Virus dat meldt dat de schijf te vol zit

**rbjbv** · 04-12-10, 14:05

Geachte lezer,

Bij voorbaat alvast bedankt voor je aandacht en hulp.

Info systeem:
- Desktop pc met Windows XP Professional met alle updates
- Norman als virusscanner
- Windows Firewall als firewall
Verder weinig bijzonderheden.

Sinds gisterochtend deed mijn pc al een beetje raar, Windows meldde mij dat er geen Virusscanner was geïnstalleerd, terwijl dit zeker wel het geval is namelijk Norman, onderin zag ik dat het icoontje van Norman bezig was met updaten, 'dan zal het daar wel aan liggen' dacht ik.
De hele dag verder gegaan met af en toe achter de computer werken tot er gisteravond ineens een programma opende: Het leek een of ander diskcleaning programma dat mijn schijf ging analyseren. Snel daarna kwam er rechtsonder een informatieballon tevoorschijn met de informatie dat mijn harde schijf te vol was en kort daarna volgde nog wat foutmeldingen met soortgelijke strekking (in het Engels).
Ik was er zeker van dat mijn schijf niet te vol zat en heb gekeken in het taakbeheer.
Daar zag ik 2 gekke dingen; 1 daarvan was een cijfercode.exe (12123123.exe of iets dergelijks) en de tweede was een harddisk-inspectie programma, de preciese naam weet ik niet meer.
Beide programma's meteen gesloten in het taakbeheer dat ervoor zorgde dat alle icoontjes op het bureaublad en taakbalk waren verdwenen. Toen meteen de computer opnieuw opgestart in veilige modus en nu probeer ik het euvel te verwijderen.

Het volgende heb ik inmiddels gedaan:
- Computer opnieuw opgestart in veilige modus
- Spybot Search & Destroy gedraaid, deze heeft alle tijdelijke bestanden verwijderd en heeft (zoals altijd) een aantal dingen verwijderd, het waren dit keer 63 entries.
- MBAM quickscan gedraaid; deze heeft niets gevonden.

- Computer opnieuw opgestart in veilige modus met netwerkmogelijkheden (voor het updaten van mijn anti-spyware/anti-virussoftware)
- Norman Virusscanner gedraaid (deze is up-to-date), na vannacht is deze klaar en heeft 13 bestanden in quarantaine gezet, waarvan hij meent dat het Trojaanse paarden zijn:
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/Emailer.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/Familie.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/PhonBook.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/Emailer.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/Familie.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/PhonBook.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : Is.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : MyName.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : Phone.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : Is.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : MyName.class
C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : Phone.class
C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\6WM52HSJ\433-direct[1].exe

- Direct hierna MBAM geüpdate en computer opnieuw opgestart in veilige modus.
- MBAM volledige scan gedaan maar deze heeft niets gevonden. Ik denk dat ik nog wel problemen heb dus hierbij mijn HijackThis log:

=======================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:23, on 4-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alternate.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.113.5.2:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "D:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HDInspector.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\RarSFX0\HDInspector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartIndex] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-8OBU6.exe" /REG
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.nl/s/v/56.44/uploader2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://193.172.162.99:8080/program/SonyNetworkCameraViewer.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} (CNeroSerialChecker Object) - http://www.nero.com/doc/NeroVersionChecker.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://188.203.191.57/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9cc9318bcea24) (gupdate1c9cc9318bcea24) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - D:\Program Files\Norman\Ngs\Bin\Nnf.exe
O23 - Service: Norman NJeeves - Norman ASA - D:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - D:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - D:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - D:\Program Files\Norman\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - D:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - D:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe

--
End of file - 15984 bytes

===============================

Met vriendelijke groet,
Robert-Jan

**smeenk** · 04-12-10, 16:33

Download zoek.exe naar je bureaublad.
Dubbelklik daarna zoek.exe om deze te starten.
Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:

Code:

C:\WINDOWS\xmsat4Sw.dll;
C:\WINDOWS\Temp\_ex-08.exe;
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe;
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

**rbjbv** · 04-12-10, 19:13

Hierbij de log van Zoek.exe (uitgevoerd in veilige modus)

==================
Zoek.exe by smeenk
Updated 03-12-2010
==================
Deleting files\folders

"C:\WINDOWS\Temp\_ex-08.exe" not found
"C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe" not found
"C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe" not found
"C:\WINDOWS\xmsat4Sw.dll" deleted

------------

Mvg, Robert-Jan

**smeenk** · 04-12-10, 23:47

Dubbelklik opnieuw Zoek.exe om deze te starten.
Typ A gevolgd door Enter om de "Standard search" te starten.
Wacht geduldig tot het CMD-venster sluit en een kladblokvenster opent.
Selecteer de volledige inhoud van het log en kopieer dit in je volgende bericht.

**rbjbv** · 05-12-10, 10:42

Hierbij de log:

==================
Zoek.exe by smeenk
Updated 03-12-2010
======C:\WINDOWS====
----a-w 0 2010-12-05 09:07:08 C:\WINDOWS\0.log
--s-a-w 2,048 2010-12-05 09:06:38 C:\WINDOWS\bootstat.dat
----a-w 711,168 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.exe
----a-w 399 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.lst
----a-w 11,793 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.msg
----a-w 787,680 2010-12-05 09:14:26 C:\WINDOWS\ntbtlog.txt
----a-w 633 2010-11-10 15:36:23 C:\WINDOWS\ODBC.INI
----a-w 32,624 2010-12-03 20:48:11 C:\WINDOWS\SchedLgU.Txt
----a-w 449,162 2010-12-02 15:51:36 C:\WINDOWS\setupapi.log
----a-w 8,405,015 2010-12-03 17:11:13 C:\WINDOWS\TempFile
----a-w 63 2010-11-10 15:35:20 C:\WINDOWS\vbaddin.ini
----a-w 215 2010-12-03 20:48:12 C:\WINDOWS\wiadebug.log
----a-w 49 2010-12-03 17:11:19 C:\WINDOWS\wiaservc.log
----a-w 1,392 2010-11-10 15:37:06 C:\WINDOWS\win.ini
----a-w 1,991,940 2010-12-04 21:24:12 C:\WINDOWS\WindowsUpdate.log

======C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp====
----a-w 155 2010-12-04 18:10:40 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\input.txt
----a-w 1,327 2010-12-05 09:14:36 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\log.txt
----a-w 311,296 2010-12-04 09:07:08 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\~DF2C64.tmp
----a-w 65,536 2010-12-04 09:18:51 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\~DF345C.tmp

======C:\WINDOWS\system32=====

======C:\WINDOWS\system32\drivers=====
======C:\WINDOWS\Tasks======
----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
----a-w 472 2010-12-03 17:40:26 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
----a-w 472 2010-12-03 17:40:26 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
----a-w 968 2010-12-03 19:50:50 C:\WINDOWS\Tasks\Google Software Updater.job
----a-w 1,038 2010-12-03 17:13:55 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
----a-w 1,042 2010-12-03 20:05:00 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
---ha-w 330 2010-12-05 09:10:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job
----a-w 236 2010-12-03 17:13:55 C:\WINDOWS\Tasks\OGALogon.job
---ha-w 6 2010-12-03 20:48:11 C:\WINDOWS\Tasks\SA.DAT
---ha-w 464 2010-12-03 17:15:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A692B50B-E9BF-40BF-B3A8-87796F0036BA}.job

======C:\WINDOWS\Temp======
----a-w 4,380 2010-12-04 18:24:53 C:\WINDOWS\Temp\MpCmdRun.log
----a-w 483 2010-12-05 09:07:05 C:\WINDOWS\Temp\WGAErrLog.txt

=======C:\Program Files=====
=======C:=====
----a-w 3,024 2010-11-09 19:04:51 C:\bar.emf
--sha-w 2,145,386,496 2010-12-05 09:06:30 C:\pagefile.sys

======C:\Documents and Settings\Robert-Jan\Application Data======
----a-w 27,039 2010-11-10 13:53:35 C:\Documents and Settings\Robert-Jan\Application Data\phpdesigner.xml

======C:\Documents and Settings\Robert-Jan======
---ha-w 17,301,504 2010-12-04 21:24:12 C:\Documents and Settings\Robert-Jan\NTUSER.DAT
---ha-w 106,496 2010-12-05 09:14:29 C:\Documents and Settings\Robert-Jan\ntuser.dat.LOG
--sh--w 188 2010-12-04 21:24:12 C:\Documents and Settings\Robert-Jan\ntuser.ini

======C:\WINDOWS\Downloaded Program Files====
=============
======C:====
----a-w 73,000 2010-11-17 16:28:53 C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.0.54\SetupAdmin.exe
----a-w 6,153,352 2010-12-04 09:07:04 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
----a-w 22,016 2010-12-03 20:17:31 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe
----a-w 77,312 2010-12-03 20:17:43 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe
----a-w 0 2010-12-03 20:18:19 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe
----a-w 6,153,352 2010-12-04 09:07:04 C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\70R4VNAX\mbam-setup[1].exe
----a-w 5,227,019 2010-11-17 19:33:54 C:\Documents and Settings\Robert-Jan\Mijn documenten\Downloads\namebench-1.3.1-Windows.exe
----a-w 716,624 2010-12-04 09:07:07 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
----a-w 4,302,000 2010-11-17 16:39:09 C:\Program Files\Spotify\spotify.exe
----a-w 711,168 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.exe
----a-w 530,832 2010-12-03 05:33:01 C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d_bd1.exe

=============
----a-w 10,752 2010-12-03 17:17:32 C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\I0R4V594\AdRendererFactory[1].dll

=============

=============
----a-w 712 2010-12-04 09:07:14 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
----a-w 712 2010-12-04 09:07:13 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
----a-w 736 2010-12-04 09:07:14 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes' Anti-Malware.lnk
----a-w 2,527 2010-12-02 14:58:03 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office Word 2007.lnk
----a-w 805 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Bureaublad\Disk Doctor.lnk
----a-w 817 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Menu Start\Programma's\Disk Doctor\Disk Doctor.lnk
----a-w 889 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Menu Start\Programma's\Disk Doctor\Uninstall Disk Doctor.lnk
----a-w 438 2010-12-02 17:24:50 C:\Documents and Settings\Robert-Jan\Onlangs geopend\authenticatie4.php.lnk
----a-w 582 2010-12-02 21:16:53 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Bedrijfskundig verslag _opzet.doc.lnk
----a-w 372 2010-12-02 21:16:53 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Cinevideogroup.lnk
----a-w 358 2010-12-02 17:15:28 C:\Documents and Settings\Robert-Jan\Onlangs geopend\config.lnk
----a-w 415 2010-12-02 17:25:03 C:\Documents and Settings\Robert-Jan\Onlangs geopend\connect.php.lnk
----a-w 432 2010-12-02 17:25:07 C:\Documents and Settings\Robert-Jan\Onlangs geopend\connect_eind.php.lnk
----a-w 185 2010-12-04 18:11:32 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Cruzer

.lnk
----a-w 469 2010-12-02 17:26:38 C:\Documents and Settings\Robert-Jan\Onlangs geopend\database informatie.txt.lnk
----a-w 415 2010-12-02 17:25:09 C:\Documents and Settings\Robert-Jan\Onlangs geopend\grafiek.php.lnk
----a-w 324 2010-12-04 12:40:36 C:\Documents and Settings\Robert-Jan\Onlangs geopend\hijackthis_04122010.log.lnk
----a-w 290 2010-12-02 16:58:46 C:\Documents and Settings\Robert-Jan\Onlangs geopend\hilversum_uren.lnk
----a-w 407 2010-12-02 17:25:14 C:\Documents and Settings\Robert-Jan\Onlangs geopend\index.php (2).lnk
----a-w 314 2010-12-04 18:11:32 C:\Documents and Settings\Robert-Jan\Onlangs geopend\input tekst RJ.txrt.txt.lnk
----a-w 412 2010-12-02 17:24:40 C:\Documents and Settings\Robert-Jan\Onlangs geopend\iphone.css.lnk
----a-w 534 2010-12-03 20:17:18 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Kim.lnk
----a-w 744 2010-12-04 12:53:56 C:\Documents and Settings\Robert-Jan\Onlangs geopend\mbam-log-2010-12-04 (12-47-01).txt.lnk
----a-w 628 2010-12-02 15:51:05 C:\Documents and Settings\Robert-Jan\Onlangs geopend\sneeuw achtergrond.jpg.lnk
----a-w 441 2010-12-02 17:23:03 C:\Documents and Settings\Robert-Jan\Onlangs geopend\speciale_tekens.php.lnk
----a-w 435 2010-12-02 17:23:48 C:\Documents and Settings\Robert-Jan\Onlangs geopend\tijdconversie.txt.lnk
----a-w 438 2010-12-02 17:23:22 C:\Documents and Settings\Robert-Jan\Onlangs geopend\tijd_conversie.php.lnk
----a-w 438 2010-12-02 17:23:37 C:\Documents and Settings\Robert-Jan\Onlangs geopend\toevoegen_ipod.php.lnk
----a-w 420 2010-12-02 17:23:50 C:\Documents and Settings\Robert-Jan\Onlangs geopend\vergroot.php.lnk
----a-w 200 2010-12-02 17:33:55 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Web op 'Media (192.168.1.88)' (W) (3).lnk

=============
--sha-w 2,145,386,496 2010-12-05 09:06:30 C:\pagefile.sys

=============

**smeenk** · 05-12-10, 20:16

http://virscan.org/
http://www.virustotal.com/index.html

Zou je onderstaande bestanden bij één van bovenstaande websites willen uploaden om te laten scannen:

C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe
C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe
C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe
C:\WINDOWS\is-8OBU6.exe

**rbjbv** · 06-12-10, 10:54

Hierbij de logjes, het derde bestand wat je noemde kon niet worden gescand omdat het bestand niet kon worden gevonden.
Vanaf donderdag ben ik pas weer bij de computer en zal ik weer verdere stappen kunnen ondernemen.
Alvast bedankt voor je inzet!

VirSCAN.org Scanned Report :
Scanned time : 2010/12/06 10:34:42 (CET)
Scanner results: 28% van de scanners (10/36) detecteerde malware!
File Name : KB11225515.exe
File Size : 22016 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4728042bea5fb6b91c1e1fed78e3d76e
SHA1 : c700b886670899294a0b594c33bd75f2267e9b05
Online report : http://virscan.org/report/71fbdee69a...0f8a4f7ab.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101204011638 2010-12-04 5.21 Trojan.Win32.FakeAV!IK
AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 1.62 -
AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.28 -
Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
Arcavir 2010 201012061427 2010-12-06 0.01 -
Authentium 5.1.1 201012051833 2010-12-05 1.40 -
AVAST! 4.7.4 101205-1 2010-12-05 0.01 -
AVG 8.5.850 271.1.1/3299 2010-12-06 0.26 Pakes.HWT
BitDefender 7.90123.6368844 7.34928 2010-12-06 6.12 -
ClamAV 0.96.3 12360 2010-12-06 0.01 -
Comodo 4.0 6966 2010-12-06 0.95 -
CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.04 -
Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.16 -
F-Prot 4.4.4.56 20101205 2010-12-05 1.31 -
F-Secure 7.02.73807 2010.12.06.07 2010-12-06 0.13 Trojan.Win32.FakeAV.vyk [AVP]
Fortinet 4.2.254 12.637 2010-12-05 0.22 W32/FakeAV.EE!tr
GData 21.1231/21.522 20101206 2010-12-06 8.00 Trojan.Win32.FakeAV.vyk [Engine:A]
ViRobot 20101204 2010.12.04 2010-12-04 0.60 -
Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.39 Trojan.Win32.FakeAV
JiangMin 13.0.900 2010.11.30 2010-11-30 1.39 -
Kaspersky 5.5.10 2010.12.06 2010-12-06 0.08 Trojan.Win32.FakeAV.vyk
KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.67 -
McAfee 5400.1158 6188 2010-12-05 18.33 -
Microsoft 1.6402 2010.12.06 2010-12-06 5.95 VirTool:Win32/Obfuscator.JL(Suspicious)
Norman 6.06.11 6.06.00 2010-12-03 2.01 -
Panda 9.05.01 2010.12.03 2010-12-03 0.67 -
Trend Micro 9.120-1004 7.682.01 2010-12-05 0.03 -
Quick Heal 11.00 2010.12.04 2010-12-04 0.94 -
Rising 20.0 22.76.06.03 2010-12-05 2.32 -
Sophos 3.14.1 4.60 2010-12-06 2.96 Mal/FakeAV-EE
Sunbelt 3.9.2459.2 7530 2010-12-05 0.68 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20101205.002 2010-12-05 0.07 -
nProtect 20101206.01 9269328 2010-12-06 11.60 -
The Hacker 6.7.0.1 v00095 2010-12-05 0.41 -
VBA32 3.12.14.2 20101203.1003 2010-12-03 7.18 -
VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 2.61 -

VirSCAN.org Scanned Report :
Scanned time : 2010/12/06 10:37:42 (CET)
Scanner results: 33% van de scanners (12/36) detecteerde malware!
File Name : KB11237406.exe
File Size : 77312 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : da88f752d21d2b97643b9d7aaad7c11c
SHA1 : fca1839d2b4e8ddd5838c29d958d4b8176b08409
Online report : http://virscan.org/report/2a20333e7d...d473737ae.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101204011638 2010-12-04 5.58 Trojan.Win32.Hiloti!IK
AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 2.60 -
AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.32 TR/Crypt.XPACK.Gen
Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
Arcavir 2010 201012061427 2010-12-06 0.01 -
Authentium 5.1.1 201012051833 2010-12-05 1.39 -
AVAST! 4.7.4 101205-1 2010-12-05 0.01 -
AVG 8.5.850 271.1.1/3299 2010-12-06 0.25 Hiloti.BY
BitDefender 7.90123.6368844 7.34928 2010-12-06 5.93 Gen:Variant.Kazy.3274
ClamAV 0.96.3 12360 2010-12-06 0.02 -
Comodo 4.0 6966 2010-12-06 0.95 TrojWare.Win32.TrojanDownloader.Mufanom.GEN
CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.06 -
Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.10 -
F-Prot 4.4.4.56 20101205 2010-12-05 1.31 -
F-Secure 7.02.73807 2010.12.06.07 2010-12-06 0.13 -
Fortinet 4.2.254 12.637 2010-12-05 1.75 -
GData 21.1231/21.522 20101206 2010-12-06 9.71 -
ViRobot 20101204 2010.12.04 2010-12-04 0.38 -
Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.46 Trojan.Win32.Hiloti
JiangMin 13.0.900 2010.11.30 2010-11-30 1.89 -
Kaspersky 5.5.10 2010.12.06 2010-12-06 0.09 -
KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.83 -
McAfee 5400.1158 6188 2010-12-05 18.55 Hiloti.gen.i
Microsoft 1.6402 2010.12.06 2010-12-06 3.58 Trojan:Win32/Hiloti.gen!D
Norman 6.06.11 6.06.00 2010-12-03 2.01 -
Panda 9.05.01 2010.12.03 2010-12-03 0.59 -
Trend Micro 9.120-1004 7.682.01 2010-12-05 0.03 TROJ_HILOTI.SMEO
Quick Heal 11.00 2010.12.04 2010-12-04 0.99 -
Rising 20.0 22.76.06.03 2010-12-05 2.02 -
Sophos 3.14.1 4.60 2010-12-06 2.95 Mal/Hiloti-D
Sunbelt 3.9.2459.2 7530 2010-12-05 0.74 -
Symantec 1.3.0.24 20101205.002 2010-12-05 0.06 -
nProtect 20101206.01 9269328 2010-12-06 12.02 Gen:Variant.Kazy.3274
The Hacker 6.7.0.1 v00095 2010-12-05 0.41 -
VBA32 3.12.14.2 20101203.1003 2010-12-03 3.14 -
VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 2.59 Trojan.Hiloti.Gen!Pac

VirSCAN.org Scanned Report :
Scanned time : 2010/12/06 10:43:09 (CET)
Scanner results: Geen enkele scanner vond malware!
File Name : is-8OBU6.exe
File Size : 711168 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 296a2fac6a99515a8a57d6af147890e6
SHA1 : 44e5e5bedf8527fd15a25ff0fab1cd8cd34b82a8
Online report : http://virscan.org/report/f5a1214a2f...7cec44598.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101204011638 2010-12-04 5.15 -
AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 1.44 -
AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.29 -
Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
Arcavir 2010 201012061427 2010-12-06 0.00 -
Authentium 5.1.1 201012051833 2010-12-05 5.58 -
AVAST! 4.7.4 101205-1 2010-12-05 0.07 -
AVG 8.5.850 271.1.1/3299 2010-12-06 0.28 -
BitDefender 7.90123.6368844 7.34928 2010-12-06 5.91 -
ClamAV 0.96.3 12360 2010-12-06 0.22 -
Comodo 4.0 6966 2010-12-06 0.95 -
CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.12 -
Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.29 -
F-Prot 4.4.4.56 20101205 2010-12-05 5.12 -
F-Secure 7.02.73807 2010.12.06.07 2010-12-06 11.62 -
Fortinet 4.2.254 12.637 2010-12-05 0.22 -
GData 21.1231/21.522 20101206 2010-12-06 8.07 -
ViRobot 20101204 2010.12.04 2010-12-04 0.36 -
Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.68 -
JiangMin 13.0.900 2010.11.30 2010-11-30 1.39 -
Kaspersky 5.5.10 2010.12.06 2010-12-06 0.15 -
KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.75 -
McAfee 5400.1158 6188 2010-12-05 18.05 -
Microsoft 1.6402 2010.12.06 2010-12-06 3.41 -
Norman 6.06.11 6.06.00 2010-12-03 2.01 -
Panda 9.05.01 2010.12.03 2010-12-03 0.60 -
Trend Micro 9.120-1004 7.682.01 2010-12-05 0.05 -
Quick Heal 11.00 2010.12.04 2010-12-04 1.13 -
Rising 20.0 22.76.06.03 2010-12-05 2.21 -
Sophos 3.14.1 4.60 2010-12-06 2.99 -
Sunbelt 3.9.2459.2 7530 2010-12-05 0.93 -
Symantec 1.3.0.24 20101205.002 2010-12-05 0.06 -
nProtect 20101206.01 9269328 2010-12-06 10.33 -
The Hacker 6.7.0.1 v00095 2010-12-05 0.44 -
VBA32 3.12.14.2 20101203.1003 2010-12-03 3.60 -
VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 7.01 -

**smeenk** · 06-12-10, 11:16

Dubbelklik zoek.exe opnieuw om deze te starten.
Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:

Code:

C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe;
C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe;
C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
DDS - Techsupport download: http://www.techsupportforum.com/sectools/sUBs/dds
DDS - Bleeping download: http://download.bleepingcomputer.com/sUBs/dds.scr
DDS - Forospyware Download: http://www.forospyware.com/sUBs/dds
Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.
Post beide logjes in je volgende bericht.

**rbjbv** · 09-12-10, 22:54

Excuses voor het late reageren maar dank voor je reactie!

Hierbij de log van de zoek.exe:

==================
Zoek.exe by smeenk
Updated 03-12-2010
==================
Deleting files\folders

"C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe" deleted
"C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe" deleted
"C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe" deleted

[In het venster van de zoek.exe zei hij wel 'file not found' of iets dergelijks...]

En in de bijlage zitten de DDS.txt en Attach.txt
Nog een laatste opmerking, in het mapje Robert-Jan/opstarten kun je een 'share.bat' voorbij zien komen, deze heb ik zelf aangemaakt en is dus niks kwaads.

Alvast bedankt!

**smeenk** · 09-12-10, 23:06

Download TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en Rechtsklik op TDSSKiller.exe Uitvoeren als Administrator (alleen voor Vista en Win7 gebruikers) om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

**rbjbv** · 09-12-10, 23:15

Klein vraagje; mag dit onder Veilige modus (met netwerkmogelijkheden)? Of moet dit onder normale opstartmodus?

Ik vind persoonlijk de veilige modus wel zo veilig

**smeenk** · 09-12-10, 23:20

Probeer maar in veilige modus, geeft het programma aan dat het niet kan werken in veilige modus, dan zal je het alsnog in normale modus moeten doen.

**rbjbv** · 10-12-10, 11:02

Programma gedraaid in veilige modus, geen meldingen oid.
Aan het eind van het scannen heeft hij volgens mij 1 ding gevonden, toen vroeg hij of ik de computer opnieuw op wilde starten en dat heb ik gedaan (wederom in veilige modus).
Maar het programma startte zelf niet automatisch meer op, dus moest mijn log zoeken, gelukkig stond deze opgeslagen op de C:/ schijf, hierbij de log:

2010/12/10 10:41:28.0015 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/10 10:41:28.0015 ================================================================================
2010/12/10 10:41:28.0015 SystemInfo:
2010/12/10 10:41:28.0015
2010/12/10 10:41:28.0015 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/10 10:41:28.0015 Product type: Workstation
2010/12/10 10:41:28.0015 ComputerName: MONTAGE_DS
2010/12/10 10:41:28.0015 UserName: Robert-Jan
2010/12/10 10:41:28.0015 Windows directory: C:\WINDOWS
2010/12/10 10:41:28.0015 System windows directory: C:\WINDOWS
2010/12/10 10:41:28.0015 Processor architecture: Intel x86
2010/12/10 10:41:28.0015 Number of processors: 4
2010/12/10 10:41:28.0015 Page size: 0x1000
2010/12/10 10:41:28.0015 Boot type: Safe boot with network
2010/12/10 10:41:28.0015 ================================================================================
2010/12/10 10:41:28.0390 Initialize success
2010/12/10 10:41:40.0562 ================================================================================
2010/12/10 10:41:40.0562 Scan started
2010/12/10 10:41:40.0562 Mode: Manual;
2010/12/10 10:41:40.0562 ================================================================================
2010/12/10 10:41:45.0406 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/12/10 10:41:45.0500 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/10 10:41:45.0546 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/10 10:41:45.0609 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/12/10 10:41:45.0734 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/10 10:41:45.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/10 10:41:45.0937 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/10 10:41:46.0078 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/10 10:41:46.0203 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/12/10 10:41:46.0265 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/10 10:41:46.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/10 10:41:46.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/10 10:41:46.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/10 10:41:46.0515 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/12/10 10:41:46.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/10 10:41:46.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/10 10:41:46.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/10 10:41:46.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/10 10:41:46.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/10 10:41:46.0921 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/12/10 10:41:46.0937 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/10 10:41:47.0109 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
2010/12/10 10:41:47.0234 DigiNet (ca0e55b8570e3f4baf8855c3d78e9cc5) C:\WINDOWS\system32\DRIVERS\diginet.sys
2010/12/10 10:41:47.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/10 10:41:47.0312 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/10 10:41:47.0359 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/10 10:41:47.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/10 10:41:47.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/10 10:41:47.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/10 10:41:47.0593 Dtu2xx (3b0f1d1f0ea575fd63821724b034a208) C:\WINDOWS\system32\DRIVERS\Dtu2xx.sys
2010/12/10 10:41:47.0734 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/12/10 10:41:47.0812 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
2010/12/10 10:41:47.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/10 10:41:47.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/10 10:41:47.0906 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/10 10:41:47.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/10 10:41:47.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/10 10:41:48.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/10 10:41:48.0062 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/12/10 10:41:48.0078 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/10 10:41:48.0109 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/12/10 10:41:48.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/10 10:41:48.0203 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/12/10 10:41:48.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/10 10:41:48.0375 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2010/12/10 10:41:48.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/10 10:41:48.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/10 10:41:48.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/10 10:41:48.0625 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/10 10:41:48.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/10 10:41:48.0750 InCDfs (914b9bd741189335c1f8d0cceda8b639) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/12/10 10:41:48.0781 InCDPass (4750cb7883952f873f778bdcf09e6c93) C:\WINDOWS\system32\drivers\InCDPass.sys
2010/12/10 10:41:48.0812 InCDRec (4fadcd138c649545bfa9dc3bbc8fee0d) C:\WINDOWS\system32\drivers\InCDRec.sys
2010/12/10 10:41:48.0843 incdrm (efe97b244c8dc63600777207df6afac1) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/12/10 10:41:49.0000 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/10 10:41:49.0125 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/10 10:41:49.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/10 10:41:49.0171 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/10 10:41:49.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/10 10:41:49.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/10 10:41:49.0281 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/10 10:41:49.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/10 10:41:49.0359 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/10 10:41:49.0375 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/10 10:41:49.0437 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/10 10:41:49.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/10 10:41:49.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/10 10:41:49.0781 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/12/10 10:41:49.0875 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/12/10 10:41:49.0968 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/12/10 10:41:50.0031 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/12/10 10:41:50.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/10 10:41:50.0125 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/10 10:41:50.0171 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/10 10:41:50.0250 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/10 10:41:50.0265 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/10 10:41:50.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/10 10:41:50.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/10 10:41:50.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/10 10:41:50.0421 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/12/10 10:41:50.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/10 10:41:50.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/10 10:41:50.0546 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/10 10:41:50.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/10 10:41:50.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/10 10:41:50.0671 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/10 10:41:50.0718 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/10 10:41:50.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/10 10:41:50.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/10 10:41:50.0875 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/10 10:41:50.0984 Ndiskio (725123f7aebfef717e3f26b25b149d7a) D:\Program Files\Norman\Nse\bin\NDISKIO.SYS
2010/12/10 10:41:51.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/10 10:41:51.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/10 10:41:51.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/10 10:41:51.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/10 10:41:51.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/10 10:41:51.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/10 10:41:51.0328 NGS (490757522cded90e6af55dab943ba828) d:\program files\norman\ngs\bin\ngs.sys
2010/12/10 10:41:51.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/10 10:41:51.0437 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/10 10:41:51.0578 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
2010/12/10 10:41:51.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/10 10:41:51.0718 NPROSEC (ba4c6064927240c29f389263edba0ef6) D:\Program Files\Norman\Ngs\Bin\nprosec.sys
2010/12/10 10:41:51.0781 nregsec (da2d5dfcacded9614667e851d52048aa) D:\Program Files\Norman\Ngs\Bin\nregsec.sys
2010/12/10 10:41:51.0875 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/10 10:41:51.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/10 10:41:52.0156 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/10 10:41:52.0328 NvcMFlt (ca7d649203aa8472bbdb07ee1f9c7612) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
2010/12/10 10:41:52.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/10 10:41:52.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/10 10:41:52.0453 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/10 10:41:52.0500 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/10 10:41:52.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/10 10:41:52.0578 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/10 10:41:52.0593 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/10 10:41:52.0656 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/10 10:41:52.0687 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/10 10:41:52.0781 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
2010/12/10 10:41:52.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/10 10:41:53.0015 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/12/10 10:41:53.0078 ProDisc (c4a73bc2790377833d072017594cffaa) C:\WINDOWS\system32\DRIVERS\ProDisc.sys
2010/12/10 10:41:53.0109 ProDscFS (2d5a8de6e7f59c9e77f007199766d4a8) C:\WINDOWS\system32\drivers\ProDscFS.sys
2010/12/10 10:41:53.0125 ProDscFT (b0720855eb9090422dd7a4dbc922ad4e) C:\WINDOWS\system32\drivers\ProDscFT.sys
2010/12/10 10:41:53.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/10 10:41:53.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/10 10:41:53.0218 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/10 10:41:53.0281 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/12/10 10:41:53.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/10 10:41:53.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/10 10:41:53.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/10 10:41:53.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/10 10:41:53.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/10 10:41:53.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/10 10:41:53.0687 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/10 10:41:53.0734 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/10 10:41:53.0765 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/10 10:41:53.0859 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/12/10 10:41:53.0875 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/10 10:41:53.0906 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/10 10:41:53.0984 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/12/10 10:41:54.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/10 10:41:54.0093 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/10 10:41:54.0156 Serial (ddb032b5dc45dca340ff96212248df70) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
2010/12/10 10:41:54.0187 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/10 10:41:54.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/10 10:41:54.0359 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/12/10 10:41:54.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/10 10:41:54.0562 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/10 10:41:54.0609 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/10 10:41:54.0671 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/10 10:41:54.0718 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/10 10:41:54.0781 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/10 10:41:54.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/10 10:41:54.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/10 10:41:55.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/10 10:41:55.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/10 10:41:55.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/10 10:41:55.0109 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/10 10:41:55.0187 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys
2010/12/10 10:41:55.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/10 10:41:55.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/10 10:41:55.0390 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/10 10:41:55.0437 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/10 10:41:55.0484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/10 10:41:55.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/10 10:41:55.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/10 10:41:55.0609 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/10 10:41:55.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/10 10:41:55.0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/10 10:41:55.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/10 10:41:55.0718 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/10 10:41:55.0765 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2010/12/10 10:41:55.0796 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2010/12/10 10:41:55.0828 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2010/12/10 10:41:55.0843 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2010/12/10 10:41:55.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/10 10:41:55.0937 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/10 10:41:56.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/10 10:41:56.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/10 10:41:56.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/10 10:41:56.0203 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2010/12/10 10:41:56.0250 YMIDUSB (6e04f159b0ffcb2d72a2b149553ef6fc) C:\WINDOWS\system32\Drivers\ymidusb.sys
2010/12/10 10:41:56.0343 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/10 10:41:56.0375 ================================================================================
2010/12/10 10:41:56.0375 Scan finished
2010/12/10 10:41:56.0375 ================================================================================
2010/12/10 10:41:56.0390 Detected object count: 1
2010/12/10 10:42:00.0031 \HardDisk1 - will be cured after reboot
2010/12/10 10:42:00.0031 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/10 10:42:08.0562 Deinitialize success

Met vriendelijke groet,
Robert-Jan

**smeenk** · 10-12-10, 15:56

Maak even een nieuw logje met DDS en post dat in je volgende bericht.

**rbjbv** · 10-12-10, 18:33

Hij heeft niets verkeerds gevonden maar hierbij de nieuwe log:

2010/12/10 18:31:26.0375 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/10 18:31:26.0375 ================================================================================
2010/12/10 18:31:26.0375 SystemInfo:
2010/12/10 18:31:26.0375
2010/12/10 18:31:26.0375 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/10 18:31:26.0375 Product type: Workstation
2010/12/10 18:31:26.0375 ComputerName: MONTAGE_DS
2010/12/10 18:31:26.0375 UserName: Robert-Jan
2010/12/10 18:31:26.0375 Windows directory: C:\WINDOWS
2010/12/10 18:31:26.0375 System windows directory: C:\WINDOWS
2010/12/10 18:31:26.0375 Processor architecture: Intel x86
2010/12/10 18:31:26.0375 Number of processors: 4
2010/12/10 18:31:26.0375 Page size: 0x1000
2010/12/10 18:31:26.0375 Boot type: Safe boot with network
2010/12/10 18:31:26.0375 ================================================================================
2010/12/10 18:31:26.0765 Initialize success
2010/12/10 18:31:28.0781 ================================================================================
2010/12/10 18:31:28.0781 Scan started
2010/12/10 18:31:28.0781 Mode: Manual;
2010/12/10 18:31:28.0781 ================================================================================
2010/12/10 18:31:31.0265 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/12/10 18:31:31.0343 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/10 18:31:31.0375 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/10 18:31:31.0437 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/12/10 18:31:31.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/10 18:31:31.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/10 18:31:31.0765 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/10 18:31:31.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/10 18:31:32.0031 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/12/10 18:31:32.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/10 18:31:32.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/10 18:31:32.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/10 18:31:32.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/10 18:31:32.0343 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/12/10 18:31:32.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/10 18:31:32.0546 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/10 18:31:32.0578 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/10 18:31:32.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/10 18:31:32.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/10 18:31:32.0734 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/12/10 18:31:32.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/10 18:31:32.0937 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
2010/12/10 18:31:33.0078 DigiNet (ca0e55b8570e3f4baf8855c3d78e9cc5) C:\WINDOWS\system32\DRIVERS\diginet.sys
2010/12/10 18:31:33.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/10 18:31:33.0156 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/10 18:31:33.0187 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/10 18:31:33.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/10 18:31:33.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/10 18:31:33.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/10 18:31:33.0421 Dtu2xx (3b0f1d1f0ea575fd63821724b034a208) C:\WINDOWS\system32\DRIVERS\Dtu2xx.sys
2010/12/10 18:31:33.0546 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/12/10 18:31:33.0625 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
2010/12/10 18:31:33.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/10 18:31:33.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/10 18:31:33.0750 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/10 18:31:33.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/10 18:31:33.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/10 18:31:33.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/10 18:31:33.0890 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/12/10 18:31:33.0937 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/10 18:31:33.0968 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/12/10 18:31:34.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/10 18:31:34.0046 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/12/10 18:31:34.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/10 18:31:34.0218 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2010/12/10 18:31:34.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/10 18:31:34.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/10 18:31:34.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/10 18:31:34.0468 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/10 18:31:34.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/10 18:31:34.0562 InCDfs (914b9bd741189335c1f8d0cceda8b639) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/12/10 18:31:34.0593 InCDPass (4750cb7883952f873f778bdcf09e6c93) C:\WINDOWS\system32\drivers\InCDPass.sys
2010/12/10 18:31:34.0609 InCDRec (4fadcd138c649545bfa9dc3bbc8fee0d) C:\WINDOWS\system32\drivers\InCDRec.sys
2010/12/10 18:31:34.0640 incdrm (efe97b244c8dc63600777207df6afac1) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/12/10 18:31:34.0812 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/10 18:31:34.0968 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/10 18:31:35.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/10 18:31:35.0015 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/10 18:31:35.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/10 18:31:35.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/10 18:31:35.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/10 18:31:35.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/10 18:31:35.0203 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/10 18:31:35.0218 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/10 18:31:35.0281 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/10 18:31:35.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/10 18:31:35.0359 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/10 18:31:35.0593 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/12/10 18:31:35.0687 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/12/10 18:31:35.0796 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/12/10 18:31:35.0875 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/12/10 18:31:35.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/10 18:31:35.0968 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/10 18:31:36.0031 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/10 18:31:36.0093 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/10 18:31:36.0109 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/10 18:31:36.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/10 18:31:36.0187 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/10 18:31:36.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/10 18:31:36.0312 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/12/10 18:31:36.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/10 18:31:36.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/10 18:31:36.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/10 18:31:36.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/10 18:31:36.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/10 18:31:36.0578 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/10 18:31:36.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/10 18:31:36.0640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/10 18:31:36.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/10 18:31:36.0765 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/10 18:31:36.0890 Ndiskio (725123f7aebfef717e3f26b25b149d7a) D:\Program Files\Norman\Nse\bin\NDISKIO.SYS
2010/12/10 18:31:36.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/10 18:31:36.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/10 18:31:37.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/10 18:31:37.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/10 18:31:37.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/10 18:31:37.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/10 18:31:37.0312 NGS (490757522cded90e6af55dab943ba828) d:\program files\norman\ngs\bin\ngs.sys
2010/12/10 18:31:37.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/10 18:31:37.0437 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/10 18:31:37.0562 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
2010/12/10 18:31:37.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/10 18:31:37.0703 NPROSEC (ba4c6064927240c29f389263edba0ef6) D:\Program Files\Norman\Ngs\Bin\nprosec.sys
2010/12/10 18:31:37.0750 nregsec (da2d5dfcacded9614667e851d52048aa) D:\Program Files\Norman\Ngs\Bin\nregsec.sys
2010/12/10 18:31:37.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/10 18:31:37.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/10 18:31:38.0156 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/10 18:31:38.0359 NvcMFlt (ca7d649203aa8472bbdb07ee1f9c7612) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
2010/12/10 18:31:38.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/10 18:31:38.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/10 18:31:38.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/10 18:31:38.0546 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/10 18:31:38.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/10 18:31:38.0593 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/10 18:31:38.0625 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/10 18:31:38.0671 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/10 18:31:38.0703 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/10 18:31:38.0796 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
2010/12/10 18:31:38.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/10 18:31:39.0031 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/12/10 18:31:39.0093 ProDisc (c4a73bc2790377833d072017594cffaa) C:\WINDOWS\system32\DRIVERS\ProDisc.sys
2010/12/10 18:31:39.0171 ProDscFS (2d5a8de6e7f59c9e77f007199766d4a8) C:\WINDOWS\system32\drivers\ProDscFS.sys
2010/12/10 18:31:39.0218 ProDscFT (b0720855eb9090422dd7a4dbc922ad4e) C:\WINDOWS\system32\drivers\ProDscFT.sys
2010/12/10 18:31:39.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/10 18:31:39.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/10 18:31:39.0343 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/10 18:31:39.0421 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/12/10 18:31:39.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/10 18:31:39.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/10 18:31:39.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/10 18:31:39.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/10 18:31:39.0781 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/10 18:31:39.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/10 18:31:39.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/10 18:31:39.0906 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/10 18:31:39.0953 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/10 18:31:40.0046 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/12/10 18:31:40.0062 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/10 18:31:40.0109 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/10 18:31:40.0156 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/12/10 18:31:40.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/10 18:31:40.0265 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/10 18:31:40.0328 Serial (ddb032b5dc45dca340ff96212248df70) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
2010/12/10 18:31:40.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/10 18:31:40.0437 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/10 18:31:40.0515 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/12/10 18:31:40.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/10 18:31:40.0703 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/10 18:31:40.0750 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/10 18:31:40.0796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/10 18:31:40.0843 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/10 18:31:40.0906 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/10 18:31:40.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/10 18:31:41.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/10 18:31:41.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/10 18:31:41.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/10 18:31:41.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/10 18:31:41.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/10 18:31:41.0328 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys
2010/12/10 18:31:41.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/10 18:31:41.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/10 18:31:41.0578 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/10 18:31:41.0640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/10 18:31:41.0687 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/10 18:31:41.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/10 18:31:41.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/10 18:31:41.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/10 18:31:41.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/10 18:31:41.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/10 18:31:41.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/10 18:31:42.0000 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/10 18:31:42.0046 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2010/12/10 18:31:42.0109 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2010/12/10 18:31:42.0125 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2010/12/10 18:31:42.0140 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2010/12/10 18:31:42.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/10 18:31:42.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/10 18:31:42.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/10 18:31:42.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/10 18:31:42.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/10 18:31:42.0515 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2010/12/10 18:31:42.0562 YMIDUSB (6e04f159b0ffcb2d72a2b149553ef6fc) C:\WINDOWS\system32\Drivers\ymidusb.sys
2010/12/10 18:31:42.0687 ================================================================================
2010/12/10 18:31:42.0687 Scan finished
2010/12/10 18:31:42.0687 ================================================================================

**smeenk** · 10-12-10, 19:36

Ik ga er van uit dat het nu weer OK is

Zet systeemherstel uit, herstart daana je computer en zet na de herstart je systeemherstel weer aan.
Lees hier hoe en waarom je dit moet doen:
http://users.telenet.be/marcvn/spyware/1852808.htm

Groeten smeenk

**rbjbv** · 11-12-10, 12:19

Ik ben er helaas nog niet helemaal zeker van dat het opgelost is. In bijgevoegd HijackThis log zie ik de volgende (volgens mij) verdachte dingen staan:

O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe

Kun jij mij vertellen of ik zo "clean" ben?

Met vriendelijke groet,
Robert-Jan

**smeenk** · 11-12-10, 14:19

Klopt, je hebt gelijk, al zijn het geen actieve infecties maar slechts restantjes in het register.

Start HijackThis en vink de volgende regels aan:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.113.5.2:80
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [HDInspector.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\RarSFX0\HDInspector.exe
O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe
Klik vervolgens op de knop "Fix checked" om de geselecteerde regels te verwijderen.

Herstart de computer en post een nieuw logje van HijackThis ter controle, vertel ook of je nog problemen ondervindt.

**rbjbv** · 11-12-10, 16:53

De regels heb ik verwijderd en pc opnieuw opgestart in normale modus.

Hij begon (na aanmelding) met de volgende foutmelding:

16-bits MS-DOS-subsysteem

C:\WINDOWS\Sysvxd.exe
De NTVDM-CPU heeft een ongeldige instructie aangetroffen
CS:0000 IP:0320 OP:00 00 00 00 00 Kies Sluiten om de toepassing af te sluiten

[Sluiten] [Negeren]

Op sluiten geklikt en verder geen problemen meer ondervonden van die melding.

Op het bureaublad nog een snelkoppeling gevonden genaamd 'Disk Doctor' en deze verwees naar "C:\Documents and Settings\Robert-Jan\Local Settings\temp\11265296.exe". Deze snelkoppeling heb ik inmiddels verwijderd.

Toen ik een HijackThis log had gemaakt kwam mijn virusscanner (Norman) met de volgende melding:

De virusscanner heeft een Trojaans paard gedectecteerd en dit in quarantaine geplaatst.
Locatie: C:\WINDOWS\system32\config\scvhost.exe

Als ik klik op sluiten en opnieuw een HijackThis log ga maken komt Norman opnieuw met dezelfde melding. Zal ik Norman de C-schijf eens laten scannen in veilige modus?
Laat maar weten, in de bijlage de HijackThis log.

**smeenk** · 11-12-10, 18:38

Die had ik in eerdere logjes nog niet gezien

Dubbelklik zoek.exe opnieuw om deze te starten.
Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:

Code:

C:\WINDOWS\Sysvxd.exe;
C:\WINDOWS\system32\config\scvhost.exe;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

Herstart daarna je computer.

Post na de herstart een nieuw logje van HijackThis.

Onderwerp: Virus dat meldt dat de schijf te vol zit

Onderwerp Gereedschap

Zoek

Virus dat meldt dat de schijf te vol zit

Forum Rechten