Virus - scheur3.CMIY

corrievisser

13-08-2011 14:54

Hoi Ben,
hier de drie logjes
2011/08/13 14:27:35.0264 3572 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/13 14:27:35.0467 3572 ================================================================================
2011/08/13 14:27:35.0467 3572 SystemInfo:
2011/08/13 14:27:35.0467 3572
2011/08/13 14:27:35.0467 3572 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/13 14:27:35.0467 3572 Product type: Workstation
2011/08/13 14:27:35.0467 3572 ComputerName: CORRIE-PC
2011/08/13 14:27:35.0467 3572 UserName: corrie
2011/08/13 14:27:35.0467 3572 Windows directory: C:\Windows
2011/08/13 14:27:35.0467 3572 System windows directory: C:\Windows
2011/08/13 14:27:35.0467 3572 Running under WOW64
2011/08/13 14:27:35.0467 3572 Processor architecture: Intel x64
2011/08/13 14:27:35.0467 3572 Number of processors: 2
2011/08/13 14:27:35.0467 3572 Page size: 0x1000
2011/08/13 14:27:35.0467 3572 Boot type: Normal boot
2011/08/13 14:27:35.0467 3572 ================================================================================
2011/08/13 14:27:35.0857 3572 Initialize success
2011/08/13 14:27:43.0642 3720 ================================================================================
2011/08/13 14:27:43.0642 3720 Scan started
2011/08/13 14:27:43.0642 3720 Mode: Manual;
2011/08/13 14:27:43.0642 3720 ================================================================================
2011/08/13 14:27:44.0484 3720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/13 14:27:44.0749 3720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/13 14:27:44.0874 3720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/13 14:27:45.0014 3720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/13 14:27:45.0170 3720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/13 14:27:45.0311 3720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/13 14:27:45.0482 3720 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/08/13 14:27:45.0607 3720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/13 14:27:45.0716 3720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/13 14:27:45.0841 3720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/13 14:27:45.0966 3720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/13 14:27:46.0060 3720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/13 14:27:46.0184 3720 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/13 14:27:46.0309 3720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/13 14:27:46.0418 3720 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/13 14:27:46.0543 3720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/13 14:27:46.0715 3720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/13 14:27:46.0840 3720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/13 14:27:46.0964 3720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/13 14:27:47.0120 3720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/13 14:27:47.0261 3720 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/13 14:27:47.0464 3720 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/13 14:27:47.0573 3720 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/13 14:27:47.0666 3720 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/13 14:27:47.0791 3720 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/08/13 14:27:47.0916 3720 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/08/13 14:27:48.0041 3720 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/08/13 14:27:48.0166 3720 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/08/13 14:27:48.0337 3720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/13 14:27:48.0478 3720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/13 14:27:48.0618 3720 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/13 14:27:48.0790 3720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/13 14:27:48.0961 3720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/13 14:27:49.0102 3720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/13 14:27:49.0211 3720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/13 14:27:49.0320 3720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/13 14:27:49.0429 3720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/13 14:27:49.0538 3720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/13 14:27:49.0648 3720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/13 14:27:49.0757 3720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/13 14:27:49.0866 3720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/13 14:27:50.0209 3720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/13 14:27:50.0303 3720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/13 14:27:50.0412 3720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/13 14:27:50.0490 3720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/13 14:27:50.0662 3720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/13 14:27:50.0693 3720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/13 14:27:50.0724 3720 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/13 14:27:50.0864 3720 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
2011/08/13 14:27:50.0942 3720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/13 14:27:51.0036 3720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/13 14:27:51.0161 3720 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
2011/08/13 14:27:51.0270 3720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/13 14:27:51.0426 3720 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/08/13 14:27:51.0488 3720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/13 14:27:51.0613 3720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/13 14:27:51.0785 3720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/13 14:27:51.0910 3720 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/13 14:27:52.0144 3720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/13 14:27:52.0393 3720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/13 14:27:52.0534 3720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/13 14:27:52.0658 3720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/13 14:27:52.0783 3720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/13 14:27:52.0892 3720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/13 14:27:52.0986 3720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/13 14:27:53.0002 3720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/13 14:27:53.0064 3720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/13 14:27:53.0220 3720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/13 14:27:53.0267 3720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/13 14:27:53.0314 3720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/13 14:27:53.0345 3720 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/13 14:27:53.0470 3720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/13 14:27:53.0657 3720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/13 14:27:53.0688 3720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/13 14:27:53.0828 3720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/13 14:27:53.0875 3720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/13 14:27:53.0891 3720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/13 14:27:53.0922 3720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/13 14:27:54.0047 3720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/13 14:27:54.0140 3720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/13 14:27:54.0234 3720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/13 14:27:54.0281 3720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/13 14:27:54.0406 3720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/13 14:27:54.0484 3720 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/13 14:27:54.0593 3720 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/13 14:27:54.0936 3720 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/13 14:27:55.0310 3720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/13 14:27:55.0388 3720 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/08/13 14:27:55.0435 3720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/13 14:27:55.0498 3720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/13 14:27:55.0544 3720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/13 14:27:55.0576 3720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/13 14:27:55.0591 3720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/13 14:27:55.0638 3720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/13 14:27:55.0654 3720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/13 14:27:55.0685 3720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/13 14:27:55.0747 3720 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/08/13 14:27:55.0872 3720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/13 14:27:55.0903 3720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/13 14:27:55.0950 3720 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/13 14:27:55.0997 3720 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/13 14:27:56.0090 3720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/13 14:27:56.0153 3720 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/08/13 14:27:56.0231 3720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/13 14:27:56.0293 3720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/13 14:27:56.0309 3720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/13 14:27:56.0340 3720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/13 14:27:56.0356 3720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/13 14:27:56.0418 3720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/13 14:27:56.0434 3720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/13 14:27:56.0480 3720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/13 14:27:56.0512 3720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/13 14:27:56.0543 3720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/13 14:27:56.0574 3720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/13 14:27:56.0605 3720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/13 14:27:56.0621 3720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/13 14:27:56.0652 3720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/13 14:27:56.0668 3720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/13 14:27:56.0699 3720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/13 14:27:56.0746 3720 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/13 14:27:56.0777 3720 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/13 14:27:56.0808 3720 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/13 14:27:56.0839 3720 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/13 14:27:56.0870 3720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/13 14:27:56.0933 3720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/13 14:27:56.0948 3720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/13 14:27:56.0980 3720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/13 14:27:57.0120 3720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/13 14:27:57.0151 3720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/13 14:27:57.0182 3720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/13 14:27:57.0214 3720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/13 14:27:57.0229 3720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/13 14:27:57.0260 3720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/13 14:27:57.0292 3720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/13 14:27:57.0323 3720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/13 14:27:57.0385 3720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/13 14:27:57.0432 3720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/13 14:27:57.0479 3720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/13 14:27:57.0526 3720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/13 14:27:57.0572 3720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/13 14:27:57.0588 3720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/13 14:27:57.0604 3720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/13 14:27:57.0650 3720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/13 14:27:57.0682 3720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/13 14:27:57.0884 3720 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/13 14:27:58.0150 3720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/13 14:27:58.0196 3720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/13 14:27:58.0228 3720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/13 14:27:58.0321 3720 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/08/13 14:27:58.0477 3720 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/08/13 14:27:58.0524 3720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/13 14:27:58.0571 3720 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/13 14:27:58.0602 3720 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/13 14:27:58.0649 3720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/13 14:27:58.0664 3720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/13 14:27:58.0711 3720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/13 14:27:58.0742 3720 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/13 14:27:58.0774 3720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/13 14:27:58.0820 3720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/13 14:27:58.0836 3720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/13 14:27:58.0852 3720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/13 14:27:58.0898 3720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/13 14:27:59.0039 3720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/13 14:27:59.0086 3720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/13 14:27:59.0210 3720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/13 14:27:59.0288 3720 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/13 14:27:59.0366 3720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/13 14:27:59.0522 3720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/13 14:27:59.0600 3720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/13 14:27:59.0616 3720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/13 14:27:59.0694 3720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/13 14:27:59.0741 3720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/13 14:27:59.0772 3720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/13 14:27:59.0803 3720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/13 14:27:59.0834 3720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/13 14:27:59.0866 3720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/13 14:27:59.0897 3720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/13 14:27:59.0944 3720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/13 14:27:59.0975 3720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/13 14:28:00.0006 3720 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/13 14:28:00.0084 3720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/13 14:28:00.0146 3720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/13 14:28:00.0224 3720 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
2011/08/13 14:28:00.0287 3720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/13 14:28:00.0318 3720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/13 14:28:00.0380 3720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/13 14:28:00.0427 3720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/13 14:28:00.0474 3720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/13 14:28:00.0490 3720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/13 14:28:00.0536 3720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/13 14:28:00.0552 3720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/13 14:28:00.0583 3720 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/13 14:28:00.0614 3720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/13 14:28:00.0646 3720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/13 14:28:00.0677 3720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/13 14:28:00.0708 3720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/13 14:28:00.0770 3720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/13 14:28:00.0833 3720 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/08/13 14:28:00.0864 3720 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/13 14:28:00.0926 3720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/13 14:28:01.0004 3720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/13 14:28:01.0145 3720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/13 14:28:01.0207 3720 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/13 14:28:01.0270 3720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/13 14:28:01.0316 3720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/13 14:28:01.0472 3720 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/13 14:28:01.0613 3720 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/08/13 14:28:01.0831 3720 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/13 14:28:01.0894 3720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/13 14:28:01.0940 3720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/13 14:28:01.0972 3720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/13 14:28:02.0018 3720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/13 14:28:02.0034 3720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/13 14:28:02.0096 3720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/13 14:28:02.0143 3720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/13 14:28:02.0159 3720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/13 14:28:02.0221 3720 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/08/13 14:28:02.0268 3720 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/13 14:28:02.0362 3720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/13 14:28:02.0408 3720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/13 14:28:02.0424 3720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/13 14:28:02.0486 3720 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/13 14:28:02.0518 3720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/13 14:28:02.0549 3720 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/13 14:28:02.0596 3720 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/13 14:28:02.0642 3720 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/13 14:28:02.0674 3720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/13 14:28:02.0720 3720 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/13 14:28:02.0752 3720 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/13 14:28:02.0814 3720 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/13 14:28:02.0892 3720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/13 14:28:02.0923 3720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/13 14:28:02.0939 3720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/13 14:28:02.0970 3720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/13 14:28:02.0986 3720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/13 14:28:03.0017 3720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/13 14:28:03.0032 3720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/13 14:28:03.0126 3720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/13 14:28:03.0173 3720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/13 14:28:03.0204 3720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/13 14:28:03.0235 3720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/13 14:28:03.0266 3720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/13 14:28:03.0298 3720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/13 14:28:03.0329 3720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/13 14:28:03.0376 3720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/13 14:28:03.0407 3720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/13 14:28:03.0516 3720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/13 14:28:03.0578 3720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/13 14:28:03.0703 3720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/13 14:28:03.0766 3720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/13 14:28:03.0812 3720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/13 14:28:03.0937 3720 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/13 14:28:04.0015 3720 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/08/13 14:28:04.0031 3720 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/13 14:28:04.0046 3720 Boot (0x1200) (2e9091c75db8b5ef7d6e26cccb3182bb) \Device\Harddisk0\DR0\Partition0
2011/08/13 14:28:04.0078 3720 Boot (0x1200) (56874c2103766a2591dc32de20c17b6d) \Device\Harddisk0\DR0\Partition1
2011/08/13 14:28:04.0078 3720 ================================================================================
2011/08/13 14:28:04.0078 3720 Scan finished
2011/08/13 14:28:04.0078 3720 ================================================================================
2011/08/13 14:28:04.0093 0944 Detected object count: 1
2011/08/13 14:28:04.0093 0944 Actual detected object count: 1
2011/08/13 14:28:20.0395 0944 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/13 14:28:20.0395 0944 \Device\Harddisk0\DR0 - ok
2011/08/13 14:28:20.0395 0944 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/13 14:28:28.0055 1780 Deinitialize success
ComboFix 11-08-13.02 - corrie 13-08-2011 14:34:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4025.2857
Gestart vanuit: c:\users\corrie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-13 to 2011-08-13 ))))))))))))))))))))))))))))))
.
.
2011-08-13 12:40 . 2011-08-13 12:40 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-08-13 08:14 . 2011-08-13 08:14 ——– d—–w- c:\program files (x86)\ESET
2011-08-12 11:03 . 2011-08-12 11:03 ——– d—–w- c:\program files (x86)\Trend Micro
2011-08-12 10:40 . 2011-08-12 10:40 ——– d—–w- c:\programdata\Malwarebytes
2011-08-12 10:40 . 2011-08-13 02:10 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-12 10:18 . 2011-08-13 02:10 ——– d—–w- c:\program files (x86)\ARO 2011
2011-08-09 05:58 . 2011-08-09 05:58 ——– d—–w- C:\57fc9da43119a6a1b4fc569e212aba5b
2011-08-09 05:53 . 2010-03-04 04:40 184832 —-a-w- c:\windows\system32\drivers\usbvideo.sys
2011-08-09 05:53 . 2010-03-04 04:32 243712 —-a-w- c:\windows\system32\drivers\ks.sys
2011-08-08 12:33 . 2011-02-12 06:14 267776 —-a-w- c:\windows\system32\FXSCOVER.exe
2011-08-08 12:31 . 2009-08-29 07:50 46592 —-a-w- c:\windows\system32\msasn1.dll
2011-08-08 12:31 . 2009-08-29 06:57 34816 —-a-w- c:\windows\SysWow64\msasn1.dll
2011-08-08 12:30 . 2011-05-24 11:21 404992 —-a-w- c:\windows\system32\umpnpmgr.dll
2011-08-08 12:30 . 2011-05-24 10:34 64512 —-a-w- c:\windows\SysWow64\devobj.dll
2011-08-08 12:30 . 2011-05-24 10:34 44544 —-a-w- c:\windows\SysWow64\devrtl.dll
2011-08-08 12:30 . 2011-05-24 10:34 145920 —-a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-08 12:30 . 2011-05-24 10:32 252928 —-a-w- c:\windows\SysWow64\drvinst.exe
2011-08-08 12:29 . 2010-12-18 06:12 3138048 —-a-w- c:\windows\system32\mstscax.dll
2011-08-08 12:29 . 2010-12-18 06:08 1097216 —-a-w- c:\windows\system32\mstsc.exe
2011-08-08 12:29 . 2010-12-18 05:30 2690560 —-a-w- c:\windows\SysWow64\mstscax.dll
2011-08-08 12:29 . 2010-12-18 05:26 1034240 —-a-w- c:\windows\SysWow64\mstsc.exe
2011-08-08 12:29 . 2011-06-11 02:56 3134464 —-a-w- c:\windows\system32\win32k.sys
2011-08-08 12:23 . 2010-08-27 06:14 236032 —-a-w- c:\windows\system32\srvsvc.dll
2011-08-08 12:23 . 2010-08-27 03:38 463360 —-a-w- c:\windows\system32\drivers\srv.sys
2011-08-08 12:23 . 2010-08-27 03:37 402944 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-08-08 12:23 . 2010-08-27 03:37 161792 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-08 05:56 . 2011-08-08 21:45 ——– d—–w- C:\47c50a00e30f115e4f224e0753b72200
2011-08-07 17:06 . 2011-08-07 17:06 ——– d—–w- c:\windows\Sun
2011-08-07 17:06 . 2011-08-07 17:06 ——– d—–w- c:\program files (x86)\Common Files\Java
2011-08-07 17:05 . 2011-08-07 17:05 ——– d—–w- c:\programdata\Ask
2011-08-07 17:05 . 2011-08-07 17:04 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-07 17:04 . 2011-08-07 17:04 ——– d—–w- c:\program files (x86)\Java
2011-08-07 06:11 . 2009-12-29 08:03 220672 —-a-w- c:\windows\system32\wintrust.dll
2011-08-07 06:11 . 2009-12-29 06:55 172032 —-a-w- c:\windows\SysWow64\wintrust.dll
2011-08-07 06:11 . 2010-01-09 07:19 139264 —-a-w- c:\windows\system32\cabview.dll
2011-08-07 06:11 . 2010-01-09 06:52 132608 —-a-w- c:\windows\SysWow64\cabview.dll
2011-08-07 06:06 . 2011-08-07 06:06 ——– d—–w- c:\program files (x86)\MSXML 4.0
2011-08-07 06:05 . 2011-06-02 06:45 362496 —-a-w- c:\windows\system32\wow64win.dll
2011-08-07 06:05 . 2011-06-02 06:35 338944 —-a-w- c:\windows\system32\conhost.exe
2011-08-07 05:47 . 2011-08-13 17:53 ——– d—–w- c:\windows\system32\Wat
2011-08-06 09:56 . 2011-08-06 09:56 ——– d—–w- c:\windows\SysWow64\drivers\AVG
2011-08-06 09:55 . 2011-08-13 08:02 ——– d—–w- c:\windows\system32\drivers\AVG
2011-08-06 09:55 . 2011-08-06 09:57 ——– d—–w- c:\programdata\AVG10
2011-08-06 09:54 . 2011-08-06 09:54 ——– d—–w- c:\program files (x86)\AVG
2011-08-06 09:54 . 2011-08-06 09:54 ——– d—–w- c:\windows\Java
2011-08-06 09:54 . 2010-08-22 11:48 114176 —-a-w- c:\windows\SysWow64\PCWizard.cpl
2011-08-03 06:06 . 2011-08-03 06:06 ——– d—–w- c:\program files (x86)\Panda Security
2011-08-03 06:02 . 2011-08-03 06:02 344 —-a-w- c:\programdata\bdinstall.bin
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\nl
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\0413
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\XPSViewer
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\wbem\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\drivers\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\nl
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\0413
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\wbem\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\drivers\UMDF\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\drivers\nl-NL
2011-08-03 02:05 . 2011-08-03 02:05 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2011-08-03 02:00 . 2011-08-03 02:00 ——– d—–w- c:\windows\NAPP_Dism_Log
2011-08-03 01:58 . 2009-09-09 22:41 348680 —-a-w- c:\windows\UNINST32.EXE
2011-08-03 01:58 . 2009-03-26 19:16 25608 —-a-w- c:\windows\SysWow64\drivers\DKbFltr.sys
2011-08-03 01:58 . 2009-09-21 19:00 1537024 —-a-w- c:\windows\system32\drivers\athrx.sys
2011-08-03 01:13 . 2011-08-07 11:48 ——– d—–w- C:\Backup
2011-08-02 21:53 . 2011-08-02 21:53 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2011-08-02 18:36 . 2011-08-02 18:36 ——– d—–w- c:\program files\PB Accessory Store
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\Macrovision Shared
2011-08-02 18:04 . 2008-06-16 01:00 55024 ——w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-02 17:49 . 2011-08-02 17:49 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
2011-08-02 17:48 . 2010-08-27 05:46 9728 —-a-w- c:\windows\SysWow64\sscore.dll
2011-08-02 17:44 . 2011-05-24 17:14 270720 ——w- c:\windows\system32\MpSigStub.exe
2011-08-02 17:42 . 2006-11-29 11:06 4398360 —-a-w- c:\windows\system32\d3dx9_32.dll
2011-08-02 17:42 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-08-02 17:42 . 2011-08-02 17:42 ——– d—–w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-08-02 17:41 . 2011-08-02 17:41 ——– d—–w- c:\program files (x86)\Microsoft
2011-08-02 17:40 . 2011-08-02 17:40 ——– d—–w- c:\program files (x86)\Windows Live SkyDrive
2011-08-02 17:40 . 2011-08-02 20:25 ——– d—–w- c:\program files (x86)\Windows Live
2011-08-02 17:38 . 2011-08-02 17:38 ——– d—–w- c:\program files (x86)\Common Files\Windows Live
2011-08-02 17:30 . 2011-08-02 17:30 ——– d—–w- c:\program files (x86)\Common Files\CyberLink
2011-08-02 17:30 . 2011-08-02 17:30 ——– d—–w- c:\program files (x86)\CyberLink
2011-08-02 17:29 . 2011-08-02 17:27 29480 —-a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-02 17:29 . 2011-08-02 17:27 505128 —-a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-02 17:29 . 2011-08-02 17:27 353576 —-a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-02 16:47 . 2011-08-02 16:47 ——– d—–w- c:\windows\Screensavers
2011-08-02 16:46 . 2011-08-06 10:10 ——– d—–w- c:\program files (x86)\Launch Manager
2011-08-02 16:45 . 2011-08-02 16:45 ——– d—–w- c:\program files\Synaptics
2011-08-02 16:43 . 2011-08-02 18:08 ——– d—–w- c:\program files (x86)\VideoWebCamera
2011-08-02 16:41 . 2011-08-02 16:42 ——– d—–w- c:\program files\CONEXANT
2011-08-02 16:34 . 2011-08-02 16:34 ——– d—–w- c:\users\Public\Symantec
2011-08-02 16:32 . 2011-08-13 07:57 ——– d—–w- c:\users\corrie
2011-08-02 16:31 . 2011-08-02 16:31 ——– d—–w- C:\Recovery
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Sjablonen
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Menu Start
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Sjablonen
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Menu Start
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Favorieten
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Documenten
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Bureaublad
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Mijn documenten
2011-08-02 16:18 . 2011-08-08 21:45 ——– d—–w- c:\windows\SysWow64\x64
2011-08-02 16:18 . 2011-08-02 16:18 ——– d—–w- c:\windows\SysWow64\Lang
2011-08-02 16:18 . 2010-08-25 17:45 948760 —-a-w- c:\windows\SysWow64\igxpun.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 02:05 . 2011-08-03 02:05 2560 —-a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 5632 —-a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 50688 —-a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 26624 —-a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2011-08-03 02:05 . 2011-08-03 02:05 16896 —-a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 2560 —-a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2011-08-02 20:49 . 2010-01-12 18:12 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-02 20:48 . 2010-01-12 18:11 882496 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-20 07:44 . 2011-08-02 17:44 8578896 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3929029E-9AE0-4B6F-860A-74E40B0DCA3B}\mpengine.dll
2011-06-02 05:56 . 2011-08-07 06:05 44032 —-a-w- c:\windows\apppatch\acwow64.dll
.
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Launch Manager\LManager .exe
c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray .exe
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation .exe
c:\program files (x86)\VideoWebCamera\VideoWebCamera .exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“msnmsgr”=“c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe”
.
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
xuzo.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:28, on 13-8-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - .DEFAULT User Startup: xuzo.exe (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8733 bytes
Ben

13-08-2011 15:24

Hallo corrie,
Open Kladblok, start>alle programma's>bureau-accessoires;
kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File:
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
xuzo.exe
Driver:
xuzo.exe
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje en hoe het nu gaat.
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
corrievisser

13-08-2011 15:45

Ben,
Hier de logjes: (krijg nog wel de virusmelding)
ComboFix 11-08-13.02 - corrie 13-08-2011 15:30:09.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4025.2711
Gestart vanuit: c:\users\corrie\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\corrie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-13 to 2011-08-13 ))))))))))))))))))))))))))))))
.
.
2011-08-13 13:34 . 2011-08-13 13:34 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-08-13 13:34 . 2011-08-13 13:34 ——– d—–w- c:\users\Administrator\AppData\Local\temp
2011-08-12 11:03 . 2011-08-12 11:03 ——– d—–w- c:\program files (x86)\Trend Micro
2011-08-12 10:40 . 2011-08-12 10:40 ——– d—–w- c:\programdata\Malwarebytes
2011-08-12 10:40 . 2011-08-13 02:10 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-12 10:18 . 2011-08-13 02:10 ——– d—–w- c:\program files (x86)\ARO 2011
2011-08-09 05:58 . 2011-08-09 05:58 ——– d—–w- C:\57fc9da43119a6a1b4fc569e212aba5b
2011-08-09 05:53 . 2010-03-04 04:40 184832 —-a-w- c:\windows\system32\drivers\usbvideo.sys
2011-08-09 05:53 . 2010-03-04 04:32 243712 —-a-w- c:\windows\system32\drivers\ks.sys
2011-08-08 12:33 . 2011-02-12 06:14 267776 —-a-w- c:\windows\system32\FXSCOVER.exe
2011-08-08 12:31 . 2009-08-29 07:50 46592 —-a-w- c:\windows\system32\msasn1.dll
2011-08-08 12:31 . 2009-08-29 06:57 34816 —-a-w- c:\windows\SysWow64\msasn1.dll
2011-08-08 12:30 . 2011-05-24 11:21 404992 —-a-w- c:\windows\system32\umpnpmgr.dll
2011-08-08 12:30 . 2011-05-24 10:34 64512 —-a-w- c:\windows\SysWow64\devobj.dll
2011-08-08 12:30 . 2011-05-24 10:34 44544 —-a-w- c:\windows\SysWow64\devrtl.dll
2011-08-08 12:30 . 2011-05-24 10:34 145920 —-a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-08 12:30 . 2011-05-24 10:32 252928 —-a-w- c:\windows\SysWow64\drvinst.exe
2011-08-08 12:29 . 2010-12-18 06:12 3138048 —-a-w- c:\windows\system32\mstscax.dll
2011-08-08 12:29 . 2010-12-18 06:08 1097216 —-a-w- c:\windows\system32\mstsc.exe
2011-08-08 12:29 . 2010-12-18 05:30 2690560 —-a-w- c:\windows\SysWow64\mstscax.dll
2011-08-08 12:29 . 2010-12-18 05:26 1034240 —-a-w- c:\windows\SysWow64\mstsc.exe
2011-08-08 12:29 . 2011-06-11 02:56 3134464 —-a-w- c:\windows\system32\win32k.sys
2011-08-08 12:23 . 2010-08-27 06:14 236032 —-a-w- c:\windows\system32\srvsvc.dll
2011-08-08 12:23 . 2010-08-27 03:38 463360 —-a-w- c:\windows\system32\drivers\srv.sys
2011-08-08 12:23 . 2010-08-27 03:37 402944 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-08-08 12:23 . 2010-08-27 03:37 161792 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-08 05:56 . 2011-08-08 21:45 ——– d—–w- C:\47c50a00e30f115e4f224e0753b72200
2011-08-07 17:06 . 2011-08-07 17:06 ——– d—–w- c:\windows\Sun
2011-08-07 17:06 . 2011-08-07 17:06 ——– d—–w- c:\program files (x86)\Common Files\Java
2011-08-07 17:05 . 2011-08-07 17:05 ——– d—–w- c:\programdata\Ask
2011-08-07 17:05 . 2011-08-07 17:04 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-07 17:04 . 2011-08-07 17:04 ——– d—–w- c:\program files (x86)\Java
2011-08-07 06:11 . 2009-12-29 08:03 220672 —-a-w- c:\windows\system32\wintrust.dll
2011-08-07 06:11 . 2009-12-29 06:55 172032 —-a-w- c:\windows\SysWow64\wintrust.dll
2011-08-07 06:11 . 2010-01-09 07:19 139264 —-a-w- c:\windows\system32\cabview.dll
2011-08-07 06:11 . 2010-01-09 06:52 132608 —-a-w- c:\windows\SysWow64\cabview.dll
2011-08-07 06:06 . 2011-08-07 06:06 ——– d—–w- c:\program files (x86)\MSXML 4.0
2011-08-07 06:05 . 2011-06-02 06:45 362496 —-a-w- c:\windows\system32\wow64win.dll
2011-08-07 06:05 . 2011-06-02 06:35 338944 —-a-w- c:\windows\system32\conhost.exe
2011-08-07 05:47 . 2011-08-13 17:53 ——– d—–w- c:\windows\system32\Wat
2011-08-06 09:56 . 2011-08-06 09:56 ——– d—–w- c:\windows\SysWow64\drivers\AVG
2011-08-06 09:55 . 2011-08-13 08:02 ——– d—–w- c:\windows\system32\drivers\AVG
2011-08-06 09:55 . 2011-08-06 09:57 ——– d—–w- c:\programdata\AVG10
2011-08-06 09:54 . 2011-08-06 09:54 ——– d—–w- c:\program files (x86)\AVG
2011-08-06 09:54 . 2011-08-06 09:54 ——– d—–w- c:\windows\Java
2011-08-06 09:54 . 2010-08-22 11:48 114176 —-a-w- c:\windows\SysWow64\PCWizard.cpl
2011-08-03 06:06 . 2011-08-03 06:06 ——– d—–w- c:\program files (x86)\Panda Security
2011-08-03 06:02 . 2011-08-03 06:02 344 —-a-w- c:\programdata\bdinstall.bin
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\nl
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\0413
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\XPSViewer
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\wbem\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\SysWow64\drivers\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\nl
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\0413
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\wbem\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\drivers\UMDF\nl-NL
2011-08-03 02:06 . 2011-08-03 02:06 ——– d—–w- c:\windows\system32\drivers\nl-NL
2011-08-03 02:05 . 2011-08-03 02:05 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2011-08-03 02:00 . 2011-08-03 02:00 ——– d—–w- c:\windows\NAPP_Dism_Log
2011-08-03 01:58 . 2009-09-09 22:41 348680 —-a-w- c:\windows\UNINST32.EXE
2011-08-03 01:58 . 2009-03-26 19:16 25608 —-a-w- c:\windows\SysWow64\drivers\DKbFltr.sys
2011-08-03 01:58 . 2009-09-21 19:00 1537024 —-a-w- c:\windows\system32\drivers\athrx.sys
2011-08-03 01:13 . 2011-08-07 11:48 ——– d—–w- C:\Backup
2011-08-02 21:53 . 2011-08-02 21:53 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2011-08-02 18:36 . 2011-08-02 18:36 ——– d—–w- c:\program files\PB Accessory Store
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\Macrovision Shared
2011-08-02 18:04 . 2008-06-16 01:00 55024 ——w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-02 18:04 . 2011-08-02 18:04 ——– d—–w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-02 17:49 . 2011-08-02 17:49 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
2011-08-02 17:48 . 2010-08-27 05:46 9728 —-a-w- c:\windows\SysWow64\sscore.dll
2011-08-02 17:44 . 2011-05-24 17:14 270720 ——w- c:\windows\system32\MpSigStub.exe
2011-08-02 17:42 . 2006-11-29 11:06 4398360 —-a-w- c:\windows\system32\d3dx9_32.dll
2011-08-02 17:42 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-08-02 17:42 . 2011-08-02 17:42 ——– d—–w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-08-02 17:41 . 2011-08-02 17:41 ——– d—–w- c:\program files (x86)\Microsoft
2011-08-02 17:40 . 2011-08-02 17:40 ——– d—–w- c:\program files (x86)\Windows Live SkyDrive
2011-08-02 17:40 . 2011-08-02 20:25 ——– d—–w- c:\program files (x86)\Windows Live
2011-08-02 17:38 . 2011-08-02 17:38 ——– d—–w- c:\program files (x86)\Common Files\Windows Live
2011-08-02 17:30 . 2011-08-02 17:30 ——– d—–w- c:\program files (x86)\Common Files\CyberLink
2011-08-02 17:30 . 2011-08-02 17:30 ——– d—–w- c:\program files (x86)\CyberLink
2011-08-02 17:29 . 2011-08-02 17:27 29480 —-a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-02 17:29 . 2011-08-02 17:27 505128 —-a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-02 17:29 . 2011-08-02 17:27 353576 —-a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-02 16:47 . 2011-08-02 16:47 ——– d—–w- c:\windows\Screensavers
2011-08-02 16:46 . 2011-08-06 10:10 ——– d—–w- c:\program files (x86)\Launch Manager
2011-08-02 16:45 . 2011-08-02 16:45 ——– d—–w- c:\program files\Synaptics
2011-08-02 16:43 . 2011-08-02 18:08 ——– d—–w- c:\program files (x86)\VideoWebCamera
2011-08-02 16:41 . 2011-08-02 16:42 ——– d—–w- c:\program files\CONEXANT
2011-08-02 16:34 . 2011-08-02 16:34 ——– d—–w- c:\users\Public\Symantec
2011-08-02 16:32 . 2011-08-13 07:57 ——– d—–w- c:\users\corrie
2011-08-02 16:31 . 2011-08-02 16:31 ——– d—–w- C:\Recovery
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Sjablonen
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Menu Start
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Sjablonen
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Menu Start
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Favorieten
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Documenten
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\programdata\Bureaublad
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
2011-08-02 16:31 . 2011-08-02 16:31 ——– d-sh–we c:\users\Default\Mijn documenten
2011-08-02 16:18 . 2011-08-08 21:45 ——– d—–w- c:\windows\SysWow64\x64
2011-08-02 16:18 . 2011-08-02 16:18 ——– d—–w- c:\windows\SysWow64\Lang
2011-08-02 16:18 . 2010-08-25 17:45 948760 —-a-w- c:\windows\SysWow64\igxpun.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 02:05 . 2011-08-03 02:05 2560 —-a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 5632 —-a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 50688 —-a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 26624 —-a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2011-08-03 02:05 . 2011-08-03 02:05 16896 —-a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2011-08-03 02:05 . 2011-08-03 02:05 2560 —-a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2011-08-02 20:49 . 2010-01-12 18:12 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-02 20:48 . 2010-01-12 18:11 882496 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-20 07:44 . 2011-08-02 17:44 8578896 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3929029E-9AE0-4B6F-860A-74E40B0DCA3B}\mpengine.dll
2011-06-02 05:56 . 2011-08-07 06:05 44032 —-a-w- c:\windows\apppatch\acwow64.dll
.
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Launch Manager\LManager .exe
c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray .exe
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation .exe
c:\program files (x86)\VideoWebCamera\VideoWebCamera .exe
.
((((((((((((((((((((((((((((( SnapShot@2011-08-13_12.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 05:17 . 2011-08-13 13:37 32228 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-13 13:37 31514 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-08-02 16:16 . 2011-08-13 12:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-02 16:16 . 2011-08-13 13:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-02 16:16 . 2011-08-13 12:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-02 16:16 . 2011-08-13 13:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-13 12:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-13 13:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 16:42 . 2011-08-13 13:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-02 16:42 . 2011-08-13 12:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-02 16:42 . 2011-08-13 13:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-02 16:42 . 2011-08-13 12:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-02 16:42 . 2011-08-13 13:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-02 16:42 . 2011-08-13 12:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 16:42 . 2011-08-13 13:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-02 16:42 . 2011-08-13 12:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-02 16:42 . 2011-08-13 12:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 16:42 . 2011-08-13 13:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 16:41 . 2011-08-13 13:37 5082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1807658666-2274608594-494710101-1001_UserData.bin
- 2011-08-13 12:41 . 2011-08-13 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-13 13:35 . 2011-08-13 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-13 13:35 . 2011-08-13 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-13 12:41 . 2011-08-13 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-08-13 12:43 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-08-13 13:36 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:34 . 2011-08-13 08:09 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-13 12:58 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“msnmsgr”=“c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe”
.
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
xuzo.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 15619765;15619765;
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
2009-10-30 05:31 750064 —-a-w- c:\programdata\Partner\Partner64.dll
.
“IAAnotif”=“c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“cAudioFilterAgent”=“c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe”
“SynTPEnh”=“c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 172.19.3.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-13 15:42:14 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-13 13:42
ComboFix2.txt 2011-08-13 12:49
.
Pre-Run: 445.828.415.488 bytes beschikbaar
Post-Run: 445.779.206.144 bytes beschikbaar
.
- - End Of File - - 0B726DAC88D8DB0566987E4B88350D7C
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:44:06, on 13-8-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - .DEFAULT User Startup: xuzo.exe (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8733 bytes
Ben

13-08-2011 23:08

Hallo Corrie,
Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
en sla het op je bureaublad op.
•Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
•De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op ‘alles selecteren’ kies nu voor ‘repareren’ en uit het kleine menutje dat verschijnt kies je ‘verplaatsen’.
•Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
•Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
•Adware: Verplaats
•Dialers: Verplaats
•Jokes: Rapportage
•Riskware: Rapportage
•Hacktools: Verplaats
•Haal dan het vinkje weg bij ‘Prompt bij actie’.
•Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
•Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
•Gevonden bestanden worden naar ‘%USERPROFILE%\DocterWeb\Quarantine’ -map verplaatst indien het herstellen niet mogelijk is.
•Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
•Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
•Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
samen met een nieuw Hijack this logje.
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Ben
corrievisser

14-08-2011 11:07

Hallo Ben,
Tijdens de volledige scan sloeg het beeld weer op blauw, en startte de laptop weer opnieuw op.
Ik weer niet of het verstandig is, maar doe het bovenstaande weer opnieuw.
groet Corrie
corrievisser

14-08-2011 19:11

Hallo Ben
DR.Web heeft geen? niets gevonden, kon dus ook geen rapport opslaan.
HTlog,
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:41, on 14-8-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Trend Micro\Hijackthis\HijackThis.exe
C:\Windows\SysWOW64\cmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Windows\System32\browserchoice.exe” /run
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8841 bytes
groet Corrie
Ben

14-08-2011 19:35

Hallo corrie.
Er is toch wat gebeurd waarschijnlijk bij de eerste scan.
1.hoe staat het met je problemen?
2.probeer nu windows te updaten onderandere service pack 1
3.update je virus scanner 2011 http://free.avg.com/nl-nl/startpagina
Als dat alemaal gelukt is gaan we verder.(plaats daar een nieuw hijack this logje van)
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Ben
corrievisser

14-08-2011 22:40

Hallo Ben,
Virusscanner vind ook geen virus meer, en nog niet weer een blauwscherm gehad.
Hopelijk zijn de updates nu kompleet;
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:10, on 14-8-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Trend Micro\Hijackthis\HijackThis.exe
C:\Windows\SysWOW64\cmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27360811n3b6l0390z195f4841v210
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8876 bytes
gr, Corrie
Ben

15-08-2011 07:53

Hallo corrie,
Zo we gaan de goede kant op (tu)
Volgende stappen;
Verwijder onder programma's de volgende dingen;
Google toolbar(als je die niet gebruikt)
TDSSkiller
DRweb
Verwijderen ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter
http://www.emphyrio.be/images/SMUninstall_combofix.png
Leeg je prullenbak
Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier: http://www.malwareinfo.nl/malware/systeemherstel.html
Nieuw herstel maken leest u hier: http://windows.microsoft.com/nl-NL/windows7/Create-a-restore-point
Mbam kan je laten staan en eens in de week je pc mee laten scannen (na upgedate te hebben)
Download spyware blaster ter voorkoming van spyware (eens in de week updaten en verder hoef je niks te doen)
Link spywareblaster http://www.filehippo.com/download_spywareblaster/
Hou alleen je surfgedrag in de gaten en kijk uit met programma's downloaden,
en verander voor de zekerheid ook al je wacht worden.
Als je pc zo verder goed werkt laten we het erbij suc6 ermee (voor verdere vragen ben je hier of op het hardware pagina altijd welkom)
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Ben
corrievisser

15-08-2011 10:10

Hallo Ben,
Knap hoor zo via een prikbord mensen helpen met het op orde en schoon krijgen van de computer,(tu)
Heel erg bedankt voor je hulp en tijd.
groet Corrie

Virus - scheur3.CMIY

corrievisser

Ben

corrievisser

Ben

corrievisser

corrievisser

Ben

corrievisser

Ben

corrievisser