Hallo,
recent door de ING op de hoogte gebracht dat internet bankieren niet meer mogelijk is vanwege een infectie op mijn computer. Draai zelf Microsoft Security Essentials en die heeft idd. recent een keer een Sinowal infectie gevonden (en verwijderd). Heb echter op aanraden van de ING een Fox-IT scan gedaan en die geeft aan dat er een Mebroot infectie is, die niet verwijderd kan worden door de tool...

De Malwarebyte scan geeft geen infecties aan, maar de FOX IT tool wel...Mijn probleem lijkt zeer op dat van Rianne (http://www.pcwebplus.nl/phpbb/viewtopic ... 206&t=5239" onclick="window.open(this.href);return false;), maar durf geen stappen te ondernemen zonder advies van de pro! Hierbij mijn logs, ik hoop dat iemand mij kan helpen...het wordt gewaardeerd!

------
Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: 7594

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28-8-2011 17:45:28
mbam-log-2011-08-28 (17-45-28).txt

Scantype: Snelle scan
Objecten gescand: 177495
Verstreken tijd: 8 minuut/minuten, 42 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)


-----------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:22, on 28-8-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 9\MMReminderService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivo Miltenburg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MMReminderService.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C" onclick="window.open(this.href);return false;:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab" onclick="window.open(this.href);return false;
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://sslvpn.waterwatch.nl/CACHE/stc/ ... vpnweb.cab" onclick="window.open(this.href);return false;
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3864359125" onclick="window.open(this.href);return false;
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} (CISCO Portforwarder Control) - https://sslvpn.waterwatch.nl/+CSCOL+/cscopf.cab" onclick="window.open(this.href);return false;
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11057 bytes

------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Ivo Miltenburg at 17:55:00 on 2011-08-28
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.140 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 9\MMReminderService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivo Miltenburg\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR" onclick="window.open(this.href);return false;
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR" onclick="window.open(this.href);return false;
uStart Page = hxxp://www.google.com/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 9\MMReminderService.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: waterwatch.nl
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab" onclick="window.open(this.href);return false;
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.waterwatch.nl/CACHE/stc/4/binaries/vpnweb.cab" onclick="window.open(this.href);return false;
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 3864359125" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://sslvpn.waterwatch.nl/+CSCOL+/cscopf.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B933BB8-CC3A-4E8A-AC80-EAF6118B8993} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ivo miltenburg\application data\mozilla\firefox\profiles\mxire063.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=" onclick="window.open(this.href);return false;
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\ivo miltenburg\application data\mozilla\firefox\profiles\mxire063.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\ivo miltenburg\application data\mozilla\firefox\profiles\mxire063.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.3.2427702\npmathplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-30 13496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl9f019373;MpKsl9f019373;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\MpKsl9f019373.sys [2011-8-28 28752]
R1 MpKslf2bdf574;MpKslf2bdf574;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\MpKslf2bdf574.sys [2011-8-28 28752]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-30 353168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-28 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-4-18 98816]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-3-29 370360]
R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-9-19 24448]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-28 22712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-9-21 7040]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 MpKsl381414d9;MpKsl381414d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{44672b28-1575-49f2-9fcb-ef5d334717a7}\mpksl381414d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{44672b28-1575-49f2-9fcb-ef5d334717a7}\MpKsl381414d9.sys [?]
S1 MpKsl5bcaaa4b;MpKsl5bcaaa4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{023f1b62-a5cf-4665-a279-09739b9f1a6a}\mpksl5bcaaa4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{023f1b62-a5cf-4665-a279-09739b9f1a6a}\MpKsl5bcaaa4b.sys [?]
S1 MpKsl5dba87eb;MpKsl5dba87eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\mpksl5dba87eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\MpKsl5dba87eb.sys [?]
S1 MpKsl8e169fac;MpKsl8e169fac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36c0a59d-242e-4ab9-a806-2a7ffb91cadc}\mpksl8e169fac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36c0a59d-242e-4ab9-a806-2a7ffb91cadc}\MpKsl8e169fac.sys [?]
S1 MpKsl9fdfdda9;MpKsl9fdfdda9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fdfe796e-573c-4efc-b245-735f56e015a4}\mpksl9fdfdda9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fdfe796e-573c-4efc-b245-735f56e015a4}\MpKsl9fdfdda9.sys [?]
S1 MpKslac420c2f;MpKslac420c2f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08f7c917-8ac6-42bf-a71a-53ec1a880391}\mpkslac420c2f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08f7c917-8ac6-42bf-a71a-53ec1a880391}\MpKslac420c2f.sys [?]
S1 MpKslb78acd1b;MpKslb78acd1b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{910a9928-277c-4ddd-a0b7-9cee32d29206}\mpkslb78acd1b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{910a9928-277c-4ddd-a0b7-9cee32d29206}\MpKslb78acd1b.sys [?]
S1 MpKslf22c1069;MpKslf22c1069;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1dcd380-242a-411e-a57c-83f92d4fe306}\mpkslf22c1069.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1dcd380-242a-411e-a57c-83f92d4fe306}\MpKslf22c1069.sys [?]
S1 MpKslf388e959;MpKslf388e959;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81757fee-96a0-4736-97ef-b9a11b18b317}\mpkslf388e959.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81757fee-96a0-4736-97ef-b9a11b18b317}\MpKslf388e959.sys [?]
S1 MpKslfdb61e2c;MpKslfdb61e2c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e005ab1-0b71-4653-bcbe-617d1c1a7f13}\mpkslfdb61e2c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e005ab1-0b71-4653-bcbe-617d1c1a7f13}\MpKslfdb61e2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-7 1691480]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-6-25 66112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-6-25 180672]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-9-21 14336]
.
=============== Created Last 30 ================
.
2011-08-28 15:34:38 -------- d-----w- c:\documents and settings\ivo miltenburg\application data\Malwarebytes
2011-08-28 15:34:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 15:34:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-28 15:34:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 15:34:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-28 14:47:03 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\MpKslf2bdf574.sys
2011-08-28 14:13:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\MpKsl9f019373.sys
2011-08-28 09:48:48 -------- d-----w- c:\documents and settings\ivo miltenburg\local settings\application data\Solid State Networks
2011-08-28 08:17:24 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820d3310-1f36-4f43-84d4-e3186ccdb692}\mpengine.dll
2011-08-12 13:26:32 -------- d-----w- c:\documents and settings\ivo miltenburg\local settings\application data\MathematicaPlayer
2011-08-12 13:26:32 -------- d-----w- c:\documents and settings\ivo miltenburg\application data\MathematicaPlayer
2011-08-12 13:26:32 -------- d-----w- c:\documents and settings\all users\application data\MathematicaPlayer
2011-08-12 08:09:05 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-08-11 20:06:32 -------- d-----w- c:\program files\common files\Wolfram Research
2011-08-11 20:06:32 -------- d-----w- c:\program files\common files\ResearchSoft
2011-08-11 20:04:42 -------- d-----w- c:\program files\Wolfram Research
2011-08-10 17:51:32 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 17:50:46 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 17:11:13 -------- d-----w- c:\documents and settings\ivo miltenburg\local settings\application data\Mindjet
2011-08-09 17:09:30 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2011-08-09 17:09:28 258352 ----a-w- c:\windows\system32\unicows.dll
2011-08-09 17:08:32 -------- d-----w- c:\documents and settings\all users\application data\Mindjet
2011-08-09 17:07:18 -------- d-----w- c:\program files\Mindjet
2011-08-09 17:04:37 -------- d-----w- c:\documents and settings\ivo miltenburg\local settings\application data\{B466D993-193A-4641-BD61-AA0DBB63C1F1}
.
==================== Find3M ====================
.
2011-08-28 09:38:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 16:23:04 336400 ----a-w- c:\windows\system32\mltcpip32.mlp
2011-07-10 16:23:02 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2011-07-10 16:23:00 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2011-07-10 16:22:58 167952 ----a-w- c:\windows\system32\mlmodule32.dll
2011-07-10 16:22:56 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2011-07-10 16:22:54 369680 ----a-w- c:\windows\system32\ml32i3.dll
2011-07-10 16:22:52 260112 ----a-w- c:\windows\system32\ml32i2.dll
2011-07-10 16:22:50 253968 ----a-w- c:\windows\system32\ml32i1.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 16:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:55:47,15 ===============

Hoi en Welkom op het forum,

ief1000 schreef:Hierbij mijn logs, ik hoop dat iemand mij kan helpen...het wordt gewaardeerd!

We gaan even verder kijken met de volgende tools.

1. Download aswMBR.exe naar het bureaublad.

• Dubbelklik op "aswMBR.exe" om de tool te starten.
• Klik bij het volgende venster op "Nee"
• Klik op de knop "scan"
• 
• Als de scan gereed is klikt u op de knop "save log"
• 
• Plaats dit log bestand in het volgende bericht.

2. Download TDSSKiller en plaats het op je bureaublad.

• Pak de bestanden in tdsskiller.zip uit.
• Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
• Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
• Klik op de knop "Start Scan" en volg de instructies.
• Wanneer de scan klaar is klik je op de knop "Report".
• Er opent een kladblokbestand. Post de inhoud van dit bestand.

Plaats het logje van aswMBR en TDSSkiller in het volgende bericht.

Bedankt voor je reactie!

Ik heb de twee tools uitgevoerd. Eerst aswMBR.exe en vervolgens TDSSKiller. Bij de TDSSKiller werd Sinowal gedetecteerd, verwijderd en startte de computer opnieuw op.

Heb toen opnieuw aswMBR.exe en TDSSKiller gedraaid. Hieronder de logs:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-28 18:08:56
-----------------------------
18:08:56.671 OS Version: Windows 5.1.2600 Service Pack 3
18:08:56.671 Number of processors: 2 586 0xE08
18:08:56.671 ComputerName: IVO UserName:
18:08:59.218 Initialize success
18:09:04.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:09:04.859 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001M Size: 114473MB BusType: 3
18:09:06.937 Disk 0 MBR read successfully
18:09:06.953 Disk 0 MBR scan
18:09:06.953 Disk 0 Windows XP default MBR code
18:09:06.984 Disk 0 scanning sectors +234436545
18:09:07.046 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !
18:09:07.078 Disk 0 PE file @ sector 234436570 !
18:09:07.156 Disk 0 scanning C:\WINDOWS\system32\drivers
18:09:28.078 Service scanning
18:09:28.984 Service MpKsl29faf5f1 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl29faf5f1.sys **LOCKED** 32
18:09:29.921 Modules scanning
18:09:51.390 Disk 0 trace - called modules:
18:09:51.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:09:51.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f651f0]
18:09:51.484 3 CLASSPNP.SYS[f77ecfd7] -> nt!IofCallDriver -> \Device\0000008a[0x86f299e8]
18:09:51.500 5 ACPI.sys[f7743620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f89940]
18:09:51.531 Scan finished successfully
18:10:01.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\MBR.dat"
18:10:01.953 The log file has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\aswMBR.txt"

------

2011/08/28 18:10:24.0703 2884 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 18:10:24.0843 2884 ================================================================================
2011/08/28 18:10:24.0843 2884 SystemInfo:
2011/08/28 18:10:24.0843 2884
2011/08/28 18:10:24.0843 2884 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 18:10:24.0843 2884 Product type: Workstation
2011/08/28 18:10:24.0843 2884 ComputerName: IVO
2011/08/28 18:10:24.0843 2884 UserName: Ivo Miltenburg
2011/08/28 18:10:24.0843 2884 Windows directory: C:\WINDOWS
2011/08/28 18:10:24.0843 2884 System windows directory: C:\WINDOWS
2011/08/28 18:10:24.0843 2884 Processor architecture: Intel x86
2011/08/28 18:10:24.0843 2884 Number of processors: 2
2011/08/28 18:10:24.0843 2884 Page size: 0x1000
2011/08/28 18:10:24.0843 2884 Boot type: Normal boot
2011/08/28 18:10:24.0843 2884 ================================================================================
2011/08/28 18:10:28.0171 2884 Initialize success
2011/08/28 18:10:50.0343 2300 ================================================================================
2011/08/28 18:10:50.0343 2300 Scan started
2011/08/28 18:10:50.0343 2300 Mode: Manual;
2011/08/28 18:10:50.0343 2300 ================================================================================
2011/08/28 18:10:53.0890 2300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 18:10:53.0968 2300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/28 18:10:54.0281 2300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 18:10:54.0406 2300 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/28 18:10:54.0640 2300 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 18:10:54.0781 2300 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/28 18:10:55.0375 2300 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/28 18:10:55.0687 2300 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/28 18:10:55.0921 2300 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/28 18:10:56.0265 2300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 18:10:56.0375 2300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 18:10:56.0593 2300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 18:10:56.0656 2300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 18:10:56.0703 2300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 18:10:56.0765 2300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 18:10:56.0890 2300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 18:10:57.0062 2300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 18:10:57.0125 2300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 18:10:57.0265 2300 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/28 18:10:57.0546 2300 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/28 18:10:57.0718 2300 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
2011/08/28 18:10:57.0812 2300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 18:10:58.0046 2300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 18:10:58.0140 2300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 18:10:58.0187 2300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 18:10:58.0390 2300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 18:10:58.0562 2300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 18:10:58.0656 2300 EMSCR (6428a1ce5abe3e71a97dfdda0a19546f) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2011/08/28 18:10:58.0812 2300 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2011/08/28 18:10:58.0812 2300 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ESD7SK.sys. Real md5: 8e56ab21d10c368029cea57de47d79c2, Fake md5: e40174d7a1d1ffaf018db3f74311030e
2011/08/28 18:10:58.0843 2300 ESDCR - detected ForgedFile.Multi.Generic (1)
2011/08/28 18:10:59.0015 2300 ESMCR (472ea4e9734147f8ada93c4ab944b958) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
2011/08/28 18:10:59.0265 2300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 18:10:59.0468 2300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/28 18:10:59.0546 2300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 18:10:59.0593 2300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/28 18:10:59.0687 2300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 18:10:59.0796 2300 FNETTHJM (756220289c526ce6780a66a5145f10c6) C:\WINDOWS\system32\drivers\fnetthjm.sys
2011/08/28 18:10:59.0921 2300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 18:10:59.0984 2300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 18:11:00.0031 2300 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 18:11:00.0125 2300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 18:11:00.0281 2300 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/28 18:11:00.0593 2300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 18:11:00.0781 2300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 18:11:01.0062 2300 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/28 18:11:01.0312 2300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 18:11:02.0453 2300 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/28 18:11:04.0484 2300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/28 18:11:04.0531 2300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 18:11:04.0640 2300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 18:11:05.0000 2300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 18:11:05.0078 2300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 18:11:05.0250 2300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 18:11:05.0312 2300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 18:11:05.0468 2300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 18:11:05.0562 2300 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/28 18:11:05.0625 2300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 18:11:05.0781 2300 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/28 18:11:05.0890 2300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 18:11:05.0984 2300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 18:11:06.0312 2300 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/08/28 18:11:06.0375 2300 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/08/28 18:11:06.0437 2300 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/08/28 18:11:06.0531 2300 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/28 18:11:06.0781 2300 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/28 18:11:06.0890 2300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 18:11:07.0000 2300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 18:11:07.0281 2300 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/28 18:11:07.0453 2300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 18:11:07.0593 2300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 18:11:07.0640 2300 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/28 18:11:07.0828 2300 MpKsl29faf5f1 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl29faf5f1.sys
2011/08/28 18:11:09.0734 2300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 18:11:10.0296 2300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 18:11:11.0031 2300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 18:11:11.0484 2300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 18:11:11.0875 2300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 18:11:12.0265 2300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 18:11:12.0390 2300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 18:11:12.0671 2300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 18:11:13.0187 2300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 18:11:13.0562 2300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 18:11:13.0687 2300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 18:11:13.0921 2300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 18:11:14.0093 2300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 18:11:14.0406 2300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 18:11:14.0750 2300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 18:11:15.0093 2300 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/28 18:11:16.0906 2300 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/28 18:11:18.0828 2300 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/28 18:11:19.0000 2300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 18:11:19.0578 2300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 18:11:20.0156 2300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 18:11:20.0671 2300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 18:11:20.0890 2300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 18:11:21.0000 2300 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/28 18:11:21.0500 2300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/28 18:11:21.0843 2300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 18:11:22.0703 2300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 18:11:23.0156 2300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 18:11:23.0656 2300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 18:11:24.0046 2300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/28 18:11:25.0593 2300 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/28 18:11:25.0906 2300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 18:11:26.0078 2300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 18:11:26.0281 2300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 18:11:27.0578 2300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 18:11:27.0875 2300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 18:11:28.0109 2300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 18:11:28.0343 2300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 18:11:28.0828 2300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 18:11:29.0250 2300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 18:11:29.0484 2300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 18:11:29.0843 2300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 18:11:30.0125 2300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 18:11:30.0640 2300 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/28 18:11:30.0890 2300 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/28 18:11:31.0140 2300 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/28 18:11:31.0328 2300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 18:11:31.0609 2300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/28 18:11:32.0218 2300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/28 18:11:33.0015 2300 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/08/28 18:11:33.0437 2300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 18:11:33.0640 2300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 18:11:34.0265 2300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 18:11:34.0765 2300 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
2011/08/28 18:11:35.0250 2300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 18:11:35.0968 2300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 18:11:36.0468 2300 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/08/28 18:11:36.0937 2300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 18:11:37.0312 2300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 18:11:37.0421 2300 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/08/28 18:11:39.0234 2300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 18:11:40.0156 2300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 18:11:41.0109 2300 tdudf (eab2ab0ee3605f5588d2b55ec06f2990) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/08/28 18:11:41.0781 2300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 18:11:42.0796 2300 TPwSav (0e1a5af6e6305e6dc7a69b814f35eadd) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/08/28 18:11:43.0500 2300 Tvs (96a2f44963346e3213e91e84038cd2cc) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/28 18:11:44.0078 2300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 18:11:45.0296 2300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 18:11:46.0531 2300 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/28 18:11:47.0312 2300 usbbus (f2dd4159715afa801c7916f85d2e2779) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/08/28 18:11:47.0812 2300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 18:11:48.0328 2300 UsbDiag (41c12f229cf403a2bb2c8f4a05993c8f) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/08/28 18:11:48.0859 2300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 18:11:49.0703 2300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 18:11:50.0546 2300 USBModem (f8e0b715ecdcc4d426d1dc8bead6e0b8) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/08/28 18:11:51.0578 2300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/28 18:11:52.0203 2300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 18:11:52.0843 2300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 18:11:53.0656 2300 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/08/28 18:11:54.0203 2300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 18:11:55.0468 2300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 18:11:56.0078 2300 vpnva (174268d44b24ecc79119634142f908ab) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2011/08/28 18:11:57.0812 2300 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/28 18:11:59.0734 2300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 18:12:00.0484 2300 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/28 18:12:01.0171 2300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 18:12:01.0640 2300 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/08/28 18:12:02.0125 2300 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/28 18:12:02.0500 2300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 18:12:02.0937 2300 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 18:12:03.0343 2300 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
2011/08/28 18:12:03.0718 2300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/28 18:12:07.0171 2300 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
2011/08/28 18:12:07.0250 2300 Boot (0x1200) (3ba3a33df42945fac389a34c586ddfa6) \Device\Harddisk0\DR0\Partition0
2011/08/28 18:12:07.0390 2300 Boot (0x1200) (6d7ed69cb5349af91e88ca19bbcd4413) \Device\Harddisk0\DR0\Partition1
2011/08/28 18:12:07.0406 2300 Boot (0x1200) (71e762cc64ca0db51da2de3bfb5a5483) \Device\Harddisk1\DR3\Partition0
2011/08/28 18:12:07.0421 2300 ================================================================================
2011/08/28 18:12:07.0421 2300 Scan finished
2011/08/28 18:12:07.0421 2300 ================================================================================
2011/08/28 18:12:07.0718 0436 Detected object count: 1
2011/08/28 18:12:07.0718 0436 Actual detected object count: 1
2011/08/28 18:12:13.0265 0436 ForgedFile.Multi.Generic(ESDCR) - User select action: Skip

Hoi,

Kan je het andere logje van TDSSKiller ook even plaatsen, deze kan je terug vinden op de C (systeem) schijf.

Hoi, hierbij de eerste log van TDSSKiller:

2011/08/28 18:03:17.0265 0736 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 18:03:19.0265 0736 ================================================================================
2011/08/28 18:03:19.0265 0736 SystemInfo:
2011/08/28 18:03:19.0265 0736
2011/08/28 18:03:19.0265 0736 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 18:03:19.0265 0736 Product type: Workstation
2011/08/28 18:03:19.0265 0736 ComputerName: IVO
2011/08/28 18:03:19.0265 0736 UserName: Ivo Miltenburg
2011/08/28 18:03:19.0265 0736 Windows directory: C:\WINDOWS
2011/08/28 18:03:19.0265 0736 System windows directory: C:\WINDOWS
2011/08/28 18:03:19.0265 0736 Processor architecture: Intel x86
2011/08/28 18:03:19.0265 0736 Number of processors: 2
2011/08/28 18:03:19.0265 0736 Page size: 0x1000
2011/08/28 18:03:19.0265 0736 Boot type: Normal boot
2011/08/28 18:03:19.0265 0736 ================================================================================
2011/08/28 18:03:21.0187 0736 Initialize success
2011/08/28 18:03:26.0984 1240 ================================================================================
2011/08/28 18:03:26.0984 1240 Scan started
2011/08/28 18:03:26.0984 1240 Mode: Manual;
2011/08/28 18:03:26.0984 1240 ================================================================================
2011/08/28 18:03:28.0562 1240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 18:03:28.0625 1240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/28 18:03:28.0718 1240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 18:03:28.0796 1240 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/28 18:03:28.0859 1240 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 18:03:29.0125 1240 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/28 18:03:29.0437 1240 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/28 18:03:29.0640 1240 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/28 18:03:29.0734 1240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/28 18:03:29.0875 1240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 18:03:29.0921 1240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 18:03:29.0984 1240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 18:03:30.0156 1240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 18:03:30.0203 1240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 18:03:30.0265 1240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 18:03:30.0312 1240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 18:03:30.0359 1240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 18:03:30.0390 1240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 18:03:30.0500 1240 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/28 18:03:30.0562 1240 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/28 18:03:30.0890 1240 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
2011/08/28 18:03:30.0937 1240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 18:03:31.0031 1240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 18:03:31.0078 1240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 18:03:31.0125 1240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 18:03:31.0187 1240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 18:03:31.0328 1240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 18:03:31.0421 1240 EMSCR (6428a1ce5abe3e71a97dfdda0a19546f) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2011/08/28 18:03:31.0453 1240 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2011/08/28 18:03:31.0453 1240 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ESD7SK.sys. Real md5: 8e56ab21d10c368029cea57de47d79c2, Fake md5: e40174d7a1d1ffaf018db3f74311030e
2011/08/28 18:03:31.0468 1240 ESDCR - detected ForgedFile.Multi.Generic (1)
2011/08/28 18:03:31.0515 1240 ESMCR (472ea4e9734147f8ada93c4ab944b958) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
2011/08/28 18:03:31.0609 1240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 18:03:31.0781 1240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/28 18:03:31.0812 1240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 18:03:31.0843 1240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/28 18:03:31.0906 1240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 18:03:31.0953 1240 FNETTHJM (756220289c526ce6780a66a5145f10c6) C:\WINDOWS\system32\drivers\fnetthjm.sys
2011/08/28 18:03:32.0000 1240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 18:03:32.0031 1240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 18:03:32.0109 1240 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 18:03:32.0265 1240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 18:03:32.0328 1240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/28 18:03:32.0468 1240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 18:03:32.0593 1240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 18:03:32.0671 1240 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/28 18:03:32.0812 1240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 18:03:33.0187 1240 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/28 18:03:33.0687 1240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/28 18:03:33.0734 1240 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 18:03:33.0796 1240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 18:03:33.0843 1240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 18:03:33.0890 1240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 18:03:34.0031 1240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 18:03:34.0078 1240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 18:03:34.0156 1240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 18:03:34.0218 1240 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/28 18:03:34.0296 1240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 18:03:34.0328 1240 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/28 18:03:34.0406 1240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 18:03:34.0531 1240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 18:03:34.0640 1240 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/08/28 18:03:34.0671 1240 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/08/28 18:03:34.0703 1240 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/08/28 18:03:34.0765 1240 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/28 18:03:34.0828 1240 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/28 18:03:34.0875 1240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 18:03:34.0937 1240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 18:03:35.0062 1240 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/28 18:03:35.0218 1240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 18:03:35.0265 1240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 18:03:35.0343 1240 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/28 18:03:35.0593 1240 MpKsl9f019373 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl9f019373.sys
2011/08/28 18:03:35.0718 1240 MpKslf2bdf574 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKslf2bdf574.sys
2011/08/28 18:03:35.0953 1240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 18:03:36.0015 1240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 18:03:36.0062 1240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 18:03:36.0093 1240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 18:03:36.0156 1240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 18:03:36.0296 1240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 18:03:36.0375 1240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 18:03:36.0453 1240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 18:03:36.0531 1240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 18:03:36.0593 1240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 18:03:36.0625 1240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 18:03:36.0750 1240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 18:03:36.0796 1240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 18:03:36.0859 1240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 18:03:36.0906 1240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 18:03:36.0968 1240 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/28 18:03:37.0250 1240 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/28 18:03:37.0625 1240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/28 18:03:37.0687 1240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 18:03:37.0734 1240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 18:03:37.0859 1240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 18:03:37.0890 1240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 18:03:37.0937 1240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 18:03:37.0953 1240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/28 18:03:38.0187 1240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/28 18:03:38.0203 1240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 18:03:38.0250 1240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 18:03:38.0296 1240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 18:03:38.0359 1240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 18:03:38.0390 1240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/28 18:03:38.0593 1240 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/28 18:03:38.0656 1240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 18:03:38.0843 1240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 18:03:38.0875 1240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 18:03:39.0046 1240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 18:03:39.0093 1240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 18:03:39.0125 1240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 18:03:39.0156 1240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 18:03:39.0203 1240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 18:03:39.0234 1240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 18:03:39.0281 1240 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 18:03:39.0343 1240 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 18:03:39.0562 1240 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 18:03:39.0718 1240 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/28 18:03:39.0796 1240 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/28 18:03:39.0890 1240 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/28 18:03:39.0937 1240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 18:03:40.0125 1240 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/28 18:03:40.0218 1240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/28 18:03:40.0328 1240 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/08/28 18:03:40.0390 1240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 18:03:40.0421 1240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 18:03:40.0500 1240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 18:03:40.0562 1240 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
2011/08/28 18:03:40.0750 1240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 18:03:40.0765 1240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 18:03:40.0906 1240 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/08/28 18:03:41.0062 1240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 18:03:41.0156 1240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 18:03:41.0218 1240 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/08/28 18:03:41.0281 1240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 18:03:41.0437 1240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 18:03:41.0484 1240 tdudf (eab2ab0ee3605f5588d2b55ec06f2990) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/08/28 18:03:41.0515 1240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 18:03:41.0609 1240 TPwSav (0e1a5af6e6305e6dc7a69b814f35eadd) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/08/28 18:03:41.0656 1240 Tvs (96a2f44963346e3213e91e84038cd2cc) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/28 18:03:41.0671 1240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 18:03:41.0765 1240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 18:03:41.0984 1240 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/28 18:03:42.0031 1240 usbbus (f2dd4159715afa801c7916f85d2e2779) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/08/28 18:03:42.0062 1240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 18:03:42.0109 1240 UsbDiag (41c12f229cf403a2bb2c8f4a05993c8f) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/08/28 18:03:42.0156 1240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 18:03:42.0187 1240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 18:03:42.0359 1240 USBModem (f8e0b715ecdcc4d426d1dc8bead6e0b8) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/08/28 18:03:42.0453 1240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/28 18:03:42.0531 1240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 18:03:42.0546 1240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 18:03:42.0609 1240 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/08/28 18:03:42.0812 1240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 18:03:42.0890 1240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 18:03:42.0968 1240 vpnva (174268d44b24ecc79119634142f908ab) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2011/08/28 18:03:43.0125 1240 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/28 18:03:43.0343 1240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 18:03:43.0437 1240 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/28 18:03:43.0515 1240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 18:03:43.0640 1240 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/08/28 18:03:43.0843 1240 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/28 18:03:43.0921 1240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 18:03:43.0937 1240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 18:03:44.0000 1240 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
2011/08/28 18:03:44.0125 1240 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
2011/08/28 18:03:44.0125 1240 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/08/28 18:03:44.0140 1240 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
2011/08/28 18:03:44.0171 1240 Boot (0x1200) (3ba3a33df42945fac389a34c586ddfa6) \Device\Harddisk0\DR0\Partition0
2011/08/28 18:03:44.0218 1240 Boot (0x1200) (6d7ed69cb5349af91e88ca19bbcd4413) \Device\Harddisk0\DR0\Partition1
2011/08/28 18:03:44.0234 1240 Boot (0x1200) (71e762cc64ca0db51da2de3bfb5a5483) \Device\Harddisk1\DR3\Partition0
2011/08/28 18:03:44.0250 1240 ================================================================================
2011/08/28 18:03:44.0250 1240 Scan finished
2011/08/28 18:03:44.0250 1240 ================================================================================
2011/08/28 18:03:44.0265 2844 Detected object count: 2
2011/08/28 18:03:44.0265 2844 Actual detected object count: 2
2011/08/28 18:03:59.0625 2844 ForgedFile.Multi.Generic(ESDCR) - User select action: Skip
2011/08/28 18:03:59.0703 2844 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/08/28 18:03:59.0703 2844 \Device\Harddisk0\DR0 - ok
2011/08/28 18:03:59.0703 2844 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/28 18:04:09.0984 3692 Deinitialize success

Hoi,

Laat de ING cleaner van (Fox-IT) nogmaals draaien en plaats hiervan het logje.

Hierbij de log:

------------------------------------------------------------------------------------------------------------------------
[28-08-2011 18:19:10] FCleaner v1.5.0.0 Loading...
[28-08-2011 18:19:14] Mebroot Infection Found!
[28-08-2011 18:19:14] FCleaner has detected malware on your system!
[28-08-2011 18:19:14] Please press the "Clean" button to remove the malware
[28-08-2011 18:19:28] Cleaner finished!

Overigens gaf een splash screen weer aan dat Mebroot niet verwijderd kon worden en dat er een expert geraadpleegd moet worden..

Hoi,

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

• Dubbelklik op "ComboFix.exe en ga "Akkoord" met de 'Disclaimer'
• Als er een melding komt dat er "Een nieuwere versie van ComboFix" beschikbaar is klik dan op "Ja" om te updaten.

• Klik na het update nogmaals op "Akkoord" en ComboFix zal nu starten.
• Als de "Recovery Console" nog niet aanwezig is zal ComboFix deze installeren indien er een actieve internet verbinding nodig.

• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok"
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bij bijvoorbeeld een aanwezige rootkit, dit is normaal.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

• Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

ComboFix 11-08-28.01 - Ivo Miltenburg 28-08-2011 18:51:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.329 [GMT 2:00]
Running from: c:\documents and settings\Ivo Miltenburg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\IVOMIL~1\LOCALS~1\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Ivo Miltenburg\Application Data\desktop.ini
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ivo Miltenburg\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Ivo Miltenburg\Local Settings\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\documents and settings\Ivo Miltenburg\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 15:34 . 2011-08-28 15:34 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Application Data\Malwarebytes
2011-08-28 15:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 15:34 . 2011-08-28 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-28 15:34 . 2011-08-28 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-28 15:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 09:56 . 2011-08-28 09:58 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-28 09:48 . 2011-08-28 09:48 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Local Settings\Application Data\Solid State Networks
2011-08-28 08:17 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\mpengine.dll
2011-08-12 21:27 . 2011-08-12 21:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-12 13:26 . 2011-08-12 13:26 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Local Settings\Application Data\MathematicaPlayer
2011-08-12 13:26 . 2011-08-12 13:26 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Application Data\MathematicaPlayer
2011-08-12 13:26 . 2011-08-12 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MathematicaPlayer
2011-08-12 08:09 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-11 20:06 . 2011-08-11 20:06 -------- d-----w- c:\program files\Common Files\Wolfram Research
2011-08-11 20:06 . 2011-08-11 20:06 -------- d-----w- c:\program files\Common Files\ResearchSoft
2011-08-11 20:04 . 2011-08-11 20:04 -------- d-----w- c:\program files\Wolfram Research
2011-08-10 17:51 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 17:50 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 17:11 . 2011-08-09 17:11 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Local Settings\Application Data\Mindjet
2011-08-09 17:09 . 2006-01-30 06:32 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2011-08-09 17:09 . 2004-12-07 04:11 258352 ----a-w- c:\windows\system32\unicows.dll
2011-08-09 17:08 . 2011-08-09 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Mindjet
2011-08-09 17:07 . 2011-08-09 17:07 -------- d-----w- c:\program files\Mindjet
2011-08-09 17:04 . 2011-08-09 17:04 -------- d-----w- c:\documents and settings\Ivo Miltenburg\Local Settings\Application Data\{B466D993-193A-4641-BD61-AA0DBB63C1F1}
2011-08-04 16:31 . 2011-08-04 16:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 09:38 . 2011-06-16 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2010-09-07 15:33 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2006-09-21 07:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 16:23 . 2010-12-27 20:56 336400 ----a-w- c:\windows\system32\mltcpip32.mlp
2011-07-10 16:23 . 2010-12-27 20:56 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2011-07-10 16:23 . 2010-12-27 20:56 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2011-07-10 16:22 . 2010-12-27 20:56 167952 ----a-w- c:\windows\system32\mlmodule32.dll
2011-07-10 16:22 . 2010-12-27 20:56 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2011-07-10 16:22 . 2010-12-27 20:56 369680 ----a-w- c:\windows\system32\ml32i3.dll
2011-07-10 16:22 . 2010-12-27 20:56 260112 ----a-w- c:\windows\system32\ml32i2.dll
2011-07-10 16:22 . 2010-12-27 20:56 253968 ----a-w- c:\windows\system32\ml32i1.dll
2011-07-08 14:02 . 2006-09-21 07:03 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2006-09-21 08:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-09-21 07:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-09-21 07:03 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-09-21 07:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-09-21 07:03 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-09-21 07:04 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2006-09-21 07:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-16 17:37 . 2011-03-25 20:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 28672]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"MMReminderService"="c:\program files\Mindjet\MindManager 9\MMReminderService.exe" [2011-02-11 38240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wolfram Research\\Wolfram CDF Player\\8.0\\WolframCDFPlayer.exe"=
"c:\\Program Files\\Wolfram Research\\Wolfram CDF Player\\8.0\\math.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [30-5-2011 20:23 13496]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [30-5-2011 18:48 353168]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-8-2011 17:34 366640]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 16:12 98816]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [29-3-2008 0:39 370360]
R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [19-9-2010 14:30 24448]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-8-2011 17:34 22712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [21-9-2006 12:57 7040]
S1 MpKsl381414d9;MpKsl381414d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44672B28-1575-49F2-9FCB-EF5D334717A7}\MpKsl381414d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44672B28-1575-49F2-9FCB-EF5D334717A7}\MpKsl381414d9.sys [?]
S1 MpKsl43755ce2;MpKsl43755ce2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl43755ce2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl43755ce2.sys [?]
S1 MpKsl5bcaaa4b;MpKsl5bcaaa4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023F1B62-A5CF-4665-A279-09739B9F1A6A}\MpKsl5bcaaa4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023F1B62-A5CF-4665-A279-09739B9F1A6A}\MpKsl5bcaaa4b.sys [?]
S1 MpKsl5dba87eb;MpKsl5dba87eb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl5dba87eb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKsl5dba87eb.sys [?]
S1 MpKsl8e169fac;MpKsl8e169fac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36C0A59D-242E-4AB9-A806-2A7FFB91CADC}\MpKsl8e169fac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36C0A59D-242E-4AB9-A806-2A7FFB91CADC}\MpKsl8e169fac.sys [?]
S1 MpKsl9fdfdda9;MpKsl9fdfdda9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDFE796E-573C-4EFC-B245-735F56E015A4}\MpKsl9fdfdda9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDFE796E-573C-4EFC-B245-735F56E015A4}\MpKsl9fdfdda9.sys [?]
S1 MpKslac420c2f;MpKslac420c2f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08F7C917-8AC6-42BF-A71A-53EC1A880391}\MpKslac420c2f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08F7C917-8AC6-42BF-A71A-53EC1A880391}\MpKslac420c2f.sys [?]
S1 MpKslb78acd1b;MpKslb78acd1b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{910A9928-277C-4DDD-A0B7-9CEE32D29206}\MpKslb78acd1b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{910A9928-277C-4DDD-A0B7-9CEE32D29206}\MpKslb78acd1b.sys [?]
S1 MpKslf22c1069;MpKslf22c1069;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1DCD380-242A-411E-A57C-83F92D4FE306}\MpKslf22c1069.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1DCD380-242A-411E-A57C-83F92D4FE306}\MpKslf22c1069.sys [?]
S1 MpKslf2bdf574;MpKslf2bdf574;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKslf2bdf574.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{820D3310-1F36-4F43-84D4-E3186CCDB692}\MpKslf2bdf574.sys [?]
S1 MpKslf388e959;MpKslf388e959;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81757FEE-96A0-4736-97EF-B9A11B18B317}\MpKslf388e959.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81757FEE-96A0-4736-97EF-B9A11B18B317}\MpKslf388e959.sys [?]
S1 MpKslfdb61e2c;MpKslfdb61e2c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E005AB1-0B71-4653-BCBE-617D1C1A7F13}\MpKslfdb61e2c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E005AB1-0B71-4653-BCBE-617D1C1A7F13}\MpKslfdb61e2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7-9-2010 19:59 1691480]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25-6-2011 11:40 66112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25-6-2011 11:40 180672]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [21-9-2006 9:04 14336]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2011-08-28 c:\windows\Tasks\Backup_SystemState_Laptop_Ivo.job
- c:\windows\system32\ntbackup.exe [2006-09-21 00:12]
.
2011-08-27 c:\windows\Tasks\Backup_System_State_Laptop_Ivo.job
- c:\windows\system32\ntbackup.exe [2006-09-21 00:12]
.
2011-06-07 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\DriverEasy\DriverEasy.exe [2010-09-07 19:29]
.
2011-08-28 c:\windows\Tasks\SyncBack 640Gb_SyncBack_all.job
- c:\program files\SyncBack\SyncBack.exe [2010-09-07 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: waterwatch.nl
TCP: DhcpNameServer = 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.waterwatch.nl/CACHE/stc/4/binaries/vpnweb.cab" onclick="window.open(this.href);return false;
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://sslvpn.waterwatch.nl/+CSCOL+/cscopf.cab" onclick="window.open(this.href);return false;
FF - ProfilePath - c:\documents and settings\Ivo Miltenburg\Application Data\Mozilla\Firefox\Profiles\mxire063.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=" onclick="window.open(this.href);return false;
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2011-08-28 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TODDSrv.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TCtrlIOHook.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-28 19:09:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 17:09
.
Pre-Run: 7.000.363.008 bytes free
Post-Run: 7.046.635.520 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AA6C06E7433CCB784687347CE93D39FE

Hoi,

We gaan eerst even de MBR fixen.

1. Als Combofix de "recovery console" heeft geïnstalleerd krijgt u tijdens het opstarten kort een keuzescherm "bootscreen" te zien.
2. Log hierna in op de Windows installatie, geef het cijfer op van de Windows installatie gevolgd door enter.
Hierna zal er om het "administrator" password gevraagd worden, heeft u geen password dan drukt u hier op enter.
3. Geef het commando "fixmbr" op achter de commandprompt, zoals op de onderstaande afbeelding.
4. Als er gevraagd wordt om de MBR te overschrijven bevestigd u dit met "J" (Ja) of "Y" (Yes).
5. Type hierna "exit" de computer zal nu opnieuw opstarten.

Laat nu nogmaals aswMBR en TDSSkiller draaien en plaats hiervan de logjes.

Hallo Maxstar
Bedankt voor alle hulp, deze zondagavond.

Hieronder de logs:

--------
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-28 19:43:13
-----------------------------
19:43:13.906 OS Version: Windows 5.1.2600 Service Pack 3
19:43:13.906 Number of processors: 2 586 0xE08
19:43:13.906 ComputerName: IVO UserName:
19:43:16.656 Initialize success
19:43:33.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:43:33.781 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001M Size: 114473MB BusType: 3
19:43:35.828 Disk 0 MBR read successfully
19:43:35.843 Disk 0 MBR scan
19:43:35.843 Disk 0 Windows XP default MBR code
19:43:35.906 Disk 0 scanning sectors +234436545
19:43:35.968 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !
19:43:35.984 Disk 0 PE file @ sector 234436570 !
19:43:36.046 Disk 0 scanning C:\WINDOWS\system32\drivers
19:43:56.281 Service scanning
19:43:58.359 Modules scanning
19:44:15.265 Disk 0 trace - called modules:
19:44:15.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
19:44:15.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f51ab8]
19:44:15.359 3 CLASSPNP.SYS[f77ecfd7] -> nt!IofCallDriver -> \Device\0000008c[0x86f019e8]
19:44:15.375 5 ACPI.sys[f7743620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f01d98]
19:44:15.406 Scan finished successfully
19:44:37.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\MBR.dat"
19:44:37.734 The log file has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\aswMBR2.txt"

---------------
2011/08/28 19:44:55.0046 2712 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 19:44:55.0406 2712 ================================================================================
2011/08/28 19:44:55.0406 2712 SystemInfo:
2011/08/28 19:44:55.0406 2712
2011/08/28 19:44:55.0406 2712 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 19:44:55.0406 2712 Product type: Workstation
2011/08/28 19:44:55.0406 2712 ComputerName: IVO
2011/08/28 19:44:55.0406 2712 UserName: Ivo Miltenburg
2011/08/28 19:44:55.0406 2712 Windows directory: C:\WINDOWS
2011/08/28 19:44:55.0406 2712 System windows directory: C:\WINDOWS
2011/08/28 19:44:55.0406 2712 Processor architecture: Intel x86
2011/08/28 19:44:55.0406 2712 Number of processors: 2
2011/08/28 19:44:55.0406 2712 Page size: 0x1000
2011/08/28 19:44:55.0406 2712 Boot type: Normal boot
2011/08/28 19:44:55.0406 2712 ================================================================================
2011/08/28 19:44:57.0250 2712 Initialize success
2011/08/28 19:45:00.0671 3988 ================================================================================
2011/08/28 19:45:00.0671 3988 Scan started
2011/08/28 19:45:00.0671 3988 Mode: Manual;
2011/08/28 19:45:00.0671 3988 ================================================================================
2011/08/28 19:45:04.0484 3988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 19:45:04.0515 3988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/28 19:45:04.0593 3988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 19:45:04.0656 3988 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/28 19:45:04.0718 3988 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 19:45:04.0828 3988 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/28 19:45:05.0203 3988 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/28 19:45:05.0312 3988 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/28 19:45:05.0515 3988 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/28 19:45:05.0687 3988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 19:45:05.0734 3988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 19:45:05.0796 3988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 19:45:05.0859 3988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 19:45:05.0906 3988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 19:45:05.0984 3988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 19:45:06.0140 3988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 19:45:06.0187 3988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 19:45:06.0234 3988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 19:45:06.0312 3988 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/28 19:45:06.0375 3988 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/28 19:45:06.0531 3988 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
2011/08/28 19:45:06.0562 3988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 19:45:06.0656 3988 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 19:45:06.0812 3988 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 19:45:06.0875 3988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 19:45:06.0906 3988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 19:45:06.0953 3988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 19:45:07.0031 3988 EMSCR (6428a1ce5abe3e71a97dfdda0a19546f) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2011/08/28 19:45:07.0078 3988 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2011/08/28 19:45:07.0078 3988 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ESD7SK.sys. Real md5: 8e56ab21d10c368029cea57de47d79c2, Fake md5: e40174d7a1d1ffaf018db3f74311030e
2011/08/28 19:45:07.0078 3988 ESDCR - detected ForgedFile.Multi.Generic (1)
2011/08/28 19:45:07.0125 3988 ESMCR (472ea4e9734147f8ada93c4ab944b958) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
2011/08/28 19:45:07.0218 3988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 19:45:07.0390 3988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/28 19:45:07.0406 3988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 19:45:07.0437 3988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/28 19:45:07.0500 3988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 19:45:07.0546 3988 FNETTHJM (756220289c526ce6780a66a5145f10c6) C:\WINDOWS\system32\drivers\fnetthjm.sys
2011/08/28 19:45:07.0578 3988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 19:45:07.0609 3988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 19:45:07.0656 3988 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 19:45:07.0796 3988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 19:45:07.0875 3988 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/28 19:45:07.0984 3988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 19:45:08.0062 3988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 19:45:08.0187 3988 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/28 19:45:08.0343 3988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 19:45:08.0687 3988 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/28 19:45:09.0125 3988 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/28 19:45:09.0156 3988 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 19:45:09.0203 3988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 19:45:09.0250 3988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 19:45:09.0296 3988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 19:45:09.0453 3988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 19:45:09.0500 3988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 19:45:09.0562 3988 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 19:45:09.0625 3988 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/28 19:45:09.0671 3988 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 19:45:09.0703 3988 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/28 19:45:09.0828 3988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 19:45:09.0875 3988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 19:45:09.0953 3988 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/08/28 19:45:09.0984 3988 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/08/28 19:45:10.0031 3988 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/08/28 19:45:10.0093 3988 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/28 19:45:10.0140 3988 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/28 19:45:10.0187 3988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 19:45:10.0234 3988 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 19:45:10.0421 3988 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/28 19:45:10.0500 3988 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 19:45:10.0531 3988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 19:45:10.0593 3988 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/28 19:45:11.0015 3988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 19:45:11.0109 3988 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 19:45:11.0171 3988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 19:45:11.0218 3988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 19:45:11.0281 3988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 19:45:11.0375 3988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 19:45:11.0437 3988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 19:45:11.0531 3988 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 19:45:11.0593 3988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 19:45:11.0671 3988 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 19:45:11.0703 3988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 19:45:11.0781 3988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 19:45:11.0812 3988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 19:45:11.0828 3988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 19:45:11.0890 3988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 19:45:11.0937 3988 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/28 19:45:12.0203 3988 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/28 19:45:12.0531 3988 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/28 19:45:12.0562 3988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 19:45:12.0609 3988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 19:45:12.0703 3988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 19:45:12.0734 3988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 19:45:12.0765 3988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 19:45:12.0921 3988 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/28 19:45:13.0000 3988 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/28 19:45:13.0031 3988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 19:45:13.0093 3988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 19:45:13.0125 3988 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 19:45:13.0171 3988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 19:45:13.0203 3988 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/28 19:45:13.0406 3988 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/28 19:45:13.0593 3988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 19:45:13.0625 3988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 19:45:13.0640 3988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 19:45:13.0781 3988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 19:45:13.0828 3988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 19:45:13.0859 3988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 19:45:13.0890 3988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 19:45:13.0937 3988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 19:45:13.0968 3988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 19:45:14.0000 3988 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 19:45:14.0062 3988 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 19:45:14.0250 3988 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 19:45:14.0359 3988 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/28 19:45:14.0437 3988 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/28 19:45:14.0515 3988 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/28 19:45:14.0562 3988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 19:45:14.0609 3988 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/28 19:45:14.0828 3988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/28 19:45:14.0906 3988 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/08/28 19:45:15.0000 3988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 19:45:15.0031 3988 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 19:45:15.0109 3988 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 19:45:15.0171 3988 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
2011/08/28 19:45:15.0328 3988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 19:45:15.0359 3988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 19:45:15.0453 3988 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/08/28 19:45:15.0546 3988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 19:45:15.0625 3988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 19:45:15.0687 3988 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/08/28 19:45:15.0734 3988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 19:45:15.0890 3988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 19:45:15.0937 3988 tdudf (eab2ab0ee3605f5588d2b55ec06f2990) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/08/28 19:45:15.0984 3988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 19:45:16.0062 3988 TPwSav (0e1a5af6e6305e6dc7a69b814f35eadd) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/08/28 19:45:16.0093 3988 Tvs (96a2f44963346e3213e91e84038cd2cc) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/28 19:45:16.0125 3988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 19:45:16.0218 3988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 19:45:16.0312 3988 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/28 19:45:16.0500 3988 usbbus (f2dd4159715afa801c7916f85d2e2779) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/08/28 19:45:16.0531 3988 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 19:45:16.0578 3988 UsbDiag (41c12f229cf403a2bb2c8f4a05993c8f) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/08/28 19:45:16.0625 3988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 19:45:16.0656 3988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 19:45:16.0703 3988 USBModem (f8e0b715ecdcc4d426d1dc8bead6e0b8) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/08/28 19:45:16.0750 3988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/28 19:45:16.0906 3988 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 19:45:16.0968 3988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 19:45:17.0031 3988 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/08/28 19:45:17.0078 3988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 19:45:17.0140 3988 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 19:45:17.0187 3988 vpnva (174268d44b24ecc79119634142f908ab) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2011/08/28 19:45:17.0296 3988 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/28 19:45:17.0531 3988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 19:45:17.0593 3988 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/28 19:45:17.0671 3988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 19:45:17.0765 3988 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/08/28 19:45:17.0843 3988 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/28 19:45:18.0046 3988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 19:45:18.0078 3988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 19:45:18.0140 3988 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
2011/08/28 19:45:18.0250 3988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/28 19:45:18.0390 3988 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
2011/08/28 19:45:18.0406 3988 Boot (0x1200) (3ba3a33df42945fac389a34c586ddfa6) \Device\Harddisk0\DR0\Partition0
2011/08/28 19:45:18.0437 3988 Boot (0x1200) (6d7ed69cb5349af91e88ca19bbcd4413) \Device\Harddisk0\DR0\Partition1
2011/08/28 19:45:18.0453 3988 Boot (0x1200) (71e762cc64ca0db51da2de3bfb5a5483) \Device\Harddisk1\DR3\Partition0
2011/08/28 19:45:18.0468 3988 ================================================================================
2011/08/28 19:45:18.0468 3988 Scan finished
2011/08/28 19:45:18.0468 3988 ================================================================================
2011/08/28 19:45:18.0484 3304 Detected object count: 1
2011/08/28 19:45:18.0484 3304 Actual detected object count: 1
2011/08/28 19:46:49.0250 3304 ForgedFile.Multi.Generic(ESDCR) - User select action: Skip

----------

Hoi,

Start aswMBR.exe opnieuw.

• Klik bij het volgende venster op "Nee"
• Klik op de knop "scan"
• 
• Klik nu op de knop "Fix" of "FixMBR"
• 
• Herstart hierna de computer en laat aswMBR nogmaals scannen en plaats hiervan het nieuwe logje.

Hallo, hierbij de aswMBR log, alvast bedankt!

-----
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-29 18:43:24
-----------------------------
18:43:24.921 OS Version: Windows 5.1.2600 Service Pack 3
18:43:24.921 Number of processors: 2 586 0xE08
18:43:24.921 ComputerName: IVO UserName:
18:43:27.125 Initialize success
18:43:34.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:43:34.640 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001M Size: 114473MB BusType: 3
18:43:34.734 Disk 0 MBR read successfully
18:43:34.750 Disk 0 MBR scan
18:43:34.765 Disk 0 Windows XP default MBR code
18:43:34.781 Disk 0 scanning sectors +234436545
18:43:34.921 Disk 0 scanning C:\WINDOWS\system32\drivers
18:43:58.703 Service scanning
18:44:00.078 Service MpKsl5c96ab0a C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7573C00A-2878-4F17-A685-5B3AB33218A2}\MpKsl5c96ab0a.sys **LOCKED** 32
18:44:00.984 Modules scanning
18:44:31.625 Disk 0 trace - called modules:
18:44:31.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:44:31.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5e1f0]
18:44:31.718 3 CLASSPNP.SYS[f77ecfd7] -> nt!IofCallDriver -> \Device\0000008c[0x86f5b1b8]
18:44:31.750 5 ACPI.sys[f7743620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f04d98]
18:44:31.765 Scan finished successfully
18:45:03.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\MBR.dat"
18:45:03.296 The log file has been saved successfully to "C:\Documents and Settings\Ivo Miltenburg\Desktop\aswMBR3.txt"
--------------

Hoi,

Voer nu nogmaals de ING cleaner uit.

Ga naar ING.nl/cleaner en druk op Virus verwijdertool.
Sla het bestand genaamd "FCleaner_tcmx-xxxxx" op je bureaublad op.

Voer het bestand uit (openen). Indien er iets gevonden wordt krijg je de mogelijkheid om op "Clean" te drukken. Doe dit ook.
Je zult een aftelscherm in beeld krijgen. Dit zorgt ervoor dat je systeem opnieuw opgestart wordt.

Na herstart zal een een logbestand op je bureaublad verschijnen genaamd FCleaner_<datum>_<tijd>.log.

Plaats dit logje in het volgende bericht.

Ziet er veelbelovend uit...FCleaner vindt 'm niet meer..hoefde ook niets te cleanen.

Hierbij de log:

------------------------------------------------------------------------------------------------------------------------
[29-08-2011 18:57:45] FCleaner v1.5.0.0 Loading...
[29-08-2011 18:57:48] No malware was found on your system!