16:39:47.0710 0232 Scan finished
2011/08/24 16:39:47.0710 0232 ================================================================================
2011/08/24 16:39:47.0820 0632 Detected object count: 1
2011/08/24 16:39:47.0820 0632 Actual detected object count: 1
2011/08/24 16:39:52.0327 0632 Imapi (29be253ebada58ff1d5b11c29c56d3ee) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 16:39:52.0327 0632 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 29be253ebada58ff1d5b11c29c56d3ee, Fake md5: f8aa320c6a0409c0380e5d8a99d76ec6
2011/08/24 16:40:30.0912 0632 Backup copy found, using it..
2011/08/24 16:40:31.0052 0632 C:\WINDOWS\system32\DRIVERS\imapi.sys - will be cured after reboot
2011/08/24 16:40:31.0052 0632 Rootkit.Win32.ZAccess.c(Imapi) - User select action: Cure

Hoi,

Voer nu de volgende fix eens uit.

1. Als Combofix de "recovery console" heeft geïnstalleerd krijgt u tijdens het opstarten kort een keuzescherm "bootscreen" te zien.
2. Log hierna in op de Windows installatie, geef het cijfer op van de Windows installatie gevolgd door enter.
Hierna zal er om het "administrator" password gevraagd worden, heeft u geen password dan drukt u hier op enter.
3. Geef het commando "fixmbr" op achter de commandprompt, zoals op de onderstaande afbeelding.
4. Als er gevraagd wordt om de MBR te overschrijven bevestigd u dit met "J" (Ja) of "Y" (Yes).
5. Type hierna "exit" de computer zal nu opnieuw opstarten.

Laat nu nogmaals TDSSkiller en aswMBR scannen en plaats hiervan de logjes in het volgende bericht.

Wat je me allemaal op deze computer laat doen is me een raadsel maar het lijkt wel te werken.

2011/08/24 17:31:05.0883 3656 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 17:31:06.0985 3656 ================================================================================
2011/08/24 17:31:06.0985 3656 SystemInfo:
2011/08/24 17:31:06.0985 3656
2011/08/24 17:31:06.0985 3656 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/24 17:31:06.0985 3656 Product type: Workstation
2011/08/24 17:31:06.0985 3656 ComputerName: MEDION
2011/08/24 17:31:06.0985 3656 UserName: Administrator
2011/08/24 17:31:06.0985 3656 Windows directory: C:\WINDOWS
2011/08/24 17:31:06.0985 3656 System windows directory: C:\WINDOWS
2011/08/24 17:31:06.0985 3656 Processor architecture: Intel x86
2011/08/24 17:31:06.0985 3656 Number of processors: 1
2011/08/24 17:31:06.0985 3656 Page size: 0x1000
2011/08/24 17:31:06.0985 3656 Boot type: Normal boot
2011/08/24 17:31:06.0985 3656 ================================================================================
2011/08/24 17:31:09.0358 3656 Initialize success
2011/08/24 17:31:10.0920 2584 ================================================================================
2011/08/24 17:31:10.0920 2584 Scan started
2011/08/24 17:31:10.0920 2584 Mode: Manual;
2011/08/24 17:31:10.0920 2584 ================================================================================
2011/08/24 17:31:13.0935 2584 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 17:31:14.0335 2584 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/24 17:31:14.0856 2584 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 17:31:15.0167 2584 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 17:31:16.0569 2584 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 17:31:17.0500 2584 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 17:31:17.0800 2584 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 17:31:18.0211 2584 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 17:31:18.0511 2584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 17:31:18.0752 2584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 17:31:19.0152 2584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 17:31:19.0563 2584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 17:31:19.0823 2584 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 17:31:20.0104 2584 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 17:31:20.0554 2584 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/24 17:31:21.0105 2584 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/24 17:31:22.0097 2584 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 17:31:22.0627 2584 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 17:31:23.0008 2584 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 17:31:23.0238 2584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 17:31:23.0569 2584 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 17:31:24.0059 2584 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 17:31:24.0410 2584 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 17:31:24.0670 2584 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 17:31:25.0161 2584 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 17:31:25.0411 2584 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 17:31:25.0682 2584 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 17:31:25.0912 2584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 17:31:26.0202 2584 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 17:31:26.0463 2584 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 17:31:26.0843 2584 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 17:31:27.0384 2584 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 17:31:28.0135 2584 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 17:31:28.0416 2584 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 17:31:29.0177 2584 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 17:31:29.0407 2584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 17:31:29.0667 2584 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 17:31:29.0998 2584 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 17:31:30.0298 2584 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 17:31:30.0599 2584 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/08/24 17:31:30.0819 2584 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 17:31:31.0089 2584 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/08/24 17:31:31.0360 2584 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 17:31:31.0640 2584 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 17:31:31.0931 2584 kbdhid (6b97674104b15a2dd135f7b365223194) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 17:31:32.0201 2584 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 17:31:32.0562 2584 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 17:31:33.0152 2584 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 17:31:33.0463 2584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 17:31:33.0733 2584 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 17:31:34.0014 2584 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/24 17:31:34.0274 2584 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 17:31:34.0564 2584 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 17:31:34.0815 2584 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 17:31:35.0356 2584 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 17:31:35.0736 2584 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 17:31:36.0027 2584 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 17:31:36.0307 2584 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 17:31:36.0527 2584 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 17:31:36.0698 2584 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 17:31:36.0988 2584 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 17:31:37.0288 2584 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/08/24 17:31:38.0009 2584 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/08/24 17:31:38.0390 2584 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 17:31:38.0640 2584 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 17:31:38.0931 2584 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 17:31:39.0141 2584 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 17:31:39.0482 2584 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 17:31:39.0742 2584 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 17:31:40.0143 2584 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 17:31:40.0403 2584 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 17:31:40.0823 2584 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 17:31:41.0134 2584 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 17:31:41.0424 2584 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/24 17:31:41.0825 2584 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 17:31:42.0215 2584 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/08/24 17:31:42.0466 2584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 17:31:42.0776 2584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 17:31:42.0997 2584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 17:31:43.0247 2584 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/24 17:31:43.0557 2584 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/24 17:31:43.0808 2584 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/24 17:31:44.0038 2584 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 17:31:44.0339 2584 P3 (7eae4e5fbc4c9dc00268392a852ccef2) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/24 17:31:44.0589 2584 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 17:31:44.0879 2584 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 17:31:45.0120 2584 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 17:31:45.0420 2584 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 17:31:45.0831 2584 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 17:31:46.0291 2584 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/24 17:31:47.0954 2584 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 17:31:48.0264 2584 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 17:31:48.0545 2584 PSINAflt (1a8e10025be59e7f0a2981a52c483fcd) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/08/24 17:31:48.0755 2584 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/08/24 17:31:49.0145 2584 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/08/24 17:31:49.0416 2584 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/08/24 17:31:49.0756 2584 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/08/24 17:31:50.0007 2584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 17:31:51.0319 2584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 17:31:51.0599 2584 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/08/24 17:31:51.0809 2584 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 17:31:52.0120 2584 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 17:31:52.0360 2584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 17:31:52.0600 2584 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 17:31:52.0871 2584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 17:31:53.0181 2584 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 17:31:53.0542 2584 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 17:31:53.0822 2584 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/08/24 17:31:54.0083 2584 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 17:31:54.0493 2584 RT2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/08/24 17:31:54.0834 2584 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 17:31:55.0144 2584 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 17:31:55.0394 2584 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 17:31:55.0615 2584 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 17:31:56.0105 2584 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys
2011/08/24 17:31:56.0406 2584 SiS630 (63ebc436fdd82e174f193b08d385ed51) C:\WINDOWS\system32\DRIVERS\sis630p.sys
2011/08/24 17:31:56.0716 2584 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys
2011/08/24 17:31:57.0047 2584 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 17:31:57.0297 2584 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/08/24 17:31:57.0688 2584 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/08/24 17:31:57.0978 2584 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/08/24 17:31:58.0259 2584 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/08/24 17:31:58.0669 2584 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 17:31:59.0000 2584 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 17:31:59.0340 2584 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 17:31:59.0701 2584 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 17:32:00.0021 2584 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 17:32:01.0133 2584 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 17:32:01.0563 2584 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 17:32:01.0874 2584 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 17:32:02.0074 2584 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 17:32:02.0334 2584 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 17:32:02.0985 2584 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 17:32:03.0456 2584 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 17:32:03.0807 2584 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 17:32:04.0057 2584 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/24 17:32:04.0277 2584 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 17:32:04.0548 2584 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 17:32:05.0138 2584 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 17:32:05.0449 2584 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 17:32:05.0880 2584 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 17:32:06.0450 2584 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/24 17:32:06.0791 2584 Boot (0x1200) (cfe84dbdee26286ad1441e72625afaa4) \Device\Harddisk0\DR0\Partition0
2011/08/24 17:32:06.0851 2584 ================================================================================
2011/08/24 17:32:06.0851 2584 Scan finished
2011/08/24 17:32:06.0851 2584 ================================================================================
2011/08/24 17:32:06.0941 2564 Detected object count: 0
2011/08/24 17:32:06.0941 2564 Actual detected object count: 0


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 17:34:43
-----------------------------
17:34:43.606 OS Version: Windows 5.1.2600 Service Pack 2
17:34:43.606 Number of processors: 1 586 0x80A
17:34:43.616 ComputerName: MEDION UserName:
17:34:44.427 Initialize success
17:34:49.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:34:49.004 Disk 0 Vendor: HITACHI_DK23CA-20 00H1A0A3 Size: 19077MB BusType: 3
17:34:49.094 Disk 0 MBR read successfully
17:34:49.094 Disk 0 MBR scan
17:34:49.094 Disk 0 Windows XP default MBR code
17:34:49.244 Disk 0 scanning sectors +39054015
17:34:49.615 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:01.903 Service scanning
17:35:03.976 Modules scanning
17:35:19.077 Disk 0 trace - called modules:
17:35:19.097 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
17:35:19.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82379030]
17:35:19.107 3 CLASSPNP.SYS[f85a305b] -> nt!IofCallDriver -> \Device\00000077[0x82385638]
17:35:19.107 5 ACPI.sys[f84e2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823858e8]
17:35:19.468 Scan finished successfully
17:35:42.271 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat"
17:35:42.281 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR4.txt"

Hoi,

R&B schreef:Wat je me allemaal op deze computer laat doen is me een raadsel maar het lijkt wel te werken.

Met de laatste instructies is de MBR (Master Boot Record) van de harde schijf gefixt, hier nestelt zich de rootkit die we nu hebben kunnen verwijderen.
Voor meer info over rootkits kunt u dit artikel bekijken.

Start MalwareBytes' Anti-Malware (MBAM)

• Klik op het tabblad "Update" en vervolgens op "Controleer op updates"
  
  Bij problemen!!! (Lees de onderstaande instructies)
  • 1. Problemen bij het updaten van Malwarebytes' Anti-Malware
    2. Problemen bij het starten van Malwarebytes' Anti-Malware
  Klik op het tabblad "scanner"
• Kies de optie "snelle scan" en klik op "scannen"
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje van MBAM samen met een nieuw logje van de ING FCleaner.