Jump to content

Hendrick

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Screen317 Thx again 4 the help! Here you have the requested url PC Pitstop Did the uninstall of the requested programs and new install. Kind regards, Hendrick
  2. Hi screen317, thx again for the help! Here you have the scan log of ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49a382360bde5040a24e1cdf8d952343 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-03 09:37:56 # local_time=2011-08-03 11:37:56 (+0100, Romance (zomertijd)) # country="Belgium" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 43924713 43924713 0 0 # compatibility_mode=5891 16776550 42 87 4039 24452385 0 0 # compatibility_mode=8192 67108863 100 0 147 147 0 0 # scanned=121191 # found=8 # cleaned=8 # scan_time=3155 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075133.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075134.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0075135.exe a variant of Win32/Injector.IHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49a382360bde5040a24e1cdf8d952343 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-03 10:53:00 # local_time=2011-08-04 12:53:00 (+0100, Romance (zomertijd)) # country="Belgium" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 43929234 43929234 0 0 # compatibility_mode=5891 16776550 42 87 8560 24456906 0 0 # compatibility_mode=8192 67108863 100 0 4668 4668 0 0 # scanned=121190 # found=0 # cleaned=0 # scan_time=3138 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49a382360bde5040a24e1cdf8d952343 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-04 12:37:56 # local_time=2011-08-04 02:37:56 (+0100, Romance (zomertijd)) # country="Belgium" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 43933799 43933799 0 0 # compatibility_mode=5891 16776533 42 87 569 24461471 0 0 # compatibility_mode=8192 67108863 100 0 9233 9233 0 0 # scanned=112374 # found=0 # cleaned=0 # scan_time=4880 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=49a382360bde5040a24e1cdf8d952343 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-10 08:19:34 # local_time=2011-08-10 10:19:34 (+0100, Romance (zomertijd)) # country="Belgium" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 44518972 44518972 0 0 # compatibility_mode=5891 16776533 42 87 28545 25046644 0 0 # compatibility_mode=8192 67108863 100 0 594406 594406 0 0 # scanned=460291 # found=3 # cleaned=3 # scan_time=9008 J:\Backup\Backup Pc\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C J:\Backup 27-10-2005\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\UX47KKHD\mysearchnow[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C J:\Backup 27-10-2005\Documents and Settings\Jacky\Local Settings\Temporary Internet Files\Content.IE5\MPTE3QL8\mysearchnow[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C Security Check: Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! ESET Online Scanner v3 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 2 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` It seems that my external HD (J:\) had a virus, i have to mention that when I did the first scan with this scanner a week ago this drive was not connected so now it found some threats which MSE didn't find. Kind regards, Hendrick ps comp still looks & feels slow...
  3. Hi Screen317, thx for the reply! Here are the requested files: TDSSKiller: 2011/08/06 10:12:46.0617 5356 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29 2011/08/06 10:12:46.0695 5356 ================================================================================ 2011/08/06 10:12:46.0695 5356 SystemInfo: 2011/08/06 10:12:46.0695 5356 2011/08/06 10:12:46.0695 5356 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/06 10:12:46.0695 5356 Product type: Workstation 2011/08/06 10:12:46.0695 5356 ComputerName: PC-HP 2011/08/06 10:12:46.0695 5356 UserName: HeJa 2011/08/06 10:12:46.0695 5356 Windows directory: C:\WINDOWS 2011/08/06 10:12:46.0695 5356 System windows directory: C:\WINDOWS 2011/08/06 10:12:46.0695 5356 Processor architecture: Intel x86 2011/08/06 10:12:46.0695 5356 Number of processors: 2 2011/08/06 10:12:46.0695 5356 Page size: 0x1000 2011/08/06 10:12:46.0695 5356 Boot type: Normal boot 2011/08/06 10:12:46.0695 5356 ================================================================================ 2011/08/06 10:12:49.0226 5356 Initialize success 2011/08/06 10:12:53.0211 4932 ================================================================================ 2011/08/06 10:12:53.0211 4932 Scan started 2011/08/06 10:12:53.0211 4932 Mode: Manual; 2011/08/06 10:12:53.0211 4932 ================================================================================ 2011/08/06 10:12:54.0664 4932 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 2011/08/06 10:12:54.0727 4932 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/06 10:12:54.0758 4932 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/08/06 10:12:54.0789 4932 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/08/06 10:12:54.0836 4932 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/08/06 10:12:54.0836 4932 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys 2011/08/06 10:12:54.0883 4932 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys 2011/08/06 10:12:54.0961 4932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/06 10:12:55.0023 4932 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/08/06 10:12:55.0070 4932 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/08/06 10:12:55.0086 4932 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/08/06 10:12:55.0133 4932 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/08/06 10:12:55.0164 4932 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/08/06 10:12:55.0320 4932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/06 10:12:55.0477 4932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/06 10:12:55.0711 4932 ati2mtag (323b30faae1f544a549ebbbd837ed625) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/08/06 10:12:56.0430 4932 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys 2011/08/06 10:12:56.0508 4932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/06 10:12:56.0586 4932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/06 10:12:56.0648 4932 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys 2011/08/06 10:12:56.0961 4932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/06 10:12:57.0008 4932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/06 10:12:57.0086 4932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/06 10:12:57.0117 4932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/06 10:12:57.0320 4932 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys 2011/08/06 10:12:57.0430 4932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/06 10:12:57.0492 4932 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/06 10:12:57.0570 4932 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/06 10:12:57.0602 4932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/06 10:12:57.0649 4932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/06 10:12:57.0711 4932 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2011/08/06 10:12:57.0727 4932 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2011/08/06 10:12:57.0758 4932 dot4usb (f48841c737d7dc9610bf5f49a76c2ed1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 2011/08/06 10:12:57.0805 4932 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/08/06 10:12:57.0852 4932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/06 10:12:57.0867 4932 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/08/06 10:12:57.0945 4932 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/08/06 10:12:58.0024 4932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/06 10:12:58.0102 4932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/08/06 10:12:58.0149 4932 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/06 10:12:58.0180 4932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/08/06 10:12:58.0227 4932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/06 10:12:58.0258 4932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/06 10:12:58.0274 4932 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/06 10:12:58.0336 4932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/08/06 10:12:58.0367 4932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/06 10:12:58.0430 4932 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2011/08/06 10:12:58.0508 4932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/08/06 10:12:58.0586 4932 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys 2011/08/06 10:12:58.0711 4932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/08/06 10:12:58.0820 4932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/06 10:12:58.0914 4932 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/06 10:12:58.0977 4932 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2011/08/06 10:12:59.0008 4932 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2011/08/06 10:12:59.0024 4932 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2011/08/06 10:12:59.0039 4932 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2011/08/06 10:12:59.0070 4932 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2011/08/06 10:12:59.0086 4932 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2011/08/06 10:12:59.0102 4932 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 2011/08/06 10:12:59.0117 4932 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 2011/08/06 10:12:59.0133 4932 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 2011/08/06 10:12:59.0149 4932 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2011/08/06 10:12:59.0164 4932 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2011/08/06 10:12:59.0258 4932 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2011/08/06 10:12:59.0289 4932 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2011/08/06 10:12:59.0305 4932 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 2011/08/06 10:12:59.0320 4932 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 2011/08/06 10:12:59.0492 4932 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/08/06 10:12:59.0711 4932 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2011/08/06 10:12:59.0805 4932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/06 10:12:59.0852 4932 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/08/06 10:12:59.0883 4932 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/06 10:12:59.0930 4932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/06 10:12:59.0961 4932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/06 10:12:59.0992 4932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/06 10:13:00.0039 4932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/06 10:13:00.0055 4932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/06 10:13:00.0102 4932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/06 10:13:00.0149 4932 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/06 10:13:00.0164 4932 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/06 10:13:00.0180 4932 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/08/06 10:13:00.0211 4932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/06 10:13:00.0274 4932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/06 10:13:00.0399 4932 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2011/08/06 10:13:00.0430 4932 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 2011/08/06 10:13:00.0492 4932 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2011/08/06 10:13:00.0570 4932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/06 10:13:00.0617 4932 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/06 10:13:00.0664 4932 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/06 10:13:00.0711 4932 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/08/06 10:13:00.0774 4932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/06 10:13:00.0805 4932 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/08/06 10:13:01.0055 4932 MpKsl57270235 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C0113C7-41DF-4995-8E69-EDF6EAA98989}\MpKsl57270235.sys 2011/08/06 10:13:01.0336 4932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/06 10:13:01.0383 4932 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/06 10:13:01.0399 4932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/06 10:13:01.0445 4932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/06 10:13:01.0461 4932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/06 10:13:01.0477 4932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/06 10:13:01.0539 4932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/06 10:13:01.0586 4932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/06 10:13:01.0649 4932 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/06 10:13:01.0711 4932 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/06 10:13:01.0742 4932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/06 10:13:01.0774 4932 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/06 10:13:02.0008 4932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/06 10:13:02.0102 4932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/06 10:13:02.0117 4932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/06 10:13:02.0149 4932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/06 10:13:02.0164 4932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/06 10:13:02.0242 4932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/06 10:13:02.0274 4932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/06 10:13:02.0289 4932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/06 10:13:02.0336 4932 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/08/06 10:13:02.0383 4932 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/08/06 10:13:02.0414 4932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/06 10:13:02.0492 4932 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/06 10:13:02.0508 4932 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/06 10:13:02.0555 4932 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/06 10:13:02.0649 4932 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/06 10:13:02.0852 4932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/06 10:13:02.0867 4932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/06 10:13:02.0914 4932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/06 10:13:02.0946 4932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/08/06 10:13:03.0117 4932 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys 2011/08/06 10:13:03.0196 4932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/06 10:13:03.0258 4932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/06 10:13:03.0274 4932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/06 10:13:03.0289 4932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/06 10:13:03.0352 4932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/06 10:13:03.0352 4932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/06 10:13:03.0383 4932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/06 10:13:03.0399 4932 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/06 10:13:03.0446 4932 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/06 10:13:03.0524 4932 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\TEMP\SUPERAntiSpyware\SASDIFSV.SYS 2011/08/06 10:13:03.0555 4932 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\TEMP\SUPERAntiSpyware\SASENUM.SYS 2011/08/06 10:13:03.0571 4932 SASKUTIL (67d2688756dd304af655349baad82bff) C:\TEMP\SUPERAntiSpyware\SASKUTIL.SYS 2011/08/06 10:13:03.0711 4932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/06 10:13:03.0758 4932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/08/06 10:13:03.0789 4932 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/08/06 10:13:03.0836 4932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/08/06 10:13:03.0914 4932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/06 10:13:03.0930 4932 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/06 10:13:03.0977 4932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/06 10:13:04.0086 4932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/06 10:13:04.0102 4932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/06 10:13:04.0164 4932 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/08/06 10:13:04.0164 4932 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/08/06 10:13:04.0211 4932 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys 2011/08/06 10:13:04.0446 4932 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/08/06 10:13:04.0539 4932 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/08/06 10:13:04.0586 4932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/06 10:13:04.0649 4932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/06 10:13:04.0711 4932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/06 10:13:04.0742 4932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/06 10:13:04.0774 4932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/06 10:13:04.0836 4932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/06 10:13:05.0102 4932 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/08/06 10:13:05.0149 4932 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/06 10:13:05.0211 4932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/06 10:13:05.0274 4932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/06 10:13:05.0305 4932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/06 10:13:05.0352 4932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/06 10:13:05.0524 4932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/06 10:13:05.0664 4932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/06 10:13:05.0680 4932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/06 10:13:05.0696 4932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/06 10:13:05.0727 4932 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/08/06 10:13:05.0774 4932 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/06 10:13:05.0789 4932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/06 10:13:05.0836 4932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/06 10:13:05.0930 4932 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/08/06 10:13:06.0149 4932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/06 10:13:06.0211 4932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/08/06 10:13:06.0242 4932 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0 2011/08/06 10:13:06.0258 4932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR10 2011/08/06 10:13:07.0821 4932 Boot (0x1200) (c37f3fc56f359a5e58500518cb734903) \Device\Harddisk0\DR0\Partition0 2011/08/06 10:13:07.0821 4932 Boot (0x1200) (44b12409bcc7b9ba9fcdae196d93a9f2) \Device\Harddisk5\DR10\Partition0 2011/08/06 10:13:07.0836 4932 ================================================================================ 2011/08/06 10:13:07.0836 4932 Scan finished 2011/08/06 10:13:07.0836 4932 ================================================================================ 2011/08/06 10:13:07.0836 1460 Detected object count: 0 2011/08/06 10:13:07.0836 1460 Actual detected object count: 0 2011/08/06 10:13:13.0602 5616 Deinitialize success MBAM: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7392 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/08/2011 11:57:28 mbam-log-2011-08-06 (11-57-28).txt Scantype: Snelle scan Objecten gescand: 196522 Verstreken tijd: 7 minuut/minuten, 11 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) I did this all in normal mode with combofix still installed (this on a need 2 know basis) also auto reboot is enabled (My comp/SystemProperties/Advanced/Startup&Restartsettings/) so it isn't possible for windows to let it reboot my comp on it's own like it did in the past. It just feels that my comp is slower than before... My comp looks now clean I think... Kind regards, Hendrick
  4. I did a restart in normal mode and after a couple of minutes it was over and out got a blue screen with the following message: There is a problem found. Windows is shutdown to prevent damage. If this is the first time that u see this stoperror screen, u have to restart the computer. If u see the screen another time u can do the following: See if there is enough HD space. Stop all drivers, etc... Tech info: *** STOP: 0x0000008E (0xc0000005, 0xF72F371D, 0XF7566748, 0x00000000) *** atapi.sys - Address F72F371D base at F72E9000, Datestamp 4802539d Busy with fysical memorydump The fysical memorydump is finished. Please take contact with your systemadmin. Sorry for my translation as this was in dutch. Hoping for a quick reply since my hands are in my hair after 3 day's of hasle. Thx upfront! Kind regards, Hendrick
  5. Did a scan with Rkill meanwhile and found nothing (in safe mode) Same for Spybot SD, MSE found: Exploit: Java/CVE-2010-0840.EW Ran SAS again after these and found 2 cookies but there isn't a log file to be found. Did uncheck the auto restart in config panel so i can find out what is causing the problems. Hear u soon. Kind regards, Hendrick
  6. Hi guys, have some problems with my desktop PC (Windows XP SP3, HP Compaq dc5800 Microtower Intel Core 2 Duo CPU E7200 @ 2.53Ghz) after having a look on a dutch iphone website (iphoneclub.nl i think) i had a pop-up with the discription of a sort of virus scanner that would be installed. So I clicked the X button but still it seemed to install, hmm so the story begun pop-ups of viruses and I had to pay for the scanner etc... I knew it was a hoax so I started to look on the net with my iphone hence it was impossible to start IE8 without shutting down IE8 auto. Also started a complete scan of my system with MSE and saw that Cycbot.B was found as virus. Did a second scan in safe mode and tried to update the virus definitions but it would not work hence I had no internet access anymore. With the second scan after a session with Spybot SD which found a lot of spyware and deleted these, MSE didn't find any virusses anymore. Found on the net a guide to clean my registry of these problems so did that and rebooted my system hence .exe files where not able to start. Did the neccessary to get this working again and did a reboot so windows XP worked fine again in normal mode. The day after again a pop-up and all hell broke lose again... Did the same, better i tried to do the same but now access was more restricted in normal mode, system rebooted auto and was unable to access IE8 again. So back in safe mode to start a new scan with MSE but gave only spyware files same with Spybot SD. Again did some searching on the net and found this site so used the advice I found installed Super Anti Spyware on my USB stick and started with this which found again 35 entries then did a scan with Malwarebytes Anti-Malware and found 9 entries (see log) then did a reboot back into safe mode and installed Combofix (see log 2). So after combofix al looked well so I rebooted into normal windows mode but again after a while (everything looked OK) my comp decided to reboot auto again! Now i'm out of measures to get it back on track. Again restarted in safe mode an MSE is back on track with the latest definitions (manually installed) and allready after 30min of scanning he found a virus it seems. Will see after 1h30 what it will be again. Can be a virus it can spyware i don't know at this moment! Hope u guys can help me. Log 1 from Malwarebytes Anti-Malware Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7364 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 3/08/2011 16:27:19 mbam-log-2011-08-03 (16-27-13).txt Scantype: Volledige scan (C:\|) Objecten gescand: 344430 Verstreken tijd: 54 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 7 Registerwaarden geïnfecteerd: 4 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 20 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: c:\WINDOWS\system32\igfxarts.dll (Trojan.Clicker) -> No action taken. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Typelib\{5303E828-3A4C-11DE-AC1C-F77F55D89593} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6494B9BE-3A4C-11DE-91D2-BD8055D89593} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ba8b141-3758-73c4-6edd-ccec2fbfe278} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0ba8b141-3758-73c4-6edd-ccec2fbfe278} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BA8B141-3758-73C4-6EDD-CCEC2FBFE278} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BA8B141-3758-73C4-6EDD-CCEC2FBFE278} (Trojan.BHO) -> No action taken. Registerwaarden geïnfecteerd: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FraudPack) -> Value: 8DDYX0ZBPZ -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Mappen geïnfecteerd: c:\documents and settings\all users\application data\00300796 (Rogue.Multiple) -> No action taken. c:\documents and settings\all users\application data\00317953 (Rogue.Multiple) -> No action taken. Bestanden geïnfecteerd: c:\WINDOWS\system32\igfxarts.dll (Trojan.Clicker) -> No action taken. c:\WINDOWS\Temp\Yxh.exe (Trojan.FraudPack) -> No action taken. c:\documents and settings\administrator\menu start\programma's\opstarten\ozezsa.exe (Trojan.Agent) -> No action taken. c:\documents and settings\default user\menu start\programma's\opstarten\abim.exe (Trojan.Agent) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc68997031.txt (Trojan.Agent) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc74281656.txt (Trojan.Hiloti) -> No action taken. c:\documents and settings\heja\application data\Sun\Java\deployment\cache\6.0\30\59495e1e-42096d09 (Trojan.FakeAlert) -> No action taken. c:\documents and settings\heja\application data\Sun\Java\deployment\cache\6.0\40\5e157568-123a6ba0 (Trojan.FakeAlert) -> No action taken. c:\documents and settings\heja\local settings\Temp\0.5140973840670239.exe (Trojan.FakeAlert) -> No action taken. c:\documents and settings\logmeinremoteuser\menu start\programma's\opstarten\xiqe.exe (Trojan.Agent) -> No action taken. c:\system volume information\_restore{03fc1e3f-6bed-4081-9d0a-983c1dff58b7}\RP784\A0070087.dll (Trojan.FraudPack) -> No action taken. c:\WINDOWS\Temp\0.049756836786760905.exe (Trojan.FakeAlert) -> No action taken. c:\WINDOWS\Temp\Yxf.exe (Trojan.FraudPack) -> No action taken. c:\WINDOWS\Temp\Yxg.exe (Trojan.FraudPack) -> No action taken. c:\WINDOWS\Temp\Yxi.exe (Trojan.FraudPack) -> No action taken. c:\documents and settings\heja\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc149.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc151.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc61.exe (Trojan.Agent.Gen) -> No action taken. c:\documents and settings\heja\application data\Adobe\plugs\mmc74313765.txt (Trojan.Agent.Gen) -> No action taken. Log 2 Combofix ComboFix 11-08-03.02 - HeJa 03/08/2011 16:47:51.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1707 [GMT 2:00] Gestart vanuit: c:\documents and settings\heja\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\heja\Application Data\Adobe\plugs c:\documents and settings\heja\Application Data\Adobe\shed c:\windows\IsUn0413.exe c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll c:\windows\system32\spool\prtprocs\w32x86\ps3200pc.dll c:\windows\system32\UACsducvpec.db c:\windows\system32\uactmp.db c:\windows\system32\UNWISE.EXE . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))) . . 2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\documents and settings\heja\Application Data\Malwarebytes 2011-08-03 13:26 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-03 13:26 . 2011-08-03 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-03 13:26 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-03 11:28 . 2011-08-03 11:28 -------- d-----w- c:\documents and settings\heja\Application Data\SUPERAntiSpyware.com 2011-08-03 08:30 . 2011-08-03 08:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl7e77b101.sys 2011-08-02 16:48 . 2011-08-02 16:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslec00ea99.sys 2011-08-02 16:33 . 2011-08-02 16:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl84028b47.sys 2011-08-02 16:28 . 2011-08-02 16:28 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl49ced807.sys 2011-08-02 16:24 . 2011-08-02 16:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl51e348f2.sys 2011-08-02 14:05 . 2011-08-02 14:05 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2011-08-02 14:05 . 2011-08-02 14:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsla5b04687.sys 2011-08-02 13:51 . 2011-08-03 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\eL01602EjLaM01602 2011-08-02 12:23 . 2011-08-02 12:48 -------- d-----w- c:\documents and settings\heja\Application Data\Idtaep 2011-08-01 12:30 . 2011-08-01 12:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslfd65f6a7.sys 2011-08-01 12:29 . 2011-08-01 12:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl79abd119.sys 2011-08-01 12:27 . 2011-08-01 12:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsle344a667.sys 2011-08-01 12:25 . 2011-08-01 12:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl85b7d7fe.sys 2011-08-01 09:18 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\mpengine.dll 2011-07-26 15:54 . 2011-07-26 15:54 -------- d-----w- c:\program files\iPod 2011-07-26 15:49 . 2011-07-26 15:49 -------- d-----w- c:\program files\Bonjour 2011-07-12 10:29 . 2011-07-12 10:29 -------- d-----w- c:\program files\Apple Software Update 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-17 09:12 . 2010-03-04 18:43 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-07-17 09:12 . 2010-03-04 18:43 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-07-17 09:12 . 2010-03-04 18:43 29568 ----a-w- c:\windows\system32\LMIport.dll 2011-07-17 09:12 . 2010-03-04 18:43 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-13 03:39 . 2010-04-28 07:03 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-15 07:38 . 2011-05-30 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-06 11:35 . 2004-08-04 07:56 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 06:06 . 2010-01-16 11:16 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 06:06 . 2010-01-16 11:16 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-10 39408] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XeroxRegistation"="c:\program files\Xer" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-17 09:12 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2549946922-1252084344-473038049-1119\Scripts\Logon\0\0] "Script"=logon.cmd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [13/10/2008 8:10 36608] S0 c4e1ab2e44f0220385bb0cbb1c578882;c4e1ab2e44f0220385bb0cbb1c578882;c:\windows\system32\c4e1ab2e44f0220385bb0cbb1c578882.sys --> c:\windows\system32\c4e1ab2e44f0220385bb0cbb1c578882.sys [?] S1 MpKsl2874f718;MpKsl2874f718;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl2874f718.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl2874f718.sys [?] S1 MpKsl49ced807;MpKsl49ced807;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl49ced807.sys [2/08/2011 18:28 28752] S1 MpKsl51e348f2;MpKsl51e348f2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl51e348f2.sys [2/08/2011 18:24 28752] S1 MpKsl7e77b101;MpKsl7e77b101;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl7e77b101.sys [3/08/2011 10:30 28752] S1 MpKsl84028b47;MpKsl84028b47;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKsl84028b47.sys [2/08/2011 18:33 28752] S1 MpKsl9ce66ac8;MpKsl9ce66ac8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4019D407-07E3-4926-987E-41D4EF1A1A3C}\MpKsl9ce66ac8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4019D407-07E3-4926-987E-41D4EF1A1A3C}\MpKsl9ce66ac8.sys [?] S1 MpKsld3fe9afa;MpKsld3fe9afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE01D191-048C-4DC6-B7D4-F7C3A9A5B50C}\MpKsld3fe9afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE01D191-048C-4DC6-B7D4-F7C3A9A5B50C}\MpKsld3fe9afa.sys [?] S1 MpKslec00ea99;MpKslec00ea99;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37641721-85BB-496C-9813-002B90ECFA57}\MpKslec00ea99.sys [2/08/2011 18:48 28752] S1 SASDIFSV;SASDIFSV;c:\temp\SUPERAntiSpyware\sasdifsv.sys [26/04/2010 17:20 12872] S1 SASKUTIL;SASKUTIL;c:\temp\SUPERAntiSpyware\SASKUTIL.SYS [26/04/2010 17:20 66632] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [30/09/2010 3:06 169408] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 18:58 136176] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/10/2010 10:03 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856] S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [26/01/2011 12:26 573224] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 18:58 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/08/2011 15:26 41272] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [11/08/2008 13:40 13408] S3 SASENUM;SASENUM;c:\temp\SUPERAntiSpyware\SASENUM.SYS [26/04/2010 17:20 12872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-JACOBS-HeJa.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-28 23:25] . 2011-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 16:58] . 2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 16:58] . 2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = ftp://ftp.ramasoft.com/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.100.166 . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-iTunesHelper - j:\itunes\iTunesHelper.exe Notify-cfeebcbdeabee - c:\windows\system32\cfeebcbdeabee.dll AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 16:57 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3250310AS rev.3.AHC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully error: Read Een apparaat dat op het systeem is aangesloten, werkt niet. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A66F31B user & kernel MBR OK . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d7,b9,44,21,d0,2d,48,b2,6b,30,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d7,b9,44,21,d0,2d,48,b2,6b,30,\ . [HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\ACPI\PNP0F13\4&1e368a7a&0\LogConf] @DACL=(02 0000) "BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\ "BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00, 00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_046d&Pid_c525&MI_00\7&273c062a&0&0000\LogConf] @DACL=(02 0000) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(616) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Voltooingstijd: 2011-08-03 17:01:13 ComboFix-quarantined-files.txt 2011-08-03 15:01 . Pre-Run: 157 403 770 880 bytes beschikbaar Post-Run: 169 668 648 960 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 . - - End Of File - - C92EFA2FF08F4B08C464E47D2DFBEECF Cheers, Hendrick
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.